首页 发现 帮助
注册 登录
EPuters_Mirrors
/
almanack_mirror
关注 2
点赞 0
派生 0
文件 工单管理 0 合并请求 0 Wiki
分支: main
分支列表 标签列表
almanack_mir...
/
wiki.d
/
Openbsd.Nsd

Openbsd.Nsd 40 KB
永久链接 文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123 
  1. version=pmwiki-2.2.130 ordered=1 urlencoded=1
    2. 

  2. agent=Mozilla/5.0 (X11; OpenBSD amd64; rv:82.0) Gecko/20100101 Firefox/82.0
    3. 

  3. author=jrmu
    4. 

  4. charset=UTF-8
    5. 

  5. csum=
    6. 

  6. ctime=1597224805
    7. 

  7. host=198.251.81.119
    8. 

  8. name=Openbsd.Nsd
    9. 

  9. rev=35
    10. 

  10. targets=Openbsd.Delphinusdnsd,Openbsd.Tcpip,Openbsd.IPv4,Openbsd.IPv6,Openbsd.Dns,Openbsd.Resourcerecords,Openbsd.Dnszones,Openbsd.Sockets,Openbsd.Ifconfig,Openbsd.Hostnameif0,Openbsd.Buyvm,Openbsd.Vmminstall,Openbsd.Domains,Openbsd.Host,Openbsd.Dig,Openbsd.FQDN
    11. 

  11. text=(:title Configuring nsd:)%0a%0ansd is an authoritative name server. nsd comes as part of openbsd base so no installation will be necessary.%0a%0aAdvantages of nsd:%0a%0a# Audited by the OpenBSD team%0a# Simpler than BIND%0a%0aDisadvantages of nsd:%0a%0a# More difficult to fork compared to [[openbsd/delphinusdnsd|delphinusdnsd]]%0a%0a'''NOTICE''': This guide assumes you have a basic understanding of [[openbsd/tcpip|TCP/IP networking]], [[openbsd/IPv4|IPv4]] and [[openbsd/IPv6|IPv6]] addressing, the [[openbsd/dns|domain name system]], [[openbsd/resourcerecords|resource records]], and [[openbsd/dnszones|zone files]].%0a%0a!! Introduction%0a%0aPlease read through the [[https://man.openbsd.org/nsd|nsd]], [[https://man.openbsd.org/nsd.conf|nsd.conf]], [[https://man.openbsd.org/nsd-checkconf|nsd-checkconf]], and [[https://man.openbsd.org/nsd-control|nsd-control]] man pages.%0a%0a!! nsd.conf%0a%0aEdit these sections in /var/nsd/etc/nsd.conf:%0a%0a[@%0aserver:%0a        hide-version: yes%0a        verbosity: 2%0a        database: "" # disable database%0a        username: _nsd%0a        logfile: "/var/log/nsd.log"%0a@]%0a%0aYou'll want to hide the version, change verbosity to 2 to get errors and warnings about failed transfers. We don't want a database so we leave it blank, we drop to the user _nsd after binding the [[openbsd/sockets|socket]], and we want to log to /var/log/nsd.log.%0a%0a[@%0a## bind to a specific address/port%0a        ip-address: 198.51.100.1%0a#       ip-address: 192.0.2.53@5678%0a        ip-address: 2001:db8::%0a@]%0a%0aWe bind to our public IPv4 address 198.51.100.1 and our public IPv6 address 2001:db8:: (substitute these with your real public IP addresses).%0a%0a'''Note''': If you forget your real public IP addresses, you can check [[openbsd/ifconfig|ifconfig]], your [[openbsd/hostnameif0|hostname.if0]], or check your [[openbsd/buyvm|BuyVM]] or [[openbsd/vmminstall|VMM install]] guides.%0a%0a[@%0aremote-control:%0a        control-enable: yes%0a        control-interface: /var/run/nsd.sock%0a@]%0a%0aThis will allow using [[https://man.openbsd.org/nsd-control|nsd-control]] to control the server.%0a%0a!! Master-Only Server%0a%0aThe [[openbsd/dns|DNS system]] requires you to specify master and slave servers. Internet standards require every zone to have at least two name servers, so you'll normally need to configure both a master and a slave.%0a%0aTo start off, we'll configure just a master name server. This will let us quickly test to see if our name server is working:%0a%0a[@%0a## master zone example%0azone:%0a       name: "example.ircnow.org"%0a       zonefile: "master/example.ircnow.org"%0a#       notify: 192.0.2.1 NOKEY%0a#       provide-xfr: 192.0.2.1 NOKEY%0a@]%0a%0aWe'll uncomment the zone. The name is the name of our [[openbsd/domains|domain or subdomain]]. It might look like @@username.fruit.ircnow.org@@ or it could be a domain you registered, such as @@example.com@@. The zonefile might look like "master/username.fruit.ircnow.org" or "master/example.com" if you registered your own domain.%0a%0a!! Write the Zone File%0a%0aWrite your [[openbsd/dnszones|DNS zone]] into the zone that you specified above, /var/nsd/zones/master/example.ircnow.org:%0a%0a[@%0a$ORIGIN example.ircnow.org.%0aexample.ircnow.org.     3600   SOA   ns1.example.ircnow.org. admin.example.ircnow.org. (%0a                            2021020301   ; serial YYYYMMDDnn%0a                            1800        ; refresh%0a                            3600         ; retry%0a                            86400       ; expire%0a                            3600 )      ; minimum TTL%0a        3600    IN      MX      10 mail%0a        3600    IN      A       198.51.100.1%0a        3600    IN      AAAA    2001:db8::%0a        3600    IN      NS      ns1%0a        3600    IN      NS      ns2%0ans1     3600    IN      A       198.51.100.1%0a        3600    IN      AAAA    2001:db8::%0ans2     3600    IN      A       198.51.100.1%0a        3600    IN      AAAA    2001:db8::%0awww     3600    IN      A       198.51.100.1%0a        3600    IN      AAAA    2001:db8::%0airc     3600    IN      A       198.51.100.1%0a        3600    IN      AAAA    2001:db8::%0aimap    3600    IN      A       198.51.100.1%0a        3600    IN      AAAA    2001:db8::%0asmtp    3600    IN      A       198.51.100.1%0a        3600    IN      AAAA    2001:db8::%0amail    3600    IN      A       198.51.100.1%0a        3600    IN      AAAA    2001:db8::%0a@]%0a%0aFor an explanation of how to interpret this zone file, please see the section on [[openbsd/dnszones|DNS zones]].%0a%0a!! Start NSD and Test%0a%0aAt this point, we can start nsd:%0a%0a[@%0a$ doas rcctl enable nsd%0a$ doas rcctl start nsd%0a@]%0a%0aIf all was configured correctly, we should now be able to query our nameserver with [[openbsd/host|host]] or [[openbsd/dig|dig]]:%0a%0a[@%0a$ host www.example.ircnow.org example.ircnow.org%0aUsing domain server:%0aName: example.ircnow.org%0aAddress: 198.51.100.1#53%0aAliases: %0a%0awww.example.ircnow.org has address 198.51.100.1%0awww.example.ircnow.org has IPv6 address 2001:db8::%0a@]%0a%0aThis will query the name server example.ircnow.org for the resource records in www.example.ircnow.org.%0a%0a!! Delegate Zone%0a%0aOnce you've confirmed nsd works, you want to delegate authority for the zone to your nameserver. If you're using an ircnow.org subdomain, you'll need to ask the sysadmin in charge to finish this step. If you registered a domain elsewhere, make sure that the nameserver for the domain points to your nameserver (@@ns1.example.com@@ and @@ns2.example.com@@) and that the glue records are defined.%0a%0a!! Troubleshooting%0a%0aIf at any step you are not getting proper results, you should first check the conf and zones using these helpful tools:%0a%0a[@%0a$ doas nsd-checkconf /var/nsd/etc/nsd.conf%0a/var/nsd/etc/nsd.conf:34: at 'name:': error: syntax error%0aread /var/nsd/etc/nsd.conf failed: 1 errors in configuration file%0a@]%0a%0aThe error is found on line 34 of /var/nsd/etc/nsd.conf:%0a%0a[@%0a#zone:%0a       name: "example.ircnow.org"%0a       zonefile: "master/example.ircnow.org"%0a@]%0a%0aHere we forgot to uncomment @@zone:@@. Once that is done, try again. If there are no errors, [[https://man.openbsd.org/nsd-checkconf|nsd-checkconf]] will not return any output -- no news is good news!%0a%0aYou'll also want to check if the zone is valid:%0a%0a[@%0a$ doas nsd-checkzone example.ircnow.org /var/nsd/zones/master/example.ircnow.org%0a[2021-02-02 03:49:14.921] nsd-checkzone[32265]: error: /var/nsd/zones/master/example.ircnow.org:8: out of zone data: out.of.zone.com. is outside the zone for fqdn example.ircnow.org.%0a@]%0a%0aThe error is on line 8 of /var/nsd/zones/master/example.ircnow.org:%0a%0a[@%0aout.of.zone.example.com.        3600    IN      A       10.0.0.1%0a@]%0a%0aHere we specify a [[openbsd/FQDN|FQDN]] out.of.zone.example.com. which is outside of the zone for this file (example.ircnow.org). This is invalid so nsd refuses to look any further and quits. In this case, we need to delete this line (or perhaps move it to the proper zone file). Once that is done, run the test again:%0a%0a[@%0a$ doas nsd-checkzone example.ircnow.org /var/nsd/zones/master/example.ircnow.org%0azone example.ircnow.org is ok%0a@]%0a%0aYou can also run nsd in the foreground or view the logs:%0a%0a[@%0a$ doas nsd -d -V 3 %0a/var/nsd/etc/nsd.conf:34: at 'name:': error: syntax error%0aread /var/nsd/etc/nsd.conf failed: 1 errors in configuration file%0a[2021-02-02 03:33:50.261] nsd[93210]: error: could not read config: /var/nsd/etc/nsd.conf%0a@]%0a%0aThis is the same error message as before when we ran nsd-checkconf above.%0a%0aSuppose we had deleted /var/nsd/zones/master/example.ircnow.org. When we check /var/log/nsd.log, we see:%0a%0a[@%0a[2021-02-02 07:31:43.898] nsd[37575]: info: zonefile master/example.ircnow.org does not exist%0a@]%0a%0a'''Tip''': Whenever you encounter an error with nsd, always check /var/log/nsd.log.%0a%0a!! See Also%0a%0a[[https://www.denic.de/en/service/tools/nast/|Nameserver Check]]
    12. 

