# Pointers on NSD



## zongosaiba (Dec 4, 2013)

Greetings to all,

I hope this message finds you all well.

I am looking for some pointers as far as installing NSD on FreeBSD. I am in the process of migrating my current settings: OS X Server to FreeBSD 9.2. I am on the testing phase a we speak. I have already migrated Unbound and I have to say that it runs like a charm, but for NSD I find myself a bit short. I did compile NSD from scratch as per prior settings (OS X) but it looks like I need to create the user 'NSD'. This is where I have my doubt. Do I create a normal user and therefore would have to go through the standard process of creating a user as per FreeBSD documentation? Or is there a different process I need to use? 'NSD is not a typical user.  I read the documentation online and could not find anything that relates to creating processes/PIDs. 

Thanking you in advance.

zongo saiba


----------



## kpa (Dec 4, 2013)

Are you compiling it from ports(7) using the FreeBSD port dns/nsd? The port should create the necessary users on installation.


----------



## zongosaiba (Dec 4, 2013)

@kpa, thanks for your reply but it does not for NSD. It did for Unbound. 'nlnetlabs' state on their website that when you compile from scratch, it does not create the user for Unix platforms. Most of all, when *I* issued the command line `nsd-control start` *I* got a response ' user nsd does not exist'.  

zongo saiba


----------



## kpa (Dec 4, 2013)

I just installed it myself and it just worked. I'm on FreeBSD 10 but that shouldn't matter much. The port seems to use the existing bind user for some reason that I don't quite understand. Basically I did:

`pkg install nsd`

(I use my own package repository, you can install from ports just as well)

`echo 'nsd_enable="YES"' >>/etc/rc.conf`
`cp /usr/local/etc/nsd/nsd.conf.sample /usr/local/etc/nsd/nsd.conf`
`chmod 640 /usr/local/etc/nsd/nsd.conf`

Then I edited the configuration to enable the remote control:


```
control-enable: yes
```

And then:

`service nsd start`
`nsd-control-setup`
`nsd-control status`


```
# nsd-control status           
version: 4.0.0
verbosity: 0
ratelimit: 200
#
```


----------



## zongosaiba (Dec 4, 2013)

Thanks again @kpa for taking the time. After reading your post, I have no clues as far as why the NSD user has not been created and needs to be if I want to start NSD.  
I compiled from ports by just going into ports /usr/ports/dns/nsd and then issued a `make install clean`. It compiled with no error message. I did configure NSD and ran `nsd-control-setup` with no issue. When I ran `nsd-control start` I got 
	
	



```
usr nsd does not exist'
```
 I am using FreeBSD 9.2 in a VM (VMware Workstation 10) for testing purposes. So it's back to the drawing board  I have been using FreeBSD for a couple of days and am already learning a lot - that is really nice.


----------



## kpa (Dec 4, 2013)

Start the service with `service nsd start`, does that work?

Also, are you setting the user in /usr/local/etc/nsd/nsd.conf? If you are you should probably use the bind user.


----------



## zongosaiba (Dec 5, 2013)

`service nsd start` still gives me the error 
	
	



```
user nsd does not exist
```

I am setting the user in /usr/local/etc/nsd/nsd.conf. If I use user bind and try to start BIND with `/etc/rc.d/named onestart` the response is that named is already running. Now why would I be using BIND instead of NSD? Plus, it tells me that BIND is already running. It seems that it is pre-configured in FreeBSD as I have not set up BIND.  I am really confused  Since I am far from being proficient on the FreeBSD platform, that makes it even more confusing.


----------



## kpa (Dec 5, 2013)

No no, what I meant is that if you want to use the username bind set it in nsd.conf like this:


```
username: bind
```

The /etc/rc.d/named script is solely for the built-in BIND, it can not be used with the dns/nsd port in any way. The proper startup script for dns/nsd is /usr/local/etc/rc.d/nsd and it's easiest to just use `service nsd start|stop|restart|status|rcvar|etc` to start/stop etc. the daemon.

Disable the username in nsd.conf for now and let the daemon run with root privileges so that you can get it at least working in some way and then do the finetuning later when you are more familiar with FreeBSD.


----------



## zongosaiba (Dec 5, 2013)

Ok, so I dropped the user name nsd in the configuration file. I issued the command `service nsd start` and nsd started with no issue. So I have to come back to my first post where I asked the question if I needed to create the user nsd? I asked the question because that is exactly what I had to do on OS X Server. I would rather have nsd starts as user nsd. What really puzzles me here is nsd did not compile like Unbound? I had no issue with unbound and when compiled it had created the UID, GID, and groups. For the sake of me going to bed smarter than the day before, I would like to know where the issue was. Or did I omit something or made a mistake somewhere?

Thanks @kpa*.*

zongo saiba


----------



## kpa (Dec 5, 2013)

I don't know for sure but the port maintainer might have thought that creating yet another user would be redundant since there's already the bind user for the base system BIND that is used for a similar DNS server daemon. In my opinion it's not a good solution because the bind user might go away in FreeBSD 10 because BIND is now otherwise completely gone from the base system in FreeBSD 10.


----------



## zongosaiba (Dec 5, 2013)

I was listening to bsdnow and Alan was saying that BIND is supposed to be gone by FreeBSD 10 as you mentioned.  Nevertheless, I have changed to user bind and nsd is running smoothly. Thanks again @kpa for taking the time and helping me with that issue. So now let*'*s say that I wish to create the nsd user with proper GID, groups, and UDI. How would I go about doing that on FreeBSD? Do I follow the manual for creating a new user or is there a specific way of doing it?


----------



## kpa (Dec 5, 2013)

Using pw(8) is the recommended way:

`pw groupadd nsd`
`pw useradd nsd -g nsd -d /usr/local/etc/nsd -s /usr/sbin/nologin`

Something like that. 

However, I'd report this to the port maintainer (`make -C /usr/ports/dns/nsd maintainer`) via a problem report at http://www.freebsd.org/send-pr.html and ask him to properly use a separate user and group for the port.


----------

