Recent Changes - Search:
Nsd /

NSD Zone Files

Zone files in nsd(8)

By default, the zone file for example.com for nsd(8) is located in /var/nsd/zones/master/example.com.

$ORIGIN

The first line of a zone file usually defines the $ORIGIN: 

$ORIGIN example.com.

Here, $ORIGIN is example.com. The $ORIGIN will be automatically (and implicitly) appended to every record to produce a fully qualified domain name.

Start of Authority

The next line of a zone file usually defines the Start of Authority (SOA) record: 

example.com.     3600   SOA   ns1.example.com. admin.example.com. (
                            2025072701   ; serial YYYYMMDDnn
                            1800        ; refresh
                            3600         ; retry
                            86400       ; expire
                            3600 )      ; minimum TTL

The Start of Authority record? says that the serial number was last updated on July 27th, 2025. It also defines the refresh interval to be 1800 seconds, the retry interval to be 3600 seconds, the record to expire after 1 day, and the minimum time to live to be 3600 seconds.

Adding records to zone files

Suppose you want to create an entry for subdomain.example.com.

First, open up the file /var/nsd/zones/master/example.com and add these two lines: 

subdomain    3600    IN      A       38.87.162.8  
             3600    IN      AAAA    2602:fccf:1:1008::

Then, you will want to update the serial number in the Start of Authority record: 

$ORIGIN example.com.
example.com.     3600   SOA   ns1.example.com. admin.example.com. (
                            2021072701   ; serial YYYYMMDDnn
                            1800        ; refresh
                            3600         ; retry
                            86400       ; expire
                            3600 )      ; minimum TTL

The serial number in a zone file is written in this form: YYYYMMDDnn. YYYY is the year, MM is the month, DD is the day, and nn are two digits. Here, 2021072701 tells us that this zone was written on July 27th, 2021. It was the 1st edit of that day.

After you add records, make sure to increase the serial number to the correct day. If multiple edits are made on the same day, increase the two-digit number by one.

Then, run doas nsd-control reload to reload the zone files.

Test the Results

After you update the zone file, make sure to test that the record has been updated: 

$ host subdomain.example.com
example.com has address 192.168.0.1
example.com has IPv6 address 2001:db8::

$ORIGIN

See the FQDN section.

Start of Authority

The start of authority record: 

example.com.     3600   SOA   ns1.example.com. admin.example.com. (

ns1.example.com. needs to be replaced by the nameserver responsible for this zone. admin.example.com. means that the email for the sysadmin responsible for this zone is admin@example.com. Note that the @ ("at") symbol is replaced with a period.