# cd /usr/ports/net/ldns/
# make install clean
#
# cd /etc/nsd/
#
# Generate zone signing key
#
# ldns-keygen -a RSASHA1_NSEC3 -b 1024 <domain>
#
# Generate key signing key
#
# ldns-keygen -a RSASHA1_NSEC3 -b 2048 -k <domain>
#
# Sign or re-sign the zone
#
# ldns-signzone <domain> <zone signing key> <key signing key>
#
# nsdc rebuild
# /etc/rc.d/nsd restart
#
server:
ip4-only: yes
hide-version: yes
zone:
name: "mydomain1.com"
zonefile: "/etc/nsd/mydomain1.com.signed"
notify: 222.22.222.22 NOKEY
provide-xfr: 222.22.222.22 NOKEY
zone:
name: "mydomain2.com"
zonefile: "/etc/nsd/mydomain2.com.signed"
notify: 222.22.222.22 NOKEY
provide-xfr: 222.22.222.22 NOKEY
zone:
name: "mydomain3.com"
zonefile: "/etc/nsd/mydomain3.com.signed"
notify: 222.22.222.22 NOKEY
provide-xfr: 222.22.222.22 NOKEY
$ORIGIN mydomain1.com.
$TTL 3m
@ IN SOA ns.mydomain1.com. billy.mydomain1.com. (
2013070501 1h 15m 1w 3m )
@ NS ns.mydomain1.com.
@ NS ns.myregistrar.com.
@ MX 10 mail.mydomain1.com.
@ A 11.111.11.111
ns IN A 11.111.11.111
mail IN A 11.111.11.111
myhostname IN A 11.111.11.111
www IN CNAME mydomain.com.
$ORIGIN mydomain2.com.
$TTL 3m
@ IN SOA ns.mydomain1.com. billy.mydomain1.com. (
2013061001 1h 15m 1w 3m )
@ NS ns.mydomain1.com.
@ NS ns.myregistrar.com.
@ MX 10 mail.mydomain1.com.
@ A 11.111.11.111
www IN CNAME mydomain2.com.
$ORIGIN mydomain3.com.
$TTL 3m
@ IN SOA ns.mydomain1.com. billy.mydomain1.com. (
2013061001 1h 15m 1w 3m )
@ NS ns.mydomain1.com.
@ NS ns.myregistrar.com.
@ MX 10 mail.mydomain1.com.
@ A 11.111.11.111
www IN CNAME mydomain3.com.