Life with NSD
Saturday, August 1st, 2009I have migrated two of my DNS servers from djbdns to NSD. The main issue with djbdns was the inability to handle BIND-style zone transfers properly which leads to interoperability problems with BIND and other nameservers. Otherwise it performs flawlessly as a stand-alone nameserver and DNS cache.
NSD is an authorative-only, high performance, simple and open-source name server. Like tinydns and unlike BIND it does not do recursion and caching, but then it doesn’t need to. Currently, three of the root-nameservers run NSD. If it’s good enough to run on a root-ns, then it’s good enough for me and you. It has most of the relevant features of modern DNS servers.
NSD uses BIND-syle zone files, so there’s no need to convert anything if you are migrating from BIND. Since I was migrating from djbdns I needed to convert the data back to BIND-speech. The easiest way to accomplish this is to replicate the zone data from the master using AXFR. Well for some reason or another when I attempted to use nsd-xfer(8) do this, it failed. As I checked the axfrdns logs it turned out to be a bogus query. Then I tried to accomplish the same with dig(1) which worked fine but it doubled the SOA records for some obscure reason. NSD itself transfers the zones just fine. So far it works like a charm, regardless if it’s in master orĀ slave configuration.
For the DNS cache I am still using dnscache. NLnet Labs also has an alternative called Unbound.