  12. time=1612272859
    13. 

  13. title=Configuring nsd
    14. 

  14. author:1612272859=jrmu
    15. 

  15. diff:1612272859:1612272783:=193,195c193%0a%3c !! See Also%0a%3c %0a%3c [[https://www.denic.de/en/service/tools/nast/|Nameserver Check]]%0a\ No newline at end of file%0a---%0a> https://www.denic.de/en/service/tools/nast/%0a\ No newline at end of file%0a
    16. 

  16. host:1612272859=198.251.81.119
    17. 

  17. author:1612272783=jrmu
    18. 

  18. diff:1612272783:1612272062:=174,175c174,175%0a%3c You can also run nsd in the foreground or view the logs:%0a%3c %0a---%0a> either run nsd in the foreground or view the logs:%0a> %0a183,186c183,190%0a%3c This is the same error message as before when we ran nsd-checkconf above.%0a%3c %0a%3c Suppose we had deleted /var/nsd/zones/master/example.ircnow.org. When we check /var/log/nsd.log, we see:%0a%3c %0a---%0a> Here we forgot to create the zonefile /var/nsd/zones/master/example.ircnow.org.%0a> %0a> Often, hints for debugging can be found in /var/log/nsd.log.%0a> %0a> %0a> %0a> Any errors are reported, so no news are good news. You can go ahead and start NSD:%0a> %0a188c192,193%0a%3c [2021-02-02 07:31:43.898] nsd[37575]: info: zonefile master/example.ircnow.org does not exist%0a---%0a> $ doas rcctl enable nsd%0a> $ doas rcctl start nsd%0a191c196,204%0a%3c '''Tip''': Whenever you encounter an error with nsd, always check /var/log/nsd.log.%0a---%0a> If there are issues you can start nsd in debug mode%0a> %0a> [@%0a> doas nsd -d -V 3%0a> @]%0a> %0a> !! Troubleshooting%0a> %0a> Troubleshooting DNS%0a
    19. 

  19. host:1612272783=198.251.81.119
    20. 

  20. author:1612272062=jrmu
    21. 

  21. diff:1612272062:1612271169:=129,132d128%0a%3c %0a%3c !! Delegate Zone%0a%3c %0a%3c Once you've confirmed nsd works, you want to delegate authority for the zone to your nameserver. If you're using an ircnow.org subdomain, you'll need to ask the sysadmin in charge to finish this step. If you registered a domain elsewhere, make sure that the nameserver for the domain points to your nameserver (@@ns1.example.com@@ and @@ns2.example.com@@) and that the glue records are defined.%0a
    22. 

