Note the differences in how the addresses must be formatted: ; ndb/csquery > tcp!ircnow.org!443 /net/tcp/clone 198.251.82.194!443 ; ndb/dnsquery > ircnow.org ipv6 ircnow.org ipv6 2605:6404:2d3:: Note: All addresses in plan 9 are IPv6 addresses. So an ipmask=/123 for an IPv4 address is actually an IPv4 /27 sub- net. Note: when you lookup a name using whatever nameserver is defined in /lib/ndb/local, if it's not found, ndb will recursively search the root nameservers to find the entry Most resolvers will normally give up, but ndb is really per- sistent. To run a caching DNS server, modify /cfg/$sysname/termrc or /cfg/$sysname/cpurc (whichever is appropriate) to include the following: ndb/dns -rLs Be aware that you must include -L to prevent users out- side the local network from being able to turn your caching server into an open relay for denial of service amplifica- tion attacks. -L provides a crude form of access control. Otherwise, you must firewall off access to prevent becoming an attack vector. You will want to add your records to /lib/ndb/local, similar to the following: sys=example.com ether=f2b2b3daeb89 ip=198.51.100.2 ipmask=255.255.255.0 ipgw=198.51.100.1 ntp=pool.ntp.org dns=198.51.100.1 auth=198.51.100.1 authdom=example.com dom=example.com soa= refresh=300 ttl=300 ns=ns1.example.com ns=ns2.example.com ip=198.51.100.2 dnsslave=ns2.example.com mb=postmaster@example.com mx=mail.example.com pref=5 txt="v=spf1 mx -all" sys=ns1 dom=ns1.example.com ip=198.51.100.2 sys=ns2 dom=ns2.example.com ip=198.51.100.2 sys=mail November 23, 2024 - 2 - dom=mail.example.com ip=198.51.100.2 sys=_dmarc dom=_dmarc.example.com txt="v=DMARC1; p=none" dom=p9auth.example.com cname=example.com dom=2.100.51.198.in-addr.arpa soa= refresh=300 ttl=300 ns=ns1.example.com ns=ns2.example.com Replace 198.51.100.1, 198.51.100.2, example.com, and postmaster@example.com with your actual values. NOTE: ndb is extremely sensitive to poorly formatted whites- pace! If ndