diff --git a/management/dns_update.py b/management/dns_update.py
index 94bd8196..334ebda2 100755
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -70,7 +70,7 @@ def do_dns_update(env, force=False):
 	additional_records = get_custom_dns_config(env)
 
 	# Write zone files.
-	os.makedirs('/etc/nsd/zones', exist_ok=True)
+	os.makedirs('/etc/' + env.get("NSD_PACKAGE", "nsd") + '/zones', exist_ok=True)
 	updated_domains = []
 	for i, (domain, zonefile) in enumerate(zonefiles):
 		# Build the records to put in the zone.
@@ -78,7 +78,7 @@ def do_dns_update(env, force=False):
 
 		# See if the zone has changed, and if so update the serial number
 		# and write the zone file.
-		if not write_nsd_zone(domain, "/etc/nsd/zones/" + zonefile, records, env, force):
+		if not write_nsd_zone(domain, "/etc/" + env.get("NSD_PACKAGE", "nsd") + "/zones/" + zonefile, records, env, force):
 			# Zone was not updated. There were no changes.
 			continue
 
@@ -119,7 +119,7 @@ def do_dns_update(env, force=False):
 
 	# Kick nsd if anything changed.
 	if len(updated_domains) > 0:
-		shell('check_call', ["/usr/sbin/service", "nsd", "restart"])
+		shell('check_call', ["/usr/sbin/service", env.get("NSD_PACKAGE", "nsd"), "restart"])
 
 	# Write the OpenDKIM configuration tables.
 	if write_opendkim_tables(zonefiles, env):
@@ -465,8 +465,8 @@ server:
   identity: ""
 
   # The directory for zonefile: files.
-  zonesdir: "/etc/nsd/zones"
 """
+  nsdconf += '  zonesdir: "/etc/' + env.get("NSD_PACKAGE", "nsd") + '/zones"'
 	
 	# Since we have bind9 listening on localhost for locally-generated
 	# DNS queries that require a recursive nameserver, and the system
@@ -499,11 +499,11 @@ zone:
 
 	# Check if the nsd.conf is changing. If it isn't changing,
 	# return False to flag that no change was made.
-	with open("/etc/nsd/nsd.conf") as f:
+	with open("/etc/" + env.get("NSD_PACKAGE", "nsd") + "/nsd.conf") as f:
 		if f.read() == nsdconf:
 			return False
 
-	with open("/etc/nsd/nsd.conf", "w") as f:
+	with open("/etc/" + env.get("NSD_PACKAGE", "nsd") + "/nsd.conf", "w") as f:
 		f.write(nsdconf)
 
 	return True
@@ -562,7 +562,7 @@ def sign_zone(domain, zonefile, env):
 		"-n",
 
 		# zonefile to sign
-		"/etc/nsd/zones/" + zonefile,
+		"/etc/" + env.get("NSD_PACKAGE", "nsd") + "/zones/" + zonefile,
 
 		# keys to sign with (order doesn't matter -- it'll figure it out)
 		dnssec_keys["KSK"],
@@ -577,7 +577,7 @@ def sign_zone(domain, zonefile, env):
 	# We want to be able to validate DS records too, but multiple forms may be valid depending
 	# on the digest type. So we'll write all (both) valid records. Only one DS record should
 	# actually be deployed. Preferebly the first.
-	with open("/etc/nsd/zones/" + zonefile + ".ds", "w") as f:
+	with open("/etc/" + env.get("NSD_PACKAGE", "nsd") + "/zones/" + zonefile + ".ds", "w") as f:
 		for digest_type in ('2', '1'):
 			rr_ds = shell('check_output', ["/usr/bin/ldns-key2ds",
 				"-n", # output to stdout
diff --git a/management/status_checks.py b/management/status_checks.py
index b8fdbe0a..b43927df 100755
--- a/management/status_checks.py
+++ b/management/status_checks.py
@@ -213,7 +213,7 @@ def check_dnssec(domain, env, dns_zonefiles, is_checking_primary=False):
 	# See if the domain has a DS record set at the registrar. The DS record may have
 	# several forms. We have to be prepared to check for any valid record. We've
 	# pre-generated all of the valid digests --- read them in.
-	ds_correct = open('/etc/nsd/zones/' + dns_zonefiles[domain] + '.ds').read().strip().split("\n")
+	ds_correct = open('/etc/' + env.get("NSD_PACKAGE", "nsd") + '/zones/' + dns_zonefiles[domain] + '.ds').read().strip().split("\n")
 	digests = { }
 	for rr_ds in ds_correct:
 		ds_keytag, ds_alg, ds_digalg, ds_digest = rr_ds.split("\t")[4].split(" ")
diff --git a/setup/dns.sh b/setup/dns.sh
index e92a5b82..b439a879 100755
--- a/setup/dns.sh
+++ b/setup/dns.sh
@@ -27,11 +27,9 @@ fi
 # * ldnsutils: Helper utilities for signing DNSSEC zones.
 # * openssh-client: Provides ssh-keyscan which we use to create SSHFP records.
 
-apt_install nsd ldnsutils openssh-client
+apt_install $NSD_PACKAGE ldnsutils openssh-client
 
-# Prepare nsd's configuration.
-
-mkdir -p /var/run/nsd
+mkdir -p /var/run/$NSD_PACKAGE
 
 # Create DNSSEC signing keys.
 
diff --git a/setup/preflight.sh b/setup/preflight.sh
index be584221..4c3bc613 100644
--- a/setup/preflight.sh
+++ b/setup/preflight.sh
@@ -8,8 +8,8 @@ if [[ $EUID -ne 0 ]]; then
 fi
 
 # Check that we are running on Ubuntu 14.04 LTS (or 14.04.xx).
-if [ "`lsb_release -d | sed 's/.*:\s*//' | sed 's/14\.04\.[0-9]/14.04/' `" != "Ubuntu 14.04 LTS" ]; then
-	echo "Mail-in-a-Box only supports being installed on Ubuntu 14.04, sorry. You are running:"
+if [ `lsb_release -d | sed 's/.*:\sUbuntu *//' | cut -d'.' -f1` -lt 12 ]; then
+	echo "Mail-in-a-Box only supports being installed on Ubuntu 12 and newer, sorry. You are running:"
 	echo
 	lsb_release -d | sed 's/.*:\s*//'
 	echo
diff --git a/setup/start.sh b/setup/start.sh
index d84669b3..4bfd99b6 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -8,6 +8,13 @@ source setup/functions.sh # load our functions
 # machine with enough memory? If not, this shows an error and exits.
 source setup/preflight.sh
 
+# if Ubuntu major version is less than 14 use nsd3 package
+if [ `lsb_release -d | sed 's/.*:\sUbuntu *//' | cut -d'.' -f1` -lt 14 ]; then
+    NSD_PACKAGE="nsd3"
+else
+    NSD_PACKAGE="nsd"
+fi
+
 # Ensure Python reads/writes files in UTF-8. If the machine
 # triggers some other locale in Python, like ASCII encoding,
 # Python may not be able to read/write files. Here and in
@@ -109,6 +116,7 @@ PUBLIC_IPV6=$PUBLIC_IPV6
 PRIVATE_IP=$PRIVATE_IP
 PRIVATE_IPV6=$PRIVATE_IPV6
 CSR_COUNTRY=$CSR_COUNTRY
+NSD_PACKAGE=$NSD_PACKAGE
 EOF
 
 # Start service configuration.