  22. host:1612272062=198.251.81.119
    23. 

  23. author:1612271169=jrmu
    24. 

  24. diff:1612271169:1612270698:=84,85c84,85%0a%3c         3600    IN      A       198.51.100.1%0a%3c         3600    IN      AAAA    2001:db8::%0a---%0a>         3600    IN      A       198.251.80.229%0a>         3600    IN      AAAA    2605:6400:20:1290::%0a88,101c88,101%0a%3c ns1     3600    IN      A       198.51.100.1%0a%3c         3600    IN      AAAA    2001:db8::%0a%3c ns2     3600    IN      A       198.51.100.1%0a%3c         3600    IN      AAAA    2001:db8::%0a%3c www     3600    IN      A       198.51.100.1%0a%3c         3600    IN      AAAA    2001:db8::%0a%3c irc     3600    IN      A       198.51.100.1%0a%3c         3600    IN      AAAA    2001:db8::%0a%3c imap    3600    IN      A       198.51.100.1%0a%3c         3600    IN      AAAA    2001:db8::%0a%3c smtp    3600    IN      A       198.51.100.1%0a%3c         3600    IN      AAAA    2001:db8::%0a%3c mail    3600    IN      A       198.51.100.1%0a%3c         3600    IN      AAAA    2001:db8::%0a---%0a> ns1     3600    IN      A       198.251.80.229%0a>         3600    IN      AAAA    2605:6400:20:1290::%0a> ns2     3600    IN      A       198.251.80.229%0a>         3600    IN      AAAA    2605:6400:20:1290::%0a> www     3600    IN      A       198.251.80.229%0a>         3600    IN      AAAA    2605:6400:20:1290::%0a> irc     3600    IN      A       198.251.80.229%0a>         3600    IN      AAAA    2605:6400:20:1290::%0a> imap    3600    IN      A       198.251.80.229%0a>         3600    IN      AAAA    2605:6400:20:1290::%0a> smtp    3600    IN      A       198.251.80.229%0a>         3600    IN      AAAA    2605:6400:20:1290::%0a> mail    3600    IN      A       198.251.80.229%0a>         3600    IN      AAAA    2605:6400:20:1290::%0a
    25. 

  25. host:1612271169=198.251.81.119
    26. 

  26. author:1612270698=jrmu
    27. 

  27. diff:1612270698:1612270533:=69c69%0a%3c We'll uncomment the zone. The name is the name of our [[openbsd/domains|domain or subdomain]]. It might look like @@username.fruit.ircnow.org@@ or it could be a domain you registered, such as @@example.com@@. The zonefile might look like "master/username.fruit.ircnow.org" or "master/example.com" if you registered your own domain.%0a---%0a> We'll uncomment the zone. The name is the name of our [[openbsd/domains|domain or subdomain]]. It might look like @@username.fruit.ircnow.org@@ or it could be a domain you registered for like @@example.com@@. The zonefile might look like "master/username.fruit.ircnow.org" or "master/example.com" if you registered your own domain.%0a
    28. 

  28. host:1612270698=198.251.81.119
    29. 

  29. author:1612270533=jrmu
    30. 

  30. diff:1612270533:1612268696:=54c54%0a%3c !! Master-Only Server%0a---%0a> !! Master/Slave Servers%0a
    31. 

  31. host:1612270533=198.251.81.119
    32. 

  32. author:1612268696=jrmu
    33. 

  33. diff:1612268696:1612267739:=33c33%0a%3c You'll want to hide the version, change verbosity to 2 to get errors and warnings about failed transfers. We don't want a database so we leave it blank, we drop to the user _nsd after binding the [[openbsd/sockets|socket]], and we want to log to /var/log/nsd.log.%0a---%0a> You'll want to hide the version, change verbosity to 2 to get errors and warnings about failed transfers. We don't want a database so we leave it blank, we drop to the user _nsd after binding the [[openbsd/tcpip|socket]], and we want to log to /var/log/nsd.log.%0a
    34. 

  34. host:1612268696=198.251.81.119
    35. 

  35. author:1612267739=jrmu
    36. 

  36. diff:1612267739:1612260084:=
    37. 

  37. host:1612267739=198.251.81.119
    38. 

  38. author:1612260084=jrmu
    39. 

