NSD allows dynamic zone management through nsd-control. Zones can be added, removed, or changed without editing the configuration file or restarting the server.
Overview
Zone management commands work with the zonelist file, which stores zones added dynamically. These zones persist across restarts.
Zones defined directly in nsd.conf cannot be managed dynamically. They must be modified in the configuration file and applied with nsd-control reconfig.
Adding Zones
addzone
Add a new zone to the running server:
nsd-control addzone <zone name> <pattern name>
zone name - Fully qualified domain name (e.g., example.com)pattern name - Name of an existing pattern in nsd.conf
Example:
nsd-control addzone example.com secondary-pattern
- Adds the zone to the zonelist file on disk
- Loads the zone into memory
- For secondary zones: immediately attempts zone transfer
- For zones with zone files: reads the zone file
Output:
The specified pattern must already exist in nsd.conf. If it doesn’t exist, the command will fail with:error pattern <name> does not exist
addzones
Add multiple zones at once (bulk operation):
Reads zone definitions from stdin, one per line:
zone1.example.com pattern1
zone2.example.com pattern2
zone3.example.com pattern1
<Ctrl+D>
added: zone1.example.com
added: zone2.example.com
added: zone3.example.com
added 3 zones
-
Start the command:
-
Enter zone definitions (one per line):
example.com primary-pattern
sub.example.com secondary-pattern
-
Press Ctrl+D to finish
-
Review the results:
added: example.com
added: sub.example.com
added 2 zones
Deleting Zones
delzone
Remove a zone from the running server:
nsd-control delzone <zone name>
nsd-control delzone example.com
- Removes the zone from the zonelist file on disk
- Removes the zone from the
nsd.db file
- Removes the zone from memory
- Leaves the zone file on disk (if it exists)
Zones configured inside nsd.conf itself cannot be removed this way. To delete such zones:
- Remove them from
nsd.conf
- Run
nsd-control reconfig
delzones
Remove multiple zones at once (bulk operation):
Reads zone names from stdin, one per line:
zone1.example.com
zone2.example.com
zone3.example.com
<Ctrl+D>
removed: zone1.example.com
removed: zone2.example.com
removed: zone3.example.com
deleted 3 zones
Changing Zones
changezone
Change a zone to use a different pattern:
nsd-control changezone <zone name> <pattern name>
nsd-control changezone example.com new-pattern
- Deletes the old zone configuration
- Adds the zone with the new pattern
- Both operations happen in one reload cycle
- No downtime for the zone
Use cases:
- Switch from primary to secondary (or vice versa)
- Change notify targets
- Update request-xfr settings
- Modify ACLs
Zones configured in nsd.conf cannot be changed this way. Instead:
- Edit the pattern in
nsd.conf (or the included file)
- Run
nsd-control reconfig
Zone Patterns
Before adding zones, you need to define patterns in nsd.conf.
Primary Zone Pattern
pattern:
name: "primary-pattern"
zonefile: "/var/nsd/zones/%s.zone"
notify: 192.0.2.1 NOKEY
notify: 192.0.2.2 NOKEY
provide-xfr: 192.0.2.1 NOKEY
provide-xfr: 192.0.2.2 NOKEY
nsd-control addzone example.com primary-pattern
Secondary Zone Pattern
pattern:
name: "secondary-pattern"
zonefile: "/var/nsd/zones/secondary/%s.zone"
request-xfr: AXFR 192.0.2.53 NOKEY
allow-notify: 192.0.2.53 NOKEY
nsd-control addzone sub.example.com secondary-pattern
Checking Zone Status
After adding or modifying zones, check their status:
nsd-control zonestatus example.com
zone: example.com
state: primary
zone: sub.example.com
pattern: secondary-pattern
state: ok
served-serial: "2024030801 since 2024-03-08 10:15:23"
commit-serial: "2024030801 since 2024-03-08 10:15:23"
Working with Zonelist File
The zonelist file stores dynamically added zones. Location is typically:
/var/nsd/zone.list- Or as configured in
nsd.conf with zonelist-file
Format (one zone per line):
Example:
example.com primary-pattern
sub.example.com secondary-pattern
test.com primary-pattern
Do not edit the zonelist file manually while NSD is running. Use nsd-control commands instead.
Common Workflows
Adding a New Primary Zone
-
Create the zone file:
vi /var/nsd/zones/newzone.com.zone
-
Add the zone:
nsd-control addzone newzone.com primary-pattern
-
Verify:
nsd-control zonestatus newzone.com
-
Test:
dig @localhost newzone.com SOA
Adding a New Secondary Zone
-
Add the zone:
nsd-control addzone newsecondary.com secondary-pattern
-
Check transfer status:
nsd-control zonestatus newsecondary.com
state: refreshing
transfer: "sent UDP to 192.0.2.53"
-
After transfer completes:
nsd-control zonestatus newsecondary.com
state: ok
served-serial: "2024030801 since 2024-03-08 10:20:15"
Converting Primary to Secondary
-
Create a secondary pattern if needed (in
nsd.conf)
-
Change the zone:
nsd-control changezone example.com secondary-pattern
-
Zone transfer begins immediately
-
Verify:
nsd-control zonestatus example.com
Bulk Zone Addition from File
-
Create a file with zone definitions:
cat zones.txt
zone1.example.com pattern1
zone2.example.com pattern1
zone3.example.com pattern2
-
Add all zones:
cat zones.txt | nsd-control addzones
-
Verify:
Catalog Zones
NSD supports DNS catalog zones for automatic zone provisioning.
Catalog member zones (zones added via catalog) cannot be managed with addzone, delzone, or changezone. They are managed through the catalog zone itself.Attempting to delete a catalog member will produce:Error: Zone is a catalog consumer member zone with id <member-id>
Remove the member id from the catalog to delete this zone.
Error Messages
Pattern does not exist
error pattern secondary-pattern does not exist
nsd.conf or create the pattern first.
Zone already exists
zone example.com already exists
changezone to modify the existing zone, or delete it first.
Zone defined in nsd.conf
error zone defined in nsd.conf, cannot delete it in this manner:
remove it from nsd.conf yourself and reconfig
nsd.conf and run nsd-control reconfig.
Zone not present
warning zone example.com not present
Cannot parse zone name
error cannot parse zone name 'invalid..com'
See Also
