[nsd-users] nsd as master + slave
A. Schulze
sca at andreasschulze.de
Fri Oct 17 20:25:43 UTC 2014
W.C.A. Wijngaards:
> Are you trying to force updates without incrementing the SOA serial
> number? NSD expects you normally to increment the SOA serial number,
> then reload the zone into the master, which then sends a notify with
> this serial number to the slave which then fetches the zone.
after $DISABLE_SSLv3_ANYWHERE I had some to look at my nsd servers.
I did it exactly like suggested but no notify.
- vi /etc/nsd/zones/example.de
$SOA++
- rsync /etc/nsd/zones/example.de /var/lib/nsd/etc/nsd/zones/example.de
- nsd-control reload
dig @2001:db8::1 example.de. soa
-> new soa
dig @2001:db8::2 example.de. soa
-> still old soa
I must state, that the servers in question are not mentioned in the zones
NS data. May that be a reason?
master.conf
###########
remote-control:
control-enable: yes
server-key-file: /etc/nsd/ssl/nsd_server.key
server-cert-file: /etc/nsd/ssl/nsd_server.pem
control-key-file: /etc/nsd/ssl/nsd_control.key
control-cert-file: /etc/nsd/ssl/nsd_control.pem
server:
chroot: "/var/lib/nsd"
statistics: 86400
verbosity: 2
ip-address: 2001:db8::1
zone:
name: "example.de."
zonefile: "/etc/nsd/zones/example.de"
outgoing-interface: 2001:db8::1
notify-retry: 5
notify: 2001:db8::2 NOKEY
provide-xfr: 2001:db8::2 NOKEY
slave.conf
##########
remote-control:
control-enable: yes
server-key-file: /etc/nsd/ssl/nsd_server.key
server-cert-file: /etc/nsd/ssl/nsd_server.pem
control-key-file: /etc/nsd/ssl/nsd_control.key
control-cert-file: /etc/nsd/ssl/nsd_control.pem
server:
chroot: "/var/lib/nsd"
statistics: 86400
verbosity: 2
ip-address: 2001:db8::2
zone:
name: "example.de."
allow-notify: 2001:db8::1/128 NOKEY
request-xfr: 2001:db8::1 NOKEY
More information about the nsd-users
mailing list