Run your own authoritative dns server with nsd

So I have recently involved in some DNS-related projects at work and I decided it was finally time to set up my own authoritative nameserver for my domain instead of relying on godaddy for and DNS related changes. Also it is super annoying to log into their gui each time I want to make a change.

Here we go

1. Install, start, and enable nsd

Install the nsd service

sudo yum install -y nsd

Start the nsd service

sudo service nsd start

Enable the nsd service on boot

sudo chkconfig nsd on

2. Add your authoritative zone (your domain) to nsd.conf

The next step is adding the following

zone:
    name: patrickshuff.com
    zonefile: patrickshuff.com.zone

3. Set up a authoritative zone for your domain

Using the zonefile name you used in nsd.conf, create it down /etc/nsd/:

vim /etc/nsd/patrickshuff.com.zone

Now populate the zonefile. This is currently how mine is setup:

;## NSD authoritative only DNS
;## FORWARD Zone -  patrickshuff.com.zone

$ORIGIN patrickshuff.com.    ; default zone domain
$TTL 500           ; default time to live

@ IN SOA ns1.patrickshuff.com. ns2.patrickshuff.com. (
           20131027  ; serial number
           28800       ; Refresh
           7200        ; Retry
           864000      ; Expire
           300       ; Min TTL
           )

           NS      ns1
           NS      ns2
           A    173.230.132.214
           AAAA 2600:3c02::f03c:91ff:fe96:3e3c

           MX   10 mail.patrickshuff.com.

mail       A    173.230.132.214
mail       AAAA 2600:3c02::f03c:91ff:fe96:3e3c
resume     TXT  "http://www.linkedin.com/in/patrickshuff/"

4. Verify it works

First, we need to tell nsd to pick up the changes we made.

service nsd reload

Ok, now let's actually test it!!

dig +short A patrickshuff.com @localhost
dig +short AAAA patrickshuff.com @localhost
dig +short MX patrickshuff.com @localhost
dig +short TXT resume.patrickshuff.com @localhost

These should give you records as you expect!

Troubleshooting

service nsd reload is failing!

When you reload nsd, you get an error:

$ service nsd reload
Rebuilding zonefiles:                                      [FAILED]
Reloading nsd:                                             [  OK  ]

The output of a service reload isn't very helpful. Fortunately by looking at /etc/init.d/nsd and the reload section, it is essentially just rebuilding the nsd database based on your zone files with nsdc rebuild and notifying the nsd server to reread the database with nsdc reload

The output of the rebuild is pretty verbose and should give you a good idea of where your errors are:

# Rebuild nsd's database from our zone files
nsdc rebuild

Once you have found the errors tell nsd to reload the zone database:

nsdc reload

social