Skip to content

nsd_authoritative_dns.md #2615

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Feb 28, 2025
Merged

nsd_authoritative_dns.md #2615

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e61e597
nsd_authoritative_dns.md
gannazhyrnova Feb 27, 2025
f52ab1d
Update nsd_authoritative_dns.md
wsoyinka Feb 28, 2025
3cd652f
Update nsd_authoritative_dns.md
wsoyinka Feb 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions docs/guides/dns/nsd_authoritative_dns.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ example.com mail is handled by 10 mail.another.com.

## Secondary DNS server

It is generally a norm to run one or more secondary authoritative DNS servers in case the primary server goes down. NSD has a feature that allows for the syncing of DNS records from a primary server to one or many backup servers.
Running one or more secondary authoritative DNS servers is generally the norm. This is especially useful when the primary server goes down. NSD has feature allows for syncing DNS records from a primary server to one or many backup servers.

To enable a backup server, generate the signing keys on the primary zone:

Expand All @@ -132,7 +132,7 @@ You will need to copy the following files to the backup server in the `/etc/nsd/
- `nsd_server.key`
- `nsd_server.pem`

On all the DNS servers add the following before the `zone:` directive:
On all the DNS servers, add the following before the `zone:` directive:

```bash
remote-control:
Expand All @@ -145,7 +145,7 @@ remote-control:
control-cert-file: "/etc/nsd/nsd_control.pem"
```

Also enable the firewall entries:
Also, enable the firewall entries:

```bash
firewall-cmd --zone=public --add-port=8952/tcp
Expand All @@ -165,7 +165,7 @@ zone:

Replace `NS1_IP1` and `NS2_IP2` with the public IP addresses of the primary and secondary nameservers.

On the secondary server add the zone:
On the secondary server, add the zone:

```bash
zone:
Expand Down Expand Up @@ -193,6 +193,6 @@ Replace `NS2_IP2` with the public IP addresses of the secondary nameserver.

## Conclusion

Most people use third-party services for DNS. However, there are scenarios where self-hosting DNS is desirable. Telecommunication, hosting, and social media companies, for example, host many DNS entries where hosted services are undesirable.
Most people use third-party DNS services. However, there are scenarios where self-hosting DNS is desirable. For example, telecommunications, hosting, and social media companies maintain their own DNS entries when third-party DNS services are undesirable.

NSD is one of many open source tools that make hosting DNS possible.