Dear Mukul!
1) Do you have many changes in your zones, or is it unproblematic if you are not
able to change anything for a few days?
I ask because my idea is to add a new name for the new primary and secondary DNS
servers build with NSD while leaving your old setup as it is. That means, if
your current names are "ns1.example.com" and
"ns2.example.com", you would add "alpha.example.com" and
"bravo.example.com", build with DNS. Once you think all runs fine, you
would change the DNS server names for your domain. In case anything fails and
you are not able to fix that in a timely manner, you can switch back. The names
"ns1" and "ns2" will be always the old DNS servers and at
some point you shut them down.
I think you already know that of course, but with tools such as dig from
dnsutils (Debian) you can always easily check if your new NSD nameservers
responds correctly:
# dig -t A example.com @PRIMARY_DNS_IP_ADDRESS_OR_HOST
# dig -t A example.com @SECONDARY_DNS_IP_ADDRESS_OR_HOST
2) How do you usually edit your zones?
--Kaulkwappe
----------------------------------------------------------------
From: Mukul Shukla via nsd-users <nsd-users at lists.nlnetlabs.nl>
Sent: Sunday, 6. Jun 2021 ? 21:16 CEST +0200
To: nsd-users at lists.nlnetlabs.nl
Subject: Re: [nsd-users] (no subject)
Dear All,
Let me give me a little background as to what I am trying to achieve.
1. The domain which I want the Authoritative Name serve? to serve for is
sgsits.ac.in.
2. The ERNET India (ac.in) is the domain name registrar for academic institutes
here in India.
3. We are hosting our Website, Email and Moodle servers for which right now
djbdns is acting as a authoritative name server.
4. Although, djbdns is working fine since last ten years (I must say its a
brilliantly crafted? DNS server), it lacks some security features which are now
a must (eg. DNSSEC).
5. I want to migrate this name server to NSD, with al the security feature and
high availability so that it meets the current requirements.
Can anybody please tell me how to plan for this migration so that I have a
minimum downtime. Moreover, I want to build a setup with NSD so that it runs
smoothly for the next 10 years. Of course want to know how to keep on upgrading
will be an issue, I need to consider.
I am reading the only source of information, the man pages on NLNET's
website, although there are few tutorial available (eg. Calomel)
Thank you all.
Mukul
On Mon, Jun 7, 2021 at 12:02 AM Mukul Shukla <mukulmanet at gmail.com>
wrote:
Hi?Ond?ej,
Thanks for such encouraging words.
Gave me a lot of confidence.
It's decided at my end. I will try to migrate my University DNS
authoritative setup to much improved NSD setup, of course with the help of all
the members here.
Thanks again.
Mukul
On Sun, Jun 6, 2021 at 10:57 PM Ond?ej Sur? <ondrej at sury.org> wrote:
Hi Mukul,
don?t worry - the community here is friendly and helpful and you should not run
into any hard problems. Take it as an opportunity to learn something new!
Ond?ej
- former Knot DNS team lead
- current BIND 9 team lead
--Ond?ej Sur? <ondrej at sury.org> (He/Him)
On 6. 6. 2021, at 18:50, Mukul Shukla via nsd-users <nsd-users at
lists.nlnetlabs.nl> wrote:
?
Dear All,
There are very? few articles/tutorials on NSD. This is making me nervous to
adapt it for a long use. If I am stuck, there is no?help to refer to. Man pages
are just not sufficient for the people like me who don't?have much
experience of the system administration and implementing DNS Authoritative
Server in particular. Other DNS implementations?have very good manuals. The kind
of software NSD is, there should have been books written on them.
Mukul
On Sun, Jun 6, 2021 at 9:06 PM Anand Buddhdev via nsd-users <nsd-users at
lists.nlnetlabs.nl> wrote:
On 06/06/2021 16:26, mj via nsd-users wrote:
Hi MJ,
> Actually: we are in a similar situation. We're currently running bind9,
> and were interested in to switching to NSD for the authorative dns
> services, but it seems that you have to compile newer releases (with
> security fixes etc) yourself, or there is a repo somewhere we're
missing?
>
> We're on debian 10. It recommended to simply install the NSD that
debian
> comes with, and rely on debian for the security fixes?
Debian packages are often well behind upstream releases. For example,
Debian 10 (buster) still has NSD 4.1.26, whereas the upstream version is
4.3.6.
However, for Debian, there's usually a repository called backports. If
you enable it, you can get newer versions of packages. For example,
"buster-backports" currently has NSD 4.3.5 in it. You could also
enable
the "experimental" repo and get the latest 4.3.6 release.
Regards,
Anand
_______________________________________________
nsd-users mailing list
nsd-users at lists.nlnetlabs.nl
https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
_______________________________________________
nsd-users mailing list
nsd-users at lists.nlnetlabs.nl
https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users