NSD v4.1.6 on CentOS v7.x
Note: as of Jan 2017, nsd v4.1.7 is in the EPEL repository.
NSD v4.1 doesn't appear to be in an mainstream repository for el7. This page records creating and installing a binary RPM for CentOS v7.x for NSD v4.1.6.
Take a source RPM from GhettoForge, update the source package and version numbers, and use a simplified systemd script to run it. Note: The GhettoForge systemd script didn't work for me (see below).
# yum install http://share.lucidsolutions.co.nz/pub/centos/nsd/nsd-4.1.6-3.el7.centos.x86_64.rpm
Run the setup script to create self signed certificates for controlling NSD (iff the nsd-control support is enabled) and for the server itself.
# nsd-control-setup
Start the service.
# systemctl enable nsd # systemctl start nsd
Links
- http://www.nlnetlabs.nl/projects/nsd/
- https://projects.archlinux.org/svntogit/community.git/tree/trunk?h=packages/nsd
- http://mirror.symnds.com/distributions/gf/el/7/testing/x86_64/
Appendices
Install
# yum install http://share.lucidsolutions.co.nz/pub/centos/nsd/nsd-4.1.6-1.el7.centos.x86_64.rpm Dependencies Resolved ======================================================================================================== Package Arch Version Repository Size ======================================================================================================== Installing: nsd x86_64 4.1.6-1.el7.centos /nsd-4.1.6-1.el7.centos.x86_64 2.5 M Installing for dependencies: libevent x86_64 2.0.21-4.el7 base 214 k Transaction Summary ======================================================================================================== Install 1 Package (+1 Dependent package) Total size: 2.7 M Total download size: 214 k Installed size: 3.2 M Is this ok [y/d/N]: y Downloading packages: libevent-2.0.21-4.el7.x86_64.rpm | 214 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : libevent-2.0.21-4.el7.x86_64 1/2 Installing : nsd-4.1.6-1.el7.centos.x86_64 2/2 Verifying : nsd-4.1.6-1.el7.centos.x86_64 1/2 Verifying : libevent-2.0.21-4.el7.x86_64 2/2 Installed: nsd.x86_64 0:4.1.6-1.el7.centos Dependency Installed: libevent.x86_64 0:2.0.21-4.el7 Complete!
Service script
The GhettoForge service script. This didn't work for me and the following issues were observed:
- uses old 'nsdc' program instead of nsd-control program
- requires nsd-control to be enabled
- this requires local certificate to be created with nsd-control-setup
- more complicated that I needed for a simple standalone install using AXFR to secondaries
[Unit] Description=NSD DNS Server After=syslog.target network.target [Service] Type=simple PIDFile=/var/run/nsd/nsd.pid EnvironmentFile=-/etc/sysconfig/nsd ExecStartPre=/usr/sbin/nsdc -c /etc/nsd/nsd.conf rebuild ExecStart=/usr/sbin/nsd -d -c /etc/nsd/nsd.conf $OTHER_NSD_OPTS ExecReload=/usr/sbin/nsdc -c /etc/nsd/nsd.conf rebuild ExecReload=/usr/sbin/nsdc -c /etc/nsd/nsd.conf reload # notify blocks on misconfigurations - but does show it very loudly ExecReload=/usr/sbin/nsdc -c /etc/nsd/nsd.conf notify ExecStop=/usr/sbin/nsdc -c /etc/nsd/nsd.conf patch ExecStop=/usr/sbin/nsdc -c /etc/nsd/nsd.conf stop ExecStopPost=/bin/rm -f /var/lib/nsd/xfrd.state [Install] WantedBy=multi-user.target
nsd-control-setup
This script generates the local self signed x.509 certificates
# nsd-control-setup setup in directory /etc/nsd generating nsd_server.key Generating RSA private key, 3072 bit long modulus ................................................................................++ ........................++ e is 65537 (0x10001) generating nsd_control.key Generating RSA private key, 3072 bit long modulus ....................................................................................................................++ ............................++ e is 65537 (0x10001) create nsd_server.pem (self signed certificate) create nsd_control.pem (signed client certificate) Signature ok subject=/CN=nsd-control Getting CA Private Key Setup success. Certificates created. Enable in nsd.conf file to use
