, ,

NSD is an authoritative only, memory efficient, highly secure and simple to configure open source domain name server. In most of the cases we use BIND as our name server (authoritative/caching). But here I will show you how to configure NSD as primary name server and BIND as secondary name server; use two different flavor of DNS.

Primary DNS Server: kompella.ssh.com.bd (
Secondary DNS Server: martini.ssh.com.bd (

Make sure that hostname (/etc/hostname) has been set properly for both of the servers.

A. Install NSD as primary name server

1. NSD service expects to run as a user called nsd, but the package does not actually create this user account. To avoid an error upon installation, we will create this user before we install the software. On each of your machines, create the nsd system user by typing:

sudo useradd -r nsd

2. Update local package and install nsd.

sudo apt-get update
sudo apt-get install nsd

3. The first thing we should do is make sure all of the SSL keys and certificates that NSD uses to securely communicate between the daemon portion of the application and the controller are generated.

sudo nsd-control-setup

4. The main configuration file for NSD is a file called nsd.conf located in the /etc/nsd directory.

cd /etc/nsd
vi nsd.conf

You can use this sample nsd.conf file : http://pastebin.com/JyNyxZCu

5. Next we forward zone file. It’s the same used to have in BIND: http://pastebin.com/3xaiVkfV

6. Reverse zone file : https://pastebin.com/nFELkTZT

7. Testing the Files and Restarting the Service

Now that we have our master server configured, we can go ahead and test our configuration file and implement our changes. You can check the syntax of the main configuration file by using the included nsd-checkconf tool. Simply point the tool to your main configuration file:

sudo nsd-checkconf /etc/nsd/nsd.conf

After you are able to execute the check cleanly, you can restart the service by typing:

sudo service nsd restart

8. Check the logs to see any messages:

sudo tail -f /var/log/nsd.log


Next we will configure BIND and secondary name server. Will use TSIG to securely transfer zone file across the DNS server.