====== NSD dns server ======

https://calomel.org/nsd_dns.html

NSD is lightweight and faster and simpler to configure than [[soft:bind|bind]]. It doesn't support dynamic dns update, so in my case I use it as a secondary dns server:

<code>
apt-get install nsd
</code>

Here's a config for a secondary dns receiving notify and issuing AXFR transfer using a hmac-sha512 key (symetric  secret key shared with the primary server).

<file /etc/nsd/nsd.conf>
server:
    ip-address: 0.0.0.0
    ip-address: ::
    port: 53
    server-count: 1
    ip4-only: yes
    hide-version: yes
    identity: ""
    zonesdir: "/etc/nsd"
    verbosity: 3

key:
   name: "schwarz.in.philpep.org."
   algorithm: hmac-sha512
   secret: "XXX XXX=="

zone:
    name: philpep.org
    zonefile: philpep.org
    allow-notify: 192.168.62.2 schwarz.in.philpep.org.
    request-xfr: AXFR 192.168.62.2@53 schwarz.in.philpep.org.
</file>