Skip to main content

Installing NSD

NSD can be installed via package managers on most systems, or built from source for custom configurations and the latest features.

System Requirements

Before installing NSD, ensure your system meets these requirements:

Operating System

NSD runs on Unix-like operating systems:
  • Linux (all major distributions)
  • FreeBSD, OpenBSD, NetBSD
  • macOS
  • Solaris

Hardware Requirements

Minimum requirements:
  • CPU: Any modern processor (64-bit recommended)
  • RAM: 512 MB minimum (scales with zone size)
  • Disk: 100 MB for binaries + space for zone files
Recommended for production:
  • Multi-core CPU for parallel query processing
  • 2+ GB RAM for large zone datasets
  • SSD storage for faster zone loading

Dependencies

NSD requires several libraries and tools:

Required Dependencies

1

C Toolchain

Compiler, linker, and assembler for building C code
# Debian/Ubuntu
sudo apt install build-essential

# RHEL/CentOS/Fedora
sudo yum groupinstall "Development Tools"

# macOS (via Xcode)
xcode-select --install
2

OpenSSL with Headers

Required for DNSSEC and TSIG cryptographic operations
# Debian/Ubuntu
sudo apt install libssl-dev

# RHEL/CentOS/Fedora
sudo yum install openssl-devel

# macOS
brew install openssl
3

libevent with Headers

Event notification library for high-performance I/O
# Debian/Ubuntu
sudo apt install libevent-dev

# RHEL/CentOS/Fedora
sudo yum install libevent-devel

# macOS
brew install libevent
4

Flex (Lexical Analyzer)

Generates lexical analyzers for config parsing
# Debian/Ubuntu
sudo apt install flex

# RHEL/CentOS/Fedora
sudo yum install flex

# macOS
brew install flex
5

Bison (Parser Generator)

Generates parsers for configuration files
# Debian/Ubuntu
sudo apt install bison

# RHEL/CentOS/Fedora
sudo yum install bison

# macOS
brew install bison

Optional Dependencies

For additional features:
  • libxdp, libbpf, libcap - For XDP (AF_XDP) socket support
  • protobuf-c - For dnstap logging support
  • systemd development files - For systemd integration

Installing from Packages

The easiest way to install NSD is through your system’s package manager.
Package manager versions may be outdated. Check nsd -v after installation to verify the version.
# Update package index
sudo apt update

# Install NSD
sudo apt install nsd

# Verify installation
nsd -v

Post-Installation Steps

After installing via package manager:
1

Check Installation

Verify NSD is installed correctly:
nsd -v
This shows version information and compile-time options.
2

Locate Configuration

Find where your package installed the config file:
# Common locations
ls -l /etc/nsd/nsd.conf
# or
ls -l /usr/local/etc/nsd/nsd.conf
3

Setup Control Keys

Generate keys for nsd-control:
sudo nsd-control-setup

Building from Source

Building from source gives you the latest version and full control over compile-time options.

Downloading the Source

1

Download Latest Release

Get the latest stable release from the NLnet Labs website:
# Download NSD 4.14.2 (check for latest version)
wget https://nlnetlabs.nl/downloads/nsd/nsd-4.14.2.tar.gz

# Verify checksum (optional but recommended)
wget https://nlnetlabs.nl/downloads/nsd/nsd-4.14.2.tar.gz.sha256
sha256sum -c nsd-4.14.2.tar.gz.sha256

# Extract the archive
tar xzf nsd-4.14.2.tar.gz
cd nsd-4.14.2
2

Or Clone from Git

For the development version:
# Clone the repository
git clone https://github.com/NLnetLabs/nsd.git
cd nsd

# Initialize submodules (includes simdzone)
git submodule update --init

# Generate configure script
autoreconf -fi
Older versions of autoreconf may not install auxiliary files. Run libtoolize -fi -c first if needed.

Compiling NSD

1

Install Build Dependencies

On Ubuntu/Debian:
sudo apt update
sudo apt install -y build-essential libssl-dev libevent-dev flex bison
2

Configure the Build

Run the configure script to check dependencies and set options:
./configure
The configure script will:
  • Check for required dependencies
  • Detect system capabilities
  • Set default installation paths
Use ./configure --help to see all available configuration options.
3

Compile the Source

Build NSD using make:
# Use -j4 to compile with 4 parallel jobs (adjust for your CPU)
make -j4
This may take a few minutes depending on your system.
4

Install the Binaries

Install NSD to your system:
sudo make install
By default, this installs to /usr/local/sbin/nsd.