  39. diff:1612260084:1612258614:=37c37%0a%3c         ip-address: 198.51.100.1%0a---%0a>         ip-address: 198.51.100.0%0a42,43c42,43%0a%3c We bind to our public IPv4 address 198.51.100.1 and our public IPv6 address 2001:db8:: (substitute these with your real public IP addresses).%0a%3c %0a---%0a> We bind to our public IPv4 address 198.51.100.0 and our public IPv6 address 2001:db8:: (substitute these with your real public IP addresses).%0a> %0a119,125d118%0a%3c Using domain server:%0a%3c Name: example.ircnow.org%0a%3c Address: 198.51.100.1#53%0a%3c Aliases: %0a%3c %0a%3c www.example.ircnow.org has address 198.51.100.1%0a%3c www.example.ircnow.org has IPv6 address 2001:db8::%0a128,129c121,122%0a%3c This will query the name server example.ircnow.org for the resource records in www.example.ircnow.org.%0a%3c %0a---%0a> This will query the name server example.ircnow.org for the records for www.example.ircnow.org.%0a> %0a132,133c125,126%0a%3c If at any step you are not getting proper results, you should first check the conf and zones using these helpful tools:%0a%3c %0a---%0a> If at any step you are not getting proper results, you should either run nsd in the foreground or view the logs:%0a> %0a135c128%0a%3c $ doas nsd-checkconf /var/nsd/etc/nsd.conf%0a---%0a> $ doas nsd -d -V 3 %0a137a131%0a> [2021-02-02 03:33:50.261] nsd[93210]: error: could not read config: /var/nsd/etc/nsd.conf%0a143c137%0a%3c #zone:%0a---%0a> zone:%0a148,151c142,147%0a%3c Here we forgot to uncomment @@zone:@@. Once that is done, try again. If there are no errors, [[https://man.openbsd.org/nsd-checkconf|nsd-checkconf]] will not return any output -- no news is good news!%0a%3c %0a%3c You'll also want to check if the zone is valid:%0a%3c %0a---%0a> Here we forgot to create the zonefile /var/nsd/zones/master/example.ircnow.org.%0a> %0a> Often, hints for debugging can be found in /var/log/nsd.log.%0a> %0a> !! Master/Slave Servers%0a> %0a153,154c149,154%0a%3c $ doas nsd-checkzone example.ircnow.org /var/nsd/zones/master/example.ircnow.org%0a%3c [2021-02-02 03:49:14.921] nsd-checkzone[32265]: error: /var/nsd/zones/master/example.ircnow.org:8: out of zone data: out.of.zone.com. is outside the zone for fqdn example.ircnow.org.%0a---%0a> ## slave zone example%0a> #zone:%0a> #       name: "example.net"%0a> #       zonefile: "slave/example.net"%0a> #       allow-notify: 192.0.2.2 tsig1.example.com.%0a> #       request-xfr: 192.0.2.2 tsig1.example.com.%0a157,158d156%0a%3c The error is on line 8 of /var/nsd/zones/master/example.ircnow.org:%0a%3c %0a160c158,162%0a%3c out.of.zone.example.com.        3600    IN      A       10.0.0.1%0a---%0a> ## tsig key example%0a> key:%0a>        name: "example.ircnow.org"%0a>        algorithm: hmac-sha256%0a>        secret: "bXBjY3B3alVhaDJrYTBSRENtc01RUmNlYmlj"%0a163,164c165,171%0a%3c Here we specify a [[openbsd/FQDN|FQDN]] out.of.zone.example.com. which is outside of the zone for this file (example.ircnow.org). This is invalid so nsd refuses to look any further and quits. In this case, we need to delete this line (or perhaps move it to the proper zone file). Once that is done, run the test again:%0a%3c %0a---%0a> It's a good idea to name the key after your domain, with a final period at the end to show that it is a [[openbsd/FQDN|fully qualified domain name]]. For the secret, you must put in the [[openbsd/base64|base64 encoding]] of a random string. Make it longer for more security.%0a> %0a> %0a> !! Primary and secondary server%0a> %0a> If you need a secondary server to host the zone, you can do this as follows. Add to the block that describes your master zone, records about the secondary zone as in the example:%0a> %0a166,167c173,177%0a%3c $ doas nsd-checkzone example.ircnow.org /var/nsd/zones/master/example.ircnow.org%0a%3c zone example.ircnow.org is ok%0a---%0a> zone:%0a> 	name: "example.net"%0a> 	zonefile: "master/example.net"%0a> 	notify: 20.20.20.20 NOKEY%0a> 	provide-xfr: 20.20.20.20 NOKEY%0a170,171c180,181%0a%3c either run nsd in the foreground or view the logs:%0a%3c %0a---%0a> Create a new block in the secondary server config file, as in the example:%0a> %0a173,176c183,187%0a%3c $ doas nsd -d -V 3 %0a%3c /var/nsd/etc/nsd.conf:34: at 'name:': error: syntax error%0a%3c read /var/nsd/etc/nsd.conf failed: 1 errors in configuration file%0a%3c [2021-02-02 03:33:50.261] nsd[93210]: error: could not read config: /var/nsd/etc/nsd.conf%0a---%0a> zone:%0a> 	name: "example.net"%0a> 	zonefile: "slave/example.net"%0a> 	allow-notify: 10.10.10.10 NOKEY%0a> 	request-xfr: 10.10.10.10 NOKEY%0a179,189c190,223%0a%3c Here we forgot to create the zonefile /var/nsd/zones/master/example.ircnow.org.%0a%3c %0a%3c Often, hints for debugging can be found in /var/log/nsd.log.%0a%3c %0a%3c %0a%3c %0a%3c Any errors are reported, so no news are good news. You can go ahead and start NSD:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable nsd%0a%3c $ doas rcctl start nsd%0a---%0a> !! The zone file for NSD%0a> %0a> The next step is to write the zone files for NSD. First the forward lookup zone example.net:%0a> %0a> [@%0a> ; Domain file from My project%0a> %0a> example.net.    3600  SOA   ns.example.net. admin.example.net. (%0a>                             2020070701   ; serial YYYYMMDDnn%0a>                             10800        ; refresh%0a>                             3600         ; retry%0a>                             604800       ; expire%0a>                             86400 )      ; minimum TTL%0a> %0a> example.net.    NS    ns.example.net.%0a> example.net.    NS    ns.secondary.net.%0a> ns              A     10.10.10.10%0a> example.net.    A     10.10.10.10%0a> www             A     10.10.10.10%0a> irc             A     10.10.10.10%0a> imap            A     10.10.10.10%0a> smtp            A     10.10.10.10%0a> example.net.    mx    10 smtp.example.net.%0a> @]%0a> %0a> Save this zone file as /var/nsd/zones/master/example.net%0a> %0a> !! Configuration check and start%0a> %0a> NSD bring along a tool to check the configuration file before you start or reload the daemon:%0a> %0a> [@%0a> $ doas nsd-checkconf /var/nsd/etc/nsd.conf%0a> @]%0a
    40. 

  40. host:1612260084=198.251.81.119
    41. 

  41. author:1612258614=jrmu
    42. 

  42. diff:1612258614:1612258218:=122,144d121%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c If at any step you are not getting proper results, you should either run nsd in the foreground or view the logs:%0a%3c %0a%3c [@%0a%3c $ doas nsd -d -V 3 %0a%3c /var/nsd/etc/nsd.conf:34: at 'name:': error: syntax error%0a%3c read /var/nsd/etc/nsd.conf failed: 1 errors in configuration file%0a%3c [2021-02-02 03:33:50.261] nsd[93210]: error: could not read config: /var/nsd/etc/nsd.conf%0a%3c @]%0a%3c %0a%3c The error is found on line 34 of /var/nsd/etc/nsd.conf:%0a%3c %0a%3c [@%0a%3c zone:%0a%3c        name: "example.ircnow.org"%0a%3c        zonefile: "master/example.ircnow.org"%0a%3c @]%0a%3c %0a%3c Here we forgot to create the zonefile /var/nsd/zones/master/example.ircnow.org.%0a%3c %0a%3c Often, hints for debugging can be found in /var/log/nsd.log.%0a
    43. 

  43. host:1612258614=198.251.81.119
    44. 

  44. author:1612258218=jrmu
    45. 

