NSD
Encyclopedia
In Internet computing, NSD (for "name server daemon") is an open-source
server
program
for the Domain Name System
. It was developed by NLnet Labs of Amsterdam
in cooperation with the RIPE NCC
, from scratch as an authoritative name server (i.e., not implementing the recursive caching function by design). The intention of this development is to add variance to the "gene pool" of DNS implementations
used by higher level name servers and thus increase the resilience of DNS against software flaws or exploits.
NSD uses BIND
-style zone-files (zone-files used under BIND can usually be used unmodified in NSD, once entered into the NSD configuration).
NSD uses zone information compiled via 'zonec' into a binary database file (nsd.db) which allows fast startup of the NSD name-service daemon, and allows syntax-structural errors in Zone-Files to be flagged at compile-time (before being made available to NSD service itself).
The collection of programs/processes that make-up NSD are designed so that the NSD daemon itself runs as a non-privileged user and can be easily configured to run in a Chroot jail, such that security flaws in the NSD daemon are not so likely to result in system-wide compromise as without such measures.
As of March, 2008, three of the Internet
root nameserver
s are using NSD:
Several other TLDs use NSD for part of their servers.
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
program
Computer program
A computer program is a sequence of instructions written to perform a specified task with a computer. A computer requires programs to function, typically executing the program's instructions in a central processor. The program has an executable form that the computer can use directly to execute...
for the Domain Name System
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
. It was developed by NLnet Labs of Amsterdam
Amsterdam
Amsterdam is the largest city and the capital of the Netherlands. The current position of Amsterdam as capital city of the Kingdom of the Netherlands is governed by the constitution of August 24, 1815 and its successors. Amsterdam has a population of 783,364 within city limits, an urban population...
in cooperation with the RIPE NCC
RIPE NCC
The Réseaux IP Européens Network Coordination Centre is the Regional Internet Registry for Europe, the Middle East and parts of Central Asia...
, from scratch as an authoritative name server (i.e., not implementing the recursive caching function by design). The intention of this development is to add variance to the "gene pool" of DNS implementations
used by higher level name servers and thus increase the resilience of DNS against software flaws or exploits.
NSD uses BIND
BIND
BIND , or named , is the most widely used DNS software on the Internet.On Unix-like operating systems it is the de facto standard.Originally written by four graduate students at the Computer Systems Research Group at the University of California, Berkeley , the name originates as an acronym from...
-style zone-files (zone-files used under BIND can usually be used unmodified in NSD, once entered into the NSD configuration).
NSD uses zone information compiled via 'zonec' into a binary database file (nsd.db) which allows fast startup of the NSD name-service daemon, and allows syntax-structural errors in Zone-Files to be flagged at compile-time (before being made available to NSD service itself).
The collection of programs/processes that make-up NSD are designed so that the NSD daemon itself runs as a non-privileged user and can be easily configured to run in a Chroot jail, such that security flaws in the NSD daemon are not so likely to result in system-wide compromise as without such measures.
As of March, 2008, three of the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
root nameserver
Root nameserver
A root name server is a name server for the Domain Name System's root zone. It directly answers requests for records in the root zone and answers other requests returning a list of the designated authoritative name servers for the appropriate top-level domain...
s are using NSD:
- k.root-servers.net was switched to NSD on February 19, 2003.
- One of the 2 load-balanced servers for h.root-servers.net (called "H1", "H2") was switched to NSD, and now there are 3 servers all running NSD (called "H1", "H2", "H3").
- l.root-servers.net switched to NSD on February 6, 2007.
Several other TLDs use NSD for part of their servers.