Common Configure Options

Customize your build with configure options:
Configure options
./configure \
  --prefix=/usr/local \
  --sysconfdir=/etc \
  --localstatedir=/var \
  --with-configdir=/etc/nsd \
  --with-pidfile=/var/run/nsd.pid \
  --with-zonesdir=/etc/nsd/zones \
  --with-user=nsd \
  --enable-ratelimit \
  --enable-recvmmsg \
  --enable-nsec3 \
  --enable-minimal-responses
Key configure options:
  • --prefix=/path - Installation prefix (default: /usr/local)
  • --sysconfdir=/path - System configuration directory
  • --with-configdir=/path - NSD configuration directory
  • --with-user=username - User to run NSD as (default: nsd)
  • --with-libevent=/path - Path to libevent installation
  • --with-ssl=/path - Path to OpenSSL installation
  • --enable-ratelimit - Enable response rate limiting
  • --enable-recvmmsg - Enable recvmmsg/sendmmsg for better performance
  • --enable-nsec3 - Enable NSEC3 support (requires OpenSSL)
  • --enable-minimal-responses - Reduce response sizes to minimize truncation
  • --enable-xdp - Enable XDP support (requires libxdp, libbpf, libcap)
  • --enable-packed - Use packed structure alignment (less memory, unaligned reads)
  • --disable-ipv6 - Disable IPv6 support

Building with Advanced Features

XDP Support (Ultra-High Performance)

For maximum performance with AF_XDP sockets:
XDP build
# Install XDP dependencies (Ubuntu/Debian)
sudo apt install libxdp-dev libbpf-dev libcap-dev clang llvm

# Configure with XDP
./configure --enable-xdp

# Build and install
make -j4
sudo make install

DNStap Logging Support

For detailed query logging with dnstap:
DNStap build
# Install protobuf-c
sudo apt install libprotobuf-c-dev protobuf-c-compiler

# Configure with dnstap
./configure --enable-dnstap

# Build and install
make -j4
sudo make install

Testing the Installation

Verify your NSD build:
1

Check Version and Features

nsd -v
Output shows version and enabled features:
NSD 4.14.2

configured with:
  --enable-ratelimit
  --enable-recvmmsg
  --enable-nsec3
  --with-libevent
2

Run in Debug Mode

Test NSD runs without errors:
# Create minimal config for testing
sudo nsd -d -c /etc/nsd/nsd.conf -V 3
Options:
  • -d - Run in foreground (debug mode)
  • -c - Specify config file
  • -V 3 - Increase verbosity level
Press Ctrl+C to stop.
3

Verify Control Utility

Check nsd-control is working:
nsd-control -h

Creating the NSD User

For security, NSD should run as an unprivileged user:
Create nsd user
# Create system user and group
sudo useradd -r -s /bin/false -d /var/lib/nsd nsd

# Create necessary directories
sudo mkdir -p /var/lib/nsd /var/run/nsd /etc/nsd/zones

# Set ownership
sudo chown -R nsd:nsd /var/lib/nsd /var/run/nsd /etc/nsd/zones

Setting Up nsd-control

The nsd-control utility allows you to control NSD remotely:
1

Generate Control Keys

sudo nsd-control-setup
This generates:
  • /etc/nsd/nsd_server.key - Server private key
  • /etc/nsd/nsd_server.pem - Server certificate
  • /etc/nsd/nsd_control.key - Control private key
  • /etc/nsd/nsd_control.pem - Control certificate
2

Enable in Configuration

Add to /etc/nsd/nsd.conf:
remote-control:
    control-enable: yes
    control-interface: 127.0.0.1
    server-key-file: "/etc/nsd/nsd_server.key"
    server-cert-file: "/etc/nsd/nsd_server.pem"
    control-key-file: "/etc/nsd/nsd_control.key"
    control-cert-file: "/etc/nsd/nsd_control.pem"
3

Test Control Access

Start NSD and test control:
# Start NSD
sudo nsd-control start

# Check status
sudo nsd-control status

Systemd Integration

For systemd-based systems, create a service unit:
/etc/systemd/system/nsd.service
[Unit]
Description=NSD Authoritative DNS Server
After=network.target

[Service]
Type=forking
User=nsd
PIDFile=/var/run/nsd.pid
ExecStart=/usr/local/sbin/nsd -c /etc/nsd/nsd.conf
ExecReload=/usr/local/sbin/nsd-control reload
ExecStop=/usr/local/sbin/nsd-control stop
Restart=on-failure
RestartSec=5s

[Install]
WantedBy=multi-user.target
Enable and start: 
sudo systemctl daemon-reload
sudo systemctl enable nsd
sudo systemctl start nsd
sudo systemctl status nsd

Troubleshooting Installation

Configure Fails to Find OpenSSL

# Specify OpenSSL path explicitly
./configure --with-ssl=/usr/local/opt/openssl

Configure Fails to Find libevent

# Specify libevent path explicitly
./configure --with-libevent=/usr/local

Flex or Bison Not Found

Ensure both are installed: 
# Debian/Ubuntu
sudo apt install flex bison

# Verify
flex --version
bison --version

Permission Denied on Port 53

NSD needs root to bind to port 53, then drops privileges: 
# Start as root (it will drop to 'nsd' user)
sudo nsd

# Or use systemd/init system
sudo systemctl start nsd

Next Steps

Now that NSD is installed, proceed to configuration:

Quick Start Guide

Get NSD up and running with a basic configuration

Build docs developers (and LLMs) love

Get started for freeTalk to us