Mukul Shukla
2021-Jun-06 10:33 UTC
[nsd-users] Help to setup Authoritative Name Server with NSD
Dear All, I am working as a Professor in a University in India. For our University, I want to set up an Authoritative Name Server. Currently we are running djbdns, since long. Although djbdns is a wonderful DNS server, the maintenance of it has become very troublesome. It also lacks many new security features. BIND9, I am not convinced if it will be useful in our case. Its a huge piece of software, and we don't need all the features of it. I was thinking of running my Authoritative Name Servers, Primary and Secondary on NSD, as we are already using Unbound for recursive name resolution. I would like to get the comments from the users as to whether my decision is correct or not? I have found that very few tutorials/manuals/articles are available for the NSD setup . Being new to NSD, I feel hesitant in replacing it by running DNS server with NSD. Would like to have some suggestions and comments. Kindly suggest any other alternatives, if that is useful in my case. Thank you. Mukul Shukla Prof. (IT) SGSITS, Indore, INDIA -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20210606/242131da/attachment.htm>
Sorry, meant to reply to this one. Actually: we are in a similar situation. We're currently running bind9, and were interested in to switching to NSD for the authorative dns services, but it seems that you have to compile newer releases (with security fixes etc) yourself, or there is a repo somewhere we're missing? We're on debian 10. It recommended to simply install the NSD that debian comes with, and rely on debian for the security fixes? MJ On 6/6/21 12:33 PM, Mukul Shukla via nsd-users wrote:> Dear All, > > I am working as a Professor in a University in India. For our > University, I want to set up an Authoritative Name Server. Currently we > are running djbdns, since long. > Although djbdns is a wonderful DNS server, the maintenance of it has > become very troublesome. It also lacks many new security features. > BIND9, I am not convinced if it will be useful in our case. Its a huge > piece of software, and we don't need all the features of it. > > I was thinking of running my Authoritative Name Servers, Primary and > Secondary on NSD, as we are already using Unbound for recursive name > resolution. > > I would like to get the comments from the users as to whether my > decision is correct or not? I have found that very few > tutorials/manuals/articles are available for the NSD setup . Being new > to NSD, I feel hesitant in replacing it by running DNS server with NSD. > Would like to have some suggestions and comments. Kindly suggest any > other alternatives, if that is useful in my case. > > Thank you. > > Mukul Shukla > Prof. (IT) > SGSITS, Indore, > INDIA > > _______________________________________________ > nsd-users mailing list > nsd-users at lists.nlnetlabs.nl > https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users >
Paul Wouters
2021-Jun-06 15:26 UTC
[nsd-users] Help to setup Authoritative Name Server with NSD
On Sun, 6 Jun 2021, Mukul Shukla via nsd-users wrote:> I would like to get the comments from the users as to whether my decision is correct or not? I have found that very few > tutorials/manuals/articles are available for the NSD setup . Being new to NSD, I feel hesitant in replacing it by running DNS server with > NSD. Would like to have some suggestions and comments. Kindly suggest any other alternatives, if that is useful in my case.You will of course find a fairly biased answer here. I myself have run nsd and unbound since the early days. First mixed with bind, then without bind. But things are ever changing and I'm now getting ready to go back to using different software on different nameservers for both keeping familiar and for more biodiversity for my own domains. I'm not sure how many domains you need to run, but I've recently started playing with Catalog Zones with the knot nameserver, and it is _really_ nice to not have to manually configure your secondaries when you are adding or removing zones. I don't think that nsd supports this yet, but I'm sure it is on the roadmap and will arrive soon. But honestly, bind9 and knot and nsd are all good DNS servers compared to djdns. Paul