  45. diff:1612258218:1612258131:=76,77c76,77%0a%3c $ORIGIN example.ircnow.org.%0a%3c example.ircnow.org.     3600   SOA   ns1.example.ircnow.org. admin.example.ircnow.org. (%0a---%0a> $ORIGIN user.fruit.ircnow.org.%0a> user.fruit.ircnow.org.     3600   SOA   ns1.user.fruit.ircnow.org. admin.user.fruit.ircnow.org. (%0a118c118%0a%3c $ host www.example.ircnow.org example.ircnow.org%0a---%0a> $ host www.user.fruit.ircnow.org user.fruit.ircnow.org%0a121,125c121,122%0a%3c This will query the name server example.ircnow.org for the records for www.example.ircnow.org.%0a%3c %0a%3c !! Master/Slave Servers%0a%3c %0a%3c [@%0a---%0a> This will query the name server user.fruit.ircnow.org for the records for www.user.fruit.ircnow.org.%0a> %0a
    46. 

  46. host:1612258218=198.251.81.119
    47. 

  47. author:1612258131=jrmu
    48. 

  48. diff:1612258131:1612257904:=104,105d103%0a%3c For an explanation of how to interpret this zone file, please see the section on [[openbsd/dnszones|DNS zones]].%0a%3c %0a118c116%0a%3c $ host www.user.fruit.ircnow.org user.fruit.ircnow.org%0a---%0a> $ host%0a120,121d117%0a%3c %0a%3c This will query the name server user.fruit.ircnow.org for the records for www.user.fruit.ircnow.org.%0a
    49. 

  49. host:1612258131=198.251.81.119
    50. 

  50. author:1612257904=jrmu
    51. 

  51. diff:1612257904:1612254521:=73,74c73,74%0a%3c Write your [[openbsd/dnszones|DNS zone]] into the zone that you specified above, /var/nsd/zones/master/example.ircnow.org:%0a%3c %0a---%0a> Write your DNS zone into the zone that you specified above, /var/nsd/zones/master/example.ircnow.org:%0a> %0a76,79c76,80%0a%3c $ORIGIN user.fruit.ircnow.org.%0a%3c user.fruit.ircnow.org.     3600   SOA   ns1.user.fruit.ircnow.org. admin.user.fruit.ircnow.org. (%0a%3c                             2021020301   ; serial YYYYMMDDnn%0a%3c                             1800        ; refresh%0a---%0a> ; Domain file from My project%0a> %0a> example.net.    3600  SOA   ns.example.net. admin.example.net. (%0a>                             2020070701   ; serial YYYYMMDDnn%0a>                             10800        ; refresh%0a81,101c82,93%0a%3c                             86400       ; expire%0a%3c                             3600 )      ; minimum TTL%0a%3c         3600    IN      MX      10 mail%0a%3c         3600    IN      A       198.251.80.229%0a%3c         3600    IN      AAAA    2605:6400:20:1290::%0a%3c         3600    IN      NS      ns1%0a%3c         3600    IN      NS      ns2%0a%3c ns1     3600    IN      A       198.251.80.229%0a%3c         3600    IN      AAAA    2605:6400:20:1290::%0a%3c ns2     3600    IN      A       198.251.80.229%0a%3c         3600    IN      AAAA    2605:6400:20:1290::%0a%3c www     3600    IN      A       198.251.80.229%0a%3c         3600    IN      AAAA    2605:6400:20:1290::%0a%3c irc     3600    IN      A       198.251.80.229%0a%3c         3600    IN      AAAA    2605:6400:20:1290::%0a%3c imap    3600    IN      A       198.251.80.229%0a%3c         3600    IN      AAAA    2605:6400:20:1290::%0a%3c smtp    3600    IN      A       198.251.80.229%0a%3c         3600    IN      AAAA    2605:6400:20:1290::%0a%3c mail    3600    IN      A       198.251.80.229%0a%3c         3600    IN      AAAA    2605:6400:20:1290::%0a---%0a>                             604800       ; expire%0a>                             86400 )      ; minimum TTL%0a> %0a> example.net.    NS    ns.example.net.%0a> example.net.    NS    ns.secondary.net.%0a> ns              A     10.10.10.10%0a> example.net.    A     10.10.10.10%0a> www             A     10.10.10.10%0a> irc             A     10.10.10.10%0a> imap            A     10.10.10.10%0a> smtp            A     10.10.10.10%0a> example.net.    mx    10 smtp.example.net.%0a
    52. 

  52. host:1612257904=198.251.81.119
    53. 

  53. author:1612254521=jrmu
    54. 

  54. diff:1612254521:1612253975:=72,94d71%0a%3c %0a%3c Write your DNS zone into the zone that you specified above, /var/nsd/zones/master/example.ircnow.org:%0a%3c %0a%3c [@%0a%3c ; Domain file from My project%0a%3c %0a%3c example.net.    3600  SOA   ns.example.net. admin.example.net. (%0a%3c                             2020070701   ; serial YYYYMMDDnn%0a%3c                             10800        ; refresh%0a%3c                             3600         ; retry%0a%3c                             604800       ; expire%0a%3c                             86400 )      ; minimum TTL%0a%3c %0a%3c example.net.    NS    ns.example.net.%0a%3c example.net.    NS    ns.secondary.net.%0a%3c ns              A     10.10.10.10%0a%3c example.net.    A     10.10.10.10%0a%3c www             A     10.10.10.10%0a%3c irc             A     10.10.10.10%0a%3c imap            A     10.10.10.10%0a%3c smtp            A     10.10.10.10%0a%3c example.net.    mx    10 smtp.example.net.%0a%3c @]%0a
    55. 

  55. host:1612254521=198.251.81.119
    56. 

  56. author:1612253975=jrmu
    57. 

  57. diff:1612253975:1612253728:=69,86c69,71%0a%3c We'll uncomment the zone. The name is the name of our [[openbsd/domains|domain or subdomain]]. It might look like @@username.fruit.ircnow.org@@ or it could be a domain you registered for like @@example.com@@. The zonefile might look like "master/username.fruit.ircnow.org" or "master/example.com" if you registered your own domain.%0a%3c %0a%3c !! Write the Zone File%0a%3c %0a%3c !! Start NSD and Test%0a%3c %0a%3c At this point, we can start nsd:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable nsd%0a%3c $ doas rcctl start nsd%0a%3c @]%0a%3c %0a%3c If all was configured correctly, we should now be able to query our nameserver with [[openbsd/host|host]] or [[openbsd/dig|dig]]:%0a%3c %0a%3c [@%0a%3c $ host%0a%3c @]%0a---%0a> We'll uncomment the zone. The name is the name of our [[openbsd/domains|domain or subdomain]].%0a> %0a> %0a
    58. 

  58. host:1612253975=198.251.81.119
    59. 

  59. author:1612253728=jrmu
    60. 

