«
»

Life with NSD

I have migrated two of my DNS servers from djbdns to NSD. The main issue with djbdns was the inability to handle BIND-style zone transfers properly which leads to interoperability problems with BIND and other nameservers. Otherwise it performs flawlessly as a stand-alone nameserver and DNS cache.

NSD is an authorative-only, high performance, simple and open-source name server. Like tinydns and unlike BIND it does not do recursion and caching, but then it doesn’t need to. Currently, three of the root-nameservers run NSD. If it’s good enough to run on a root-ns, then it’s good enough for me and you. It has most of the relevant features of modern DNS servers.

NSD uses BIND-syle zone files, so there’s no need to convert anything if you are migrating from BIND. Since I was migrating from djbdns I needed to convert the data back to BIND-speech. The easiest way to accomplish this is to replicate the zone data from the master using AXFR. Well for some reason or another when I attempted to use nsd-xfer(8) do this, it failed. As I checked the axfrdns logs it turned out to be a bogus query. Then I tried to accomplish the same with dig(1) which worked fine but it doubled the SOA records for some obscure reason. NSD itself transfers the zones just fine. So far it works like a charm, regardless if it’s in master or  slave configuration.

For the DNS cache I am still using dnscache. NLnet Labs also has an alternative called Unbound.

Tags: , , , , ,

This entry was posted on Saturday, August 1st, 2009 at 09:16 and is filed under Tech. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

6 Responses to “Life with NSD”

  1. Cris Says:
    August 2nd, 2009 at 15:14

    By the way, NSD suna a LSD… N-ai observat nimic ireal de cind l-ai instalat? :-D

  2. ggl Says:
    August 2nd, 2009 at 18:12

    Well, both of them run on BSD which sounds like LSD as well :)

  3. Făniţă Says:
    August 17th, 2009 at 12:08

    nu ma pricep la asemenea chestii, dar cu toate acestea s-ar putea sa ma angajez ca si admin de retea, bine, din ala junior, pana capat un certificat cisco sau ceva asemenea.

  4. ggl Says:
    August 20th, 2009 at 14:57

    Did you just say cisco certification?

  5. Mircea C. Says:
    September 24th, 2009 at 15:16

    Buna gluma. Sa inteleg ca CCNA e doar un banc prost pentru cei nexperimentati datorita faptului ca nu au unde sa experimenteze? E ca si cum ai termina facultatea, mergi sa te angajezi si prima intrebare vine…aveti experienta? Nu…Ne pare rau, cautam doar oameni cu experienta in domeniu.
    Intr-adevar, cursul e pentru incepatori, un pas inainte as zice, poate se merita, poate il poti invata acasa si sa stii mai mult ca un soarec de biblioteca care isi ia cursul flash invatand (tocind mai bine zis) pe rupte…
    Ce e de facut atunci?
    Mersi.
    Mirciu

  6. ggl Says:
    September 24th, 2009 at 21:04

    Mircea, caricatura respectivă e doar umor. Nu lua şi tu chiar orice în serios. Dacă e o glumă proastă sau nu – asta vei decide singur. Mie mi se pare amuzantă, iar coincidenţa face că a apărut exact în preajma comentariului lui Făniţă.

    La modul serios vorbind, cursul e bun. Dacă nu ar fi fost, nu aş fi urmat toate cele patru module. Il poţi învăţa acasă doar dacă ai timp, răbrade şi motivaţie. Înafară de asta nu ar strica nici câteva rutere Cisco seria 2000 drept material didactic; preferabil să fie legate şi într-o reţea mai mare sau să ai un simulator de reţea. Aşa că mai bine îl plăteşti şi-l faci undeva unde ai toate aceste condiţii.

Leave a Reply

Spam protection by WP Captcha-Free