hi,
I'd like some advice how to set the default configuration for NSD in OpenBSD.
Some background information:
- NSD stores all zone data in a database, nsd.db. This file is opened
read-only by nsd(8), while running chrooted in /var/nsd.
- Incoming zone transfers are written to ixfr.db by nsd(8), then processed
into the text-based zone files and nsd.db by nsd-patch(8).
- Local (master) zones are written compiled into nsd.db by nsd-zonec(8).
- nsd(8) also keeps some internal state in the xfrd.state file, as well as a
pid-file.
Where do we store these files? And what user should we to access them.
Currently, nsd(8) runs as user _nsd, and nsd-{patch,zonec}(8) usually run as
root. All files are stored in /var/nsd.
I could thing of various setups here, like putting all files that nsd(8) needs
to write to in a separate subdir of /var/nsd. One can run nsd-{patch,zonec}(8)
as _nsd, root or a separate user.
How complex do we want (and need) this to be? What level of separation seems
like a reasonable default?
jakob
