Configuring NSD

1. Log into your AUTH1 machine (10.192.X.1) and :

    # cd /etc/nsd/

    Now edit the file nsd.conf, and make the following changes:

	Now let's add your TLD zone.  Insert the following lines
	at the end of the file, replacing the appropriate values \
	for your own and slave zone:

- - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - 
server:
        zonesdir: "/etc/nsd"
	logfile: "nsd.log"
	pidfile: "nsd.pid"
		
zone:
	name: "MYTLD"
	zonefile: "/etc/bind/master/MYTLD"
	notify: 10.192.Y.1@53 NOKEY
	provide-xfr: 0.0.0.0/0 NOKEY
	
zone:
	name: "OTHERTLD"
	zonefile: "OTHERTLD"
	allow-notify: 10.192.Y.1 NOKEY
	allow-notify: 127.0.0.1 NOKEY
	request-xfr: AXFR 10.192.Y.1 NOKEY

- - - - - - - - - - - - - - - cut above - - - - - - - - - - - - - 

        10.192.Y.1 is the master server for OTHERTLD and typically
	your slave.  It is assumed you have completed the BIND
	exercize and hence the zonefile is in /etc/bind/master/MYTLD
	
	- Save the file, exit

	Increment the SOA serial in /etc/bind/master/MYTLD so
	that we can see chages on the slave.

2. Start NSD!

    If BIND is running, disable starting it

    # update-rc.d bind9 disable

    and stop it.

    # service bind9 stop

    Make sure NSD is not disabled by removing:

    # rm /etc/init/nsd.override

    Next start NSD.
    
    # service nsd start

    and check that nsd is running with

    # tail /etc/nsd/nsd.log
    # ps ax | grep nsd

    Correct and errors and restart nsd. (hint: "nsd -d" keeps nsd in forground)

    # service nsd restart

3. Test that your new server is answering:

    # dig @127.0.0.1 MYTLD SOA

4. Controlling NSD

   To cause the NSD daemon to reload the zone:

   # kill -HUP `cat /etc/nsd/nsd.pid`

   To stop the NSD program:

   # kill `cat /etc/nsd/nsd.pid`

   To check if it is running:

   # ps ax | grep nsd

5. Verify that your slave has picked up a new copy of the zone:

   # dig @10.192.Y.1 SOA MYTLD

   and on the class resolver...
   
   # dig @10.192.0.230 SOA MYTLD

   Do the SOA serial numbers match?

6. [OPTIONAL] Test NSD's response rate limiting capabilities by modifying 
   nsd.conf with the following:

- - - - - - - - - - - - - - - cut below - - - - - - - - - - - - -
server:
        zonesdir: "/etc/nsd"
        logfile: "nsd.log"
        pidfile: "nsd.pid"
	rrl-ratelimit: 2

- - - - - - - - - - - - - - - cut above - - - - - - - - - - - - -
   
   then executing:

   # service nsd restart

   From another terminal window you can then test rate limiting by 
   executing multiple queries using something like:

   # cnt=1; while [ $cnt -lt 100 ]; do echo -n "$cnt "; \
   dig +short @10.192.X.1 www.othertld.; cnt=$(( $cnt + 1 )); done

   What do you see?