What should the nameserver of the nsd server be set to?

As the authoritative server nsd, what should its own nameserver value be?

NSD
/etc/resolv.conf
nameserver 127.0.0.1 ?

or

nameserver 127.0.0.1
nameserver Unbound server IP ?

If 127.0.0.1 only specified, it cannot resolve Internet hosts and then cannot update system or update ports.
What is the usual practice? Is it a usual practice to specify a resolver for nsd?

Thanks.
 
Depends on what you try to do with it and how you configured everything.

If you try to use NSD as a name server on your local machine then it makes sense to point the OS to 127.0.0.1 through use of /etc/resolv.conf. At the same time it doesn't make much sense to specify both your NSD server and an Unbound server because both would pretty much do the same thing.

But it's not really possible to answer this without knowing what you set up, and why.
 
If 127.0.0.1 only specified, it cannot resolve hosts on the Internet and cannot update the system or download software. you know?
 
If 127.0.0.1 only specified, it cannot resolve hosts on the Internet and cannot update the system or download software. you know?

Again, NSD is not a resolver! If you want a resolver, a caching recursive DNS server, you need Unbound ( or other recursive DNS server ). See DNS server types.
 
Well, you said you are willing to use it to:

If 127.0.0.1 only specified, it cannot resolve hosts on the Internet and cannot update the system or download software. you know?

those are "exactly"[1] the purpose of a resolver, and not of an authoritative DNS server.

[1] well, DNS does not actually download or update the system but I am assuming you mean you will not have these functions broken due to lack of DNS resolving.

[EDIT]

If you have a registered domain you need/want to set your own DNS servers at your register to point to which IP your domain should be resolved, you need an authoritative DNS server like NSD. Same apply if you want to use a private domain for your local network only ( without of course the register part since it should not leave your private network at first place ).
 
I certainly know that nsd is not a resolver. I am just asking how this is usually set.
It's usually set on hosts via DHCP. However, for static configuration, you set it to whatever your recursive DNS server's IP is, e.g. 8.8.8.8. In either case, it has nothing to do with nsd or what IP address nsd is running on. I think a lot of the confusion here is because bind rolled both recursive and authoritative DNS servers into one daemon. Thankfully, unbound/nsd do not do this, though it does require a little bit more configuration if you need both services.

If you are setting up unbound and you want your local nsd-hosted zone to work along with Internet name resolution, the correct way to do that is via a stub zone configuration within unbound, and giving it the IP/port where nsd is running. This also lets your do split horizon configuration if you use the same domain publicly.

Edit: If you have a device that needs to use DHCP, but still want to use your own resolver (e.g. a SO/HO FreeBSD router running unbound), you can do that by setting overrides in /etc/dhclient.conf. This is what I do for my home FreeBSD router, and it lets me use my own private domain in order to name things.
 
Back
Top