NSD (name server daemon) is for authoritative DNS - answering the question for internet users "what is the IP address of my servers".
You may want to use Unbound. It is a recursive DNS lookup that answers the question: "what is the IP address of a server out on the internet that belongs to someone else". On Wed, Jun 24, 2015 at 2:06 PM, Graham Stephens <gra...@thestephensdomain.com> wrote: > Hi, > > I was under the impression that unbound was like a proxy server for dns > - I haven't got round to looking at that yet; my brain can only handle > one task at a time :) > > I didn't think I needed it for local dns? > > ------------------------------- > On 24/06/2015 18:43, mxb wrote: >> >> >> Hey, >> this is a bit different from bind/named. >> >> nsd is a authoritative server ONLY. >> unbound is a caching server ONLY. >> >> I use those together on the same machine. >> nsd is handling all zones, unbound answers queries. >> >> nsd.conf: >> >> server: >> verbosity: 2 >> logfile: "/var/nsd/logs/nsd.log" >> hide-version: yes >> do-ip6: no >> port: 5353 >> ip-address: 127.0.0.1 >> zonefiles-write: 600 >> >> remote-control: >> control-enable: yes >> >> zone: >> name: "homelan.com" >> zonefile: "homelan.com" >> >> zone: >> name: "78.168.192.in-addr.arpa" >> zonefile: "revers.78" >> >> >> unbound.conf: >> >> server: >> # verbosity: 3 >> # logfile: "/var/unbound/log/unbound.log" >> >> interface: 127.0.0.1 >> interface: 192.168.78.124 >> >> port: 53 >> do-ip6: no >> do-udp: yes >> do-tcp: yes >> >> access-control: 0.0.0.0/0 refuse >> access-control: 127.0.0.0/8 allow >> access-control: ::0/0 refuse >> access-control: ::1 allow >> access-control: 192.168.78.0/24 allow >> >> hide-identity: yes >> hide-version: yes >> >> harden-glue: yes >> harden-dnssec-stripped: yes >> cache-min-ttl: 3600 >> cache-max-ttl: 86400 >> prefetch: yes >> >> ## this one important to be able to query nsd >> do-not-query-localhost: no >> >> private-domain: "homelan.com" >> >> ## this one important to be able to query nsd >> local-zone: "78.168.192.in-addr.arpa." transparent >> >> remote-control: >> control-enable: yes >> >> ## forward to nsd >> forward-zone: >> name: "homelan.com" >> forward-addr: 127.0.0.1@5353 >> >> ## forward to nsd >> forward-zone: >> name: "78.168.192.in-addr.arpa" >> forward-addr: 127.0.0.1@5353 >> >> ## forward to google >> forward-zone: >> name: "." >> forward-addr: 8.8.8.8 >> >> >> Hope this helps. >> >> //mxb >> >> On 2015-06-24 19:02, Graham Stephens wrote: >>> >>> I've tried to set up nsd on 5.7 x64 and it's not working as it should, >>> but I'm lost as to where to look to correct the issue. I was hoping >>> for some pointers. :) >>> >>> (possible) Symptoms: >>> >>> Starting nsd causes three processes to start - is this normal? >>> >>> If I use "nslookup blahname 127.0.0.1" from the local host, I get a >>> response as expected. >>> >>> Just using "nslookup blahname" gives as error of: >>> ";; Got recursion not available from 127.0.0.1, trying next server". >>> >>> From another machine on the lan, using "nslookup blahname" returns: >>> >>> "Server: blahname2.domain.com >>> Address: 10.0.2.1 >>> >>> *** blahname2.domain.com can't find blahname: Query refused" >>> >>> Any ideas what the issue(s) might be?
