[nsd-users] nsd as master + slave

A. Schulze sca at andreasschulze.de
Fri Oct 17 20:25:43 UTC 2014


W.C.A. Wijngaards:

> Are you trying to force updates without incrementing the SOA serial
> number?  NSD expects you normally to increment the SOA serial number,
> then reload the zone into the master, which then sends a notify with
> this serial number to the slave which then fetches the zone.

after $DISABLE_SSLv3_ANYWHERE I had some to look at my nsd servers.
I did it exactly like suggested but no notify.

- vi /etc/nsd/zones/example.de
   $SOA++
- rsync /etc/nsd/zones/example.de /var/lib/nsd/etc/nsd/zones/example.de
- nsd-control reload

dig @2001:db8::1 example.de. soa
  -> new soa

dig @2001:db8::2 example.de. soa
  -> still old soa

I must state, that the servers in question are not mentioned in the zones
NS data. May that be a reason?

master.conf
###########
remote-control:
         control-enable: yes
         server-key-file: /etc/nsd/ssl/nsd_server.key
         server-cert-file: /etc/nsd/ssl/nsd_server.pem
         control-key-file: /etc/nsd/ssl/nsd_control.key
         control-cert-file: /etc/nsd/ssl/nsd_control.pem
server:
         chroot: "/var/lib/nsd"
         statistics: 86400
         verbosity: 2
         ip-address: 2001:db8::1
zone:
         name: "example.de."
         zonefile: "/etc/nsd/zones/example.de"
         outgoing-interface: 2001:db8::1
         notify-retry: 5
         notify: 2001:db8::2 NOKEY
         provide-xfr: 2001:db8::2 NOKEY

slave.conf
##########
remote-control:
         control-enable: yes
         server-key-file: /etc/nsd/ssl/nsd_server.key
         server-cert-file: /etc/nsd/ssl/nsd_server.pem
         control-key-file: /etc/nsd/ssl/nsd_control.key
         control-cert-file: /etc/nsd/ssl/nsd_control.pem
server:
         chroot: "/var/lib/nsd"
         statistics: 86400
         verbosity: 2
         ip-address: 2001:db8::2
zone:
         name: "example.de."
         allow-notify: 2001:db8::1/128 NOKEY
         request-xfr: 2001:db8::1 NOKEY





More information about the nsd-users mailing list