I'm trying to create a master/slave setup using NSD. I have NSD installed on two servers. The servers are running great; when I perform normal DNS queries they return the information from the zone files. However, when I try to nsdc notify
on the master, the slave doesn't seem to pick up the new zone configuration.
The nsd.conf file on the master looks like this:
## NSD authoritative only DNS
#
server:
logfile: "/var/log/nsd.log"
port: 53
server-count: 1
ip4-only: yes
hide-version: yes
identity: ""
zonesdir: "/etc/nsd3"
verbosity: 3
zone:
name: domain.com
zonefile: www.domain.com.forward
notify: <ip slave> NOKEY
provide-xfr: <ip slave> NOKEY
nsd.conf on the slave server looks like:
## NSD authoritative only DNS
#
server:
logfile: "/var/log/nsd.log"
port: 53
server-count: 1
ip4-only: yes
hide-version: yes
identity: ""
zonesdir: "/etc/nsd3"
verbosity: 3
zone:
name: domain.com
zonefile: www.domain.com.forward
allow-notify: <ip master> NOKEY
request-xfr: AXFR <ip master> NOKEY
The zonefile file looks like this on the master server:
$ORIGIN domain.com.
$TTL 86400 ; default time to live
@ IN SOA ns1.domain.com. admin.domain.com. (
2011010203 ; serial number
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
NS ns1.domain.com.
MX 10 mailfilter.hostingprovider.com.
mail IN A <ip mailserver hostingprovider>
www IN A <ip master>
ns1 IN A <ip master>
ns2 IN A <ip slave>
newvalue IN A 8.8.8.8
* IN A <ip master>
The forward file is the same on the slave server, except for the line with "newvalue" (the value I want to transfer).
If I perform a nsdc notify
on the master server, the following ends up in the slave's logs:
[1487507948] nsd[26038]: info: Notify received and accepted, forward to xfrd
[1487507948] nsd[26037]: info: Handle incoming notify for zone domain.com
However, the zone files don't seem to get updates. After the notify, I perform nsdc patch; nsdc rebuild; nsdc reload; service nsd3 restart
on the slave server, just to be sure. But this doesn't change the zone files either.
Also, if I perform a dig axfr @<master ip> domain.com
on the slave server, I get a nice zone transfer.
Why isn't the slave server updating the zone files?
The zone's serial number needs to be incremented after any changes
A slave will first check if it has the most current zone before attempting a transfer, otherwise the notify is ignored. The common practice is to use the form YYYYMMDDxx where xx is a minor revision number (if accidentally set too large, there is a process that must be followed to lower the number again)
In later versions of nsd where
nsd-control
replaces nsdc, the commandtransfer
can be used to attempt, orforce_transfer
to update regardless of serial change.