From ArchWiki
Revision as of 10:58, 16 March 2013 by Mike.cloaked (talk | contribs)
Jump to: navigation, search

Nsd is an authoritative DNS resolver.


Install nsd:

pacman -S nsd

Migration to nsd for bind users

Once the package is installed there are useful migration notes for users who currently run bind as their dns server in the file:


Many users will wish to run nsd as their authoritative dns server concurrently with unbound as the validating, recursive, caching dns server on a single machine. It may be useful to refer to the wiki page for unbound at:


Initial Setup

More often than not nsd will be running concurrently with a recursive, caching dns server such as unbound. Usually dns servers will be listening on port 53 but the two services would conflict if they were listening to the same port. Hence if unbound was the main server answering dns queries on port 53 then it is sensible for added security to select a high private port number for nsd to listen on. Also if the only direct access to nsd will be from queries forwarded from unbound, then nsd can be configured to listen only to the localhost machine on the private port chosen, and is not then directly accessible from outside. This gives added security to the authoritative server. In the examples of configuration files here port 53530 is chosen as the listening port number for nsd.

If any firewall running on the machine blocks private port 53530 then this adds to security. The only port that then needs to be open for dns queries coming from external machines (or other machines on the same local network) is port 53.

Content currently being prepared