  60. diff:1612253728:1612248403:=54,59d53%0a%3c !! Master/Slave Servers%0a%3c %0a%3c The [[openbsd/dns|DNS system]] requires you to specify master and slave servers. Internet standards require every zone to have at least two name servers, so you'll normally need to configure both a master and a slave.%0a%3c %0a%3c To start off, we'll configure just a master name server. This will let us quickly test to see if our name server is working:%0a%3c %0a62,64c56,58%0a%3c zone:%0a%3c        name: "example.ircnow.org"%0a%3c        zonefile: "master/example.ircnow.org"%0a---%0a> #zone:%0a> #       name: "example.com"%0a> #       zonefile: "master/example.com"%0a67,71d60%0a%3c @]%0a%3c %0a%3c We'll uncomment the zone. The name is the name of our [[openbsd/domains|domain or subdomain]].%0a%3c %0a%3c %0a
    61. 

  61. host:1612253728=198.251.81.119
    62. 

  62. author:1612248403=jrmu
    63. 

  63. diff:1612248403:1612248323:=54d53%0a%3c [@%0a68c67%0a%3c @]%0a---%0a> %0a
    64. 

  64. host:1612248403=198.251.81.119
    65. 

  65. author:1612248323=jrmu
    66. 

  66. diff:1612248323:1612247316:=53,78d52%0a%3c %0a%3c ## master zone example%0a%3c #zone:%0a%3c #       name: "example.com"%0a%3c #       zonefile: "master/example.com"%0a%3c #       notify: 192.0.2.1 NOKEY%0a%3c #       provide-xfr: 192.0.2.1 NOKEY%0a%3c %0a%3c ## slave zone example%0a%3c #zone:%0a%3c #       name: "example.net"%0a%3c #       zonefile: "slave/example.net"%0a%3c #       allow-notify: 192.0.2.2 tsig1.example.com.%0a%3c #       request-xfr: 192.0.2.2 tsig1.example.com.%0a%3c %0a%3c %0a%3c [@%0a%3c ## tsig key example%0a%3c key:%0a%3c        name: "example.ircnow.org"%0a%3c        algorithm: hmac-sha256%0a%3c        secret: "bXBjY3B3alVhaDJrYTBSRENtc01RUmNlYmlj"%0a%3c @]%0a%3c %0a%3c It's a good idea to name the key after your domain, with a final period at the end to show that it is a [[openbsd/FQDN|fully qualified domain name]]. For the secret, you must put in the [[openbsd/base64|base64 encoding]] of a random string. Make it longer for more security.%0a%3c %0a
    67. 

  67. host:1612248323=198.251.81.119
    68. 

  68. author:1612247316=jrmu
    69. 

  69. diff:1612247316:1612246923:=22,23c22,23%0a%3c Edit these sections in /var/nsd/etc/nsd.conf:%0a%3c %0a---%0a> Edit /var/nsd/etc/nsd.conf:%0a> %0a35d34%0a%3c [@%0a37c36%0a%3c         ip-address: 198.51.100.0%0a---%0a>         ip-address: 38.81.163.143%0a39c38,49%0a%3c         ip-address: 2001:db8::%0a---%0a>         ip-address: 2001:550:3402:1:143::%0a> %0a> ## make packets as small as possible, on by default%0a> #       minimal-responses: yes%0a> %0a> ## respond with truncation for ANY queries over UDP and allow ANY over TCP,%0a> ## on by default%0a> #       refuse-any: yes%0a> %0a> remote-control:%0a>         control-enable: yes%0a>         control-interface: /var/run/nsd.sock%0a41,52d50%0a%3c %0a%3c We bind to our public IPv4 address 198.51.100.0 and our public IPv6 address 2001:db8:: (substitute these with your real public IP addresses).%0a%3c %0a%3c '''Note''': If you forget your real public IP addresses, you can check [[openbsd/ifconfig|ifconfig]], your [[openbsd/hostnameif0|hostname.if0]], or check your [[openbsd/buyvm|BuyVM]] or [[openbsd/vmminstall|VMM install]] guides.%0a%3c %0a%3c [@%0a%3c remote-control:%0a%3c         control-enable: yes%0a%3c         control-interface: /var/run/nsd.sock%0a%3c @]%0a%3c %0a%3c This will allow using [[https://man.openbsd.org/nsd-control|nsd-control]] to control the server.%0a
    70. 

  70. host:1612247316=198.251.81.119
    71. 

  71. author:1612246923=jrmu
    72. 

  72. diff:1612246923:1612244582:=26,30c26,43%0a%3c         hide-version: yes%0a%3c         verbosity: 2%0a%3c         database: "" # disable database%0a%3c         username: _nsd%0a%3c         logfile: "/var/log/nsd.log"%0a---%0a> 	ip-address: 0.0.0.0%0a> 	ip4-only: yes%0a> 	identity: "DNS"%0a> 	hide-version: yes%0a> 	verbosity: 1%0a> 	database: ""%0a> 	username: _nsd%0a> 	logfile: "/var/log/nsd.log"%0a> 	pidfile: "/var/nsd/run/nsd.pid"%0a> %0a> remote-control:%0a>         control-enable: yes%0a>         control-interface: /var/nsd/run/nsd.sock%0a> %0a> zone:%0a> 	name: "example.com"%0a> 	zonefile: "master/example.com"%0a> %0a33,51d45%0a%3c You'll want to hide the version, change verbosity to 2 to get errors and warnings about failed transfers. We don't want a database so we leave it blank, we drop to the user _nsd after binding the [[openbsd/tcpip|socket]], and we want to log to /var/log/nsd.log.%0a%3c %0a%3c ## bind to a specific address/port%0a%3c         ip-address: 38.81.163.143%0a%3c #       ip-address: 192.0.2.53@5678%0a%3c         ip-address: 2001:550:3402:1:143::%0a%3c %0a%3c ## make packets as small as possible, on by default%0a%3c #       minimal-responses: yes%0a%3c %0a%3c ## respond with truncation for ANY queries over UDP and allow ANY over TCP,%0a%3c ## on by default%0a%3c #       refuse-any: yes%0a%3c %0a%3c remote-control:%0a%3c         control-enable: yes%0a%3c         control-interface: /var/run/nsd.sock%0a%3c @]%0a%3c %0a121,124d114%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c Troubleshooting DNS%0a
    73. 

  73. host:1612246923=198.251.81.119
    74. 

  74. author:1612244582=jrmu
    75. 

