Recent Changes - Search:
Nsd /

NSD

1- doas nano /var/nsd/etc/nsd.conf
2-

server:
hide-version: yes
verbosity: 2
database: "" # disable database
username: _nsd
logfile: "/var/log/nsd.log"


## bind to a specific address/port
ip-address: 38.87.162.30
# ip-address: 192.0.2.53@5678
ip-address: 2602:fccf:1:1030::


## make packets as small as possible, on by default
# minimal-responses: yes


## respond with truncation for ANY queries over UDP and allow ANY over TCP,
## on by default
# refuse-any: yes

remote-control:
control-enable: yes
control-interface: /var/run/nsd.sock


## tsig key example
#key:
# name: "tsig1.example.com."
# algorithm: hmac-sha256
# secret: "bWVrbWl0YXNkaWdvYXQ="


## master zone example
zone:
name: "domain-name"
zonefile:"master/domain-name"

zone:
name: "*.ip6.arpa"
zonefile:"master/*.ip6.arpa"

zone:
name: "*.in-addr.arpa"
zonefile:"master/*.in-addr.arpa"

3- start nsd:
doas rcctl enable nsd
doas rcctl start nsd

4- dig -x 2602:fccf:1:1030
in-addr.arpa. 300 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2021071524 1800 900 604800 3600

5-
doas nano /var/nsd/zones/master/domain-name
doas cat /var/nsd/zones/master/domain-name | nc paste.ircnow.org 7777

$ORIGIN domain-name. domain-name. 3600 SOA ns1.domain-name. admin.domain-name. ( 

                                2021082004 1800 900 604800 3600 )

domain-name. IN NS ns1.domain-name. domain-name. IN NS ns2.domain-name. 

        3600    IN      MX      10 mail.domain-name.
        3600    IN      A       38.87.162.30
        3600    IN      AAAA    2602:fccf:1:1030::

ipv6 3600 IN AAAA 2602:fccf:1:1030:: ip6 3600 IN AAAA 2602:fccf:1:1030:: irc6 3600 IN AAAA 2602:fccf:1:1030:: ns1 3600 IN A 38.87.162.30 

        3600    IN      AAAA    2602:fccf:1:1030::

ns2 3600 IN A 38.87.162.30 

        3600    IN      AAAA    2602:fccf:1:1030::

www 3600 IN A 38.87.162.30 

        3600    IN      AAAA    2602:fccf:1:1030::

irc 3600 IN A 38.87.162.30 

        3600    IN      AAAA    2602:fccf:1:1030::

imap 3600 IN A 38.87.162.30 

        3600    IN      AAAA    2602:fccf:1:1030::

smtp 3600 IN A 38.87.162.30 

        3600    IN      AAAA    2602:fccf:1:1030::

pop 3600 IN A 38.87.162.30 

        3600    IN      AAAA    2602:fccf:1:1030::

pop3 3600 IN A 38.87.162.30 

        3600    IN      AAAA    2602:fccf:1:1030::

MX 3600 IN A 38.87.162.30 

        3600    IN      AAAA    2602:fccf:1:1030::

mail 3600 IN A 38.87.162.30 

        3600    IN      AAAA    2602:fccf:1:1030::

bnc 3600 IN A 38.87.162.30 

        3600    IN      AAAA    2602:fccf:1:1030::

_adsp._domainkey 86400 IN TXT "dkim=discardable;" mail._domainkey 86400 IN TXT "k=rsa; t=s; p=<encrypted password>"

zone domain-name is ok

6-
doas nano /var/nsd/zones/master/*.ip6.arpa
doas cat /var/nsd/zones/master/*.arpa | nc paste.ircnow.org 7777
| nc termbin.com 9999

$ORIGIN *.ip6.arpa.
@ 3600 IN SOA ns1.domain-name. admin.domain-name. ( 

                        2021082001 1800 900 604800 3600 )
        3600    IN      NS      ns1.domain-name.
        3600    IN      NS      ns2.domain-name.

0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR domain-name.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 3600 IN PTR domain-name.

doas nano /var/nsd/zones/master/*.in-addr.arpa
doas cat /var/nsd/zones/master/30.162.87.38.in-addr.arpa | nc paste.ircnow.org 7777

30.162.87.38.in-addr.arpa. 3600 IN SOA ns1.domain-name. admin.domain-name. ( 

                         2021082001 1800 900 604800 3600 ) 

               3600          IN          NS       ns1.domain-name. 
               3600          IN          NS       ns2.domain-name.

7-
doas nano /etc/hostname.vio0
doas cat /etc/hostname.vio0 | nc paste.ircnow.org 7777

inet 38.81.163.154 0xffffff00
inet6 2602:fccf:1:154:: 48
inet6 2602:fccf:1:1030::1 48
inet6 2602:fccf:1:1030::2 48
inet6 2602:fccf:1:1030::3 48
ipv4 = "38.87.162.30"
ipv6 = "2602:fccf:1:1030::"
check = "pki domain-name filter { check_rdns check_fcrdns } hostname domain-name"
authcheck = "pki domain-name auth <passwd> filter { check_rdns check_fcrdns dkimsign } hostname domain-name"


# listeners
listen on socket filter "dkimsign"
listen on lo0 filter "dkimsign"
listen on $ipv4 port 25 tls $check
listen on $ipv6 port 25 tls $check
listen on $ipv4 port 465 tls-require $authcheck
listen on $ipv6 port 465 tls-require $authcheck
listen on $ipv4 port 587 tls-require $authcheck
listen on $ipv6 port 587 tls-require $authcheck

note:
<Error> sh /etc/netstart
<Error> thats the mother of networking

doas nsd-checkzone domain-name /var/nsd/zones/master/domain-name
doas nsd-checkconf /var/nsd/etc/nsd.conf
doas cat /var/log/nsd.log | nc paste.ircnow.org 7777
doas cat /var/nsd/etc/nsd.conf | nc paste.ircnow.org 7777
doas cat /var/nsd/zones/master/domain-name | nc paste.ircnow.org 7777
doas cat /var/nsd/zones/master/*.arpa | nc paste.ircnow.org 7777