A NSD v3.x secondary DNS server

Create a secondary DNS server with support for:

• IPv4
• IPv6
• DNSSEC
• Notify
  
• Unlimited zones and records (from a practical perspective)
• No restrictions on DNS server names (aka 'novelty domains')
  

Steps:

• Create a small CentOS OpenVZ VPS (US$15/year)
  
• Create a user login with sudo rights
  
• Lock down ssh
• Install updates
• Disable httpd, xinetd
• Remove bind
  
• Install EPEL
• Install NSD
• Configure NSD

Install EPEL

# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Install NSD

# yum install nsd ldns

Create the config file '/etc/nsd/nsd.conf'. Create a zones.d directory for the zone files (mkdir /etc/nsd/zones.d)

Start NSD

# chkconfig nsd on
# service nsd start

Verify

Use a third party web based tool to verify that the nameserver is operational. e.g.

1. http://www.dnsinspect.com/lucidsolutions.co.nz
2. http://intodns.com/lucidsolutions.co.nz (IPv4 test only)
   

Residuals

1. Use a key for the zone transfers
2. Get DNSSEC working
3. This is a unicast solution that won't scale well under attack loads
   

Links

• https://calomel.org/nsd_dns.html
• https://my.crissic.net/knowledgebase.php?action=displayarticle&id=3
• Free secondary DNS
• http://www.frankb.us/dns/
• http://efball.com/dns/
  
• http://networking.ringofsaturn.com/Unix/freednsservers.php
  

Appendices

nsd.conf

server:

    ip-address: 107.150.11.166
    ip-address: 2602:ffea:a::e6af:a94e

    tcp-count: 100
    server-count: 2

    logfile: "/var/log/nsd.log"
    verbosity: 2


zone:
    name: lucidsolutions.co.nz
    zonefile: "/etc/nsd/zones.d/lucidsolutions.co.nz.zone"
    allow-notify: 123.255.40.190 NOKEY
    allow-notify: 2001:4428:225:2::4 NOKEY
    request-xfr: AXFR 2001:4428:225:2::4@53 NOKEY

yum install nsd ldns

Dependencies Resolved

=============================================================================
 Package        Arch           Version                  Repository      Size
=============================================================================
Installing:
 ldns           i686           1.6.16-2.el6             epel           440 k
 nsd            i686           3.2.15-5.el6             epel           712 k

Transaction Summary
=============================================================================
Install       2 Package(s)

Total download size: 1.1 M
Installed size: 3.1 M