  75. diff:1612244582:1612240453:=22c22,24%0a%3c Edit /var/nsd/etc/nsd.conf:%0a---%0a> First up, you'll want to open up /var/nsd/etc/nsd.conf (main configuration file)%0a> %0a> Open up /var/nsd/etc/nsd.conf:%0a
    76. 

  76. host:1612244582=198.251.81.119
    77. 

  77. author:1612240453=jrmu
    78. 

  78. diff:1612240453:1612240293:=18,22c18%0a%3c Please read through the [[https://man.openbsd.org/nsd|nsd]], [[https://man.openbsd.org/nsd.conf|nsd.conf]], [[https://man.openbsd.org/nsd-checkconf|nsd-checkconf]], and [[https://man.openbsd.org/nsd-control|nsd-control]] man pages.%0a%3c %0a%3c !! nsd.conf%0a%3c %0a%3c First up, you'll want to open up /var/nsd/etc/nsd.conf (main configuration file)%0a---%0a> !! /var/nsd/etc/nsd.conf (main configuration file)%0a
    79. 

  79. host:1612240453=198.251.81.119
    80. 

  80. author:1612240293=jrmu
    81. 

  81. diff:1612240293:1612231276:=14c14%0a%3c '''NOTICE''': This guide assumes you have a basic understanding of [[openbsd/tcpip|TCP/IP networking]], [[openbsd/IPv4|IPv4]] and [[openbsd/IPv6|IPv6]] addressing, the [[openbsd/dns|domain name system]], [[openbsd/resourcerecords|resource records]], and [[openbsd/dnszones|zone files]].%0a---%0a> '''NOTICE''': This guide assumes you have a basic understanding of [[openbsd/tcpip|TC/IP networking]], [[openbsd/IPv4|IPv4]] and [[openbsd/IPv6|IPv6]] addressing, the domain name system, resource records, and zone files.%0a
    82. 

  82. host:1612240293=198.251.81.119
    83. 

  83. author:1612231276=jrmu
    84. 

  84. diff:1612231276:1612231165:=13,16d12%0a%3c %0a%3c '''NOTICE''': This guide assumes you have a basic understanding of [[openbsd/tcpip|TC/IP networking]], [[openbsd/IPv4|IPv4]] and [[openbsd/IPv6|IPv6]] addressing, the domain name system, resource records, and zone files.%0a%3c %0a%3c !! Introduction%0a
    85. 

  85. host:1612231276=198.251.81.119
    86. 

  86. author:1612231165=jrmu
    87. 

  87. diff:1612231165:1612230627:=12c12%0a%3c # More difficult to fork compared to [[openbsd/delphinusdnsd|delphinusdnsd]]%0a---%0a> # Not as easy to fork as [[openbsd/delphinusdnsd|delphinusdnsd]]%0a
    88. 

  88. host:1612231165=198.251.81.119
    89. 

  89. author:1612230627=jrmu
    90. 

  90. diff:1612230627:1609673674:=3,12c3%0a%3c nsd is an authoritative name server. nsd comes as part of openbsd base so no installation will be necessary.%0a%3c %0a%3c Advantages of nsd:%0a%3c %0a%3c # Audited by the OpenBSD team%0a%3c # Simpler than BIND%0a%3c %0a%3c Disadvantages of nsd:%0a%3c %0a%3c # Not as easy to fork as [[openbsd/delphinusdnsd|delphinusdnsd]]%0a---%0a> nsd is an authoritative name server. Because nsd comes in OpenBSD base, it is our preferred nameserver.%0a
    91. 

  91. host:1612230627=198.251.81.119
    92. 

  92. author:1609673674=jrmu
    93. 

  93. diff:1609673674:1609242206:=38c38%0a%3c 	zonefile: "master/example.net"%0a---%0a> 	zonefile: "master/example.net.zone"%0a48c48%0a%3c 	zonefile: "slave/example.net"%0a---%0a> 	zonefile: "slave/example.net.zone"%0a78c78%0a%3c Save this zone file as /var/nsd/zones/master/example.net%0a---%0a> Save this zone file as /var/nsd/zones/master/example.net.zone%0a
    94. 

  94. host:1609673674=125.231.63.134
    95. 

  95. author:1609242206=jrmu
    96. 

  96. diff:1609242206:1597966747:=68c68%0a%3c example.net.    NS    ns.secondary.net.%0a---%0a> example.net.    NS    ns.secondary.net.ua.%0a
    97. 

  97. host:1609242206=198.251.81.119
    98. 

  98. author:1597966747=gry
    99. 

  99. csum:1597966747=+
    100. 

  100. diff:1597966747:1597800518:=93,98d92%0a%3c @]%0a%3c %0a%3c If there are issues you can start nsd in debug mode%0a%3c %0a%3c [@%0a%3c doas nsd -d -V 3%0a
    101. 

  101. host:1597966747=203.129.25.247
    102. 

  102. author:1597800518=gry
    103. 

  103. csum:1597800518=clarified
    104. 

  104. diff:1597800518:1597796218:=5c5%0a%3c !! /var/nsd/etc/nsd.conf (main configuration file)%0a---%0a> !! /var/nsd/etc/nsd.conf%0a
    105. 

  105. host:1597800518=203.129.25.247
    106. 

  106. author:1597796218=gry
    107. 

  107. csum:1597796218=+
    108. 

  108. diff:1597796218:1597796198:=32d31%0a%3c %0a53,54c52%0a%3c !! The zone file for NSD%0a%3c %0a---%0a> ====== The zone file for NSD ======%0a
    109. 

  109. host:1597796218=203.129.25.247
    110. 

  110. author:1597796198=gry
    111. 

  111. csum:1597796198=fmt
    112. 

  112. diff:1597796198:1597245206:=34c34%0a%3c [@%0a---%0a> %3ccode>%0a40,41c40,41%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a43,44c43%0a%3c %0a%3c [@%0a---%0a> %3ccode>%0a50,51c49,50%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a55c54%0a%3c [@%0a---%0a> %3ccode>%0a74,75c73,74%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a78,79c77%0a%3c !! Configuration check and start%0a%3c %0a---%0a> ====== Configuration check and start ======%0a81,82c79%0a%3c %0a%3c [@%0a---%0a> %3ccode>%0a84,85c81,82%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a87,88c84%0a%3c %0a%3c [@%0a---%0a> %3ccode>%0a91c87%0a%3c @]%0a---%0a> %3c/code>%0a
    113. 

  113. host:1597796198=203.129.25.247
    114. 

  114. author:1597245206=jrmu
    115. 

