move the server: block of nsd.conf out of the management daemon and into the setup scripts

2026-03-04 15:54:48 +01:00 · 2015-05-04 11:19:48 +00:00
parent a07de38e80
commit 8886c9b6bc
2 changed files with 33 additions and 26 deletions
--- a/setup/dns.sh
+++ b/setup/dns.sh
@@ -22,6 +22,28 @@ apt_install nsd ldnsutils openssh-client

 mkdir -p /var/run/nsd

+cat > /etc/nsd/nsd.conf << EOF;
+# No not edit. Overwritten by Mail-in-a-Box setup.
+server:
+  hide-version: yes
+
+  # identify the server (CH TXT ID.SERVER entry).
+  identity: ""
+
+  # The directory for zonefile: files.
+  zonesdir: "/etc/nsd/zones"
+EOF
+
+# Since we have bind9 listening on localhost for locally-generated
+# DNS queries that require a recursive nameserver, and the system
+# might have other network interfaces for e.g. tunnelling, we have
+# to be specific about the network interfaces that nsd binds to.
+for ip in $PRIVATE_IP $PRIVATE_IPV6; do
+	echo "  ip-address: $ip" >> /etc/nsd/nsd.conf;
+done
+
+echo "include: /etc/nsd/zones.conf" >> /etc/nsd/nsd.conf;
+
 # Create DNSSEC signing keys.

 mkdir -p "$STORAGE_ROOT/dns/dnssec";