  115. diff:1597245206:1597245000:=1,9c1,7%0a%3c (:title Configuring nsd:)%0a%3c %0a%3c nsd is an authoritative name server. Because nsd comes in OpenBSD base, it is our preferred nameserver.%0a%3c %0a%3c !! /var/nsd/etc/nsd.conf%0a%3c %0a%3c Open up /var/nsd/etc/nsd.conf:%0a%3c %0a%3c [@%0a---%0a> NSD is an open-source Domain Name System (DNS) server. It was developed by NLnet Labs of Amsterdam in cooperation with the RIPE NCC, from scratch as an authoritative name server. NSD is a NS that comes as a part of OpenBSD base.%0a> %0a> ====== Configuration of NSD ======%0a> The main configuration file for NSD is a file called nsd.conf located in the /var/nsd/etc/ directory.%0a> Now, open/create the new file in your text editor with root privileges. Here's a sample:%0a> %0a> %3ccode>%0a20c18,21%0a%3c %0a---%0a> 	difffile: "/var/nsd/db/ixfr.db"%0a> 	xfrdfile: "/var/nsd/db/xfrd.state"%0a> 	database: "/var/nsd/db/nsd.db"%0a> %0a26,31c27,33%0a%3c 	name: "example.com"%0a%3c 	zonefile: "master/example.com"%0a%3c %0a%3c @]%0a%3c %0a%3c !! Primary and secondary server%0a---%0a> 	name: "example.net"%0a> 	zonefile: "master/example.net.zone"%0a> 	#notify: 193.201.116.2 NOKEY%0a> 	#provide-xfr: 193.201.116.2 NOKEY%0a> %3c/code>%0a> %0a> ====== Primary and secondary server ======%0a
    116. 

  116. host:1597245206=38.81.163.143
    117. 

  117. author:1597245000=jrmu
    118. 

  118. diff:1597245000:1597224805:=89,91c89%0a%3c %3c/code>%0a%3c %0a%3c https://www.denic.de/en/service/tools/nast/%0a\ No newline at end of file%0a---%0a> %3c/code>%0a\ No newline at end of file%0a
    119. 

  119. host:1597245000=38.81.163.143
    120. 

  120. author:1597224805=jrmu
    121. 

  121. diff:1597224805:1597224805:=1,89d0%0a%3c NSD is an open-source Domain Name System (DNS) server. It was developed by NLnet Labs of Amsterdam in cooperation with the RIPE NCC, from scratch as an authoritative name server. NSD is a NS that comes as a part of OpenBSD base.%0a%3c %0a%3c ====== Configuration of NSD ======%0a%3c The main configuration file for NSD is a file called nsd.conf located in the /var/nsd/etc/ directory.%0a%3c Now, open/create the new file in your text editor with root privileges. Here's a sample:%0a%3c %0a%3c %3ccode>%0a%3c server:%0a%3c 	ip-address: 0.0.0.0%0a%3c 	ip4-only: yes%0a%3c 	identity: "DNS"%0a%3c 	hide-version: yes%0a%3c 	verbosity: 1%0a%3c 	database: ""%0a%3c 	username: _nsd%0a%3c 	logfile: "/var/log/nsd.log"%0a%3c 	pidfile: "/var/nsd/run/nsd.pid"%0a%3c 	difffile: "/var/nsd/db/ixfr.db"%0a%3c 	xfrdfile: "/var/nsd/db/xfrd.state"%0a%3c 	database: "/var/nsd/db/nsd.db"%0a%3c %0a%3c remote-control:%0a%3c         control-enable: yes%0a%3c         control-interface: /var/nsd/run/nsd.sock%0a%3c %0a%3c zone:%0a%3c 	name: "example.net"%0a%3c 	zonefile: "master/example.net.zone"%0a%3c 	#notify: 193.201.116.2 NOKEY%0a%3c 	#provide-xfr: 193.201.116.2 NOKEY%0a%3c %3c/code>%0a%3c %0a%3c ====== Primary and secondary server ======%0a%3c If you need a secondary server to host the zone, you can do this as follows. Add to the block that describes your master zone, records about the secondary zone as in the example:%0a%3c %0a%3c %3ccode>%0a%3c zone:%0a%3c 	name: "example.net"%0a%3c 	zonefile: "master/example.net.zone"%0a%3c 	notify: 20.20.20.20 NOKEY%0a%3c 	provide-xfr: 20.20.20.20 NOKEY%0a%3c %3c/code>%0a%3c %0a%3c Create a new block in the secondary server config file, as in the example:%0a%3c %3ccode>%0a%3c zone:%0a%3c 	name: "example.net"%0a%3c 	zonefile: "slave/example.net.zone"%0a%3c 	allow-notify: 10.10.10.10 NOKEY%0a%3c 	request-xfr: 10.10.10.10 NOKEY%0a%3c %3c/code>%0a%3c %0a%3c ====== The zone file for NSD ======%0a%3c The next step is to write the zone files for NSD. First the forward lookup zone example.net:%0a%3c %0a%3c %3ccode>%0a%3c ; Domain file from My project%0a%3c %0a%3c example.net.    3600  SOA   ns.example.net. admin.example.net. (%0a%3c                             2020070701   ; serial YYYYMMDDnn%0a%3c                             10800        ; refresh%0a%3c                             3600         ; retry%0a%3c                             604800       ; expire%0a%3c                             86400 )      ; minimum TTL%0a%3c %0a%3c example.net.    NS    ns.example.net.%0a%3c example.net.    NS    ns.secondary.net.ua.%0a%3c ns              A     10.10.10.10%0a%3c example.net.    A     10.10.10.10%0a%3c www             A     10.10.10.10%0a%3c irc             A     10.10.10.10%0a%3c imap            A     10.10.10.10%0a%3c smtp            A     10.10.10.10%0a%3c example.net.    mx    10 smtp.example.net.%0a%3c %3c/code>%0a%3c %0a%3c Save this zone file as /var/nsd/zones/master/example.net.zone%0a%3c %0a%3c ====== Configuration check and start ======%0a%3c NSD bring along a tool to check the configuration file before you start or reload the daemon:%0a%3c %3ccode>%0a%3c $ doas nsd-checkconf /var/nsd/etc/nsd.conf%0a%3c %3c/code>%0a%3c %0a%3c Any errors are reported, so no news are good news. You can go ahead and start NSD:%0a%3c %3ccode>%0a%3c $ doas rcctl enable nsd%0a%3c $ doas rcctl start nsd%0a%3c %3c/code>%0a\ No newline at end of file%0a
    122. 

  122. host:1597224805=38.81.163.143
    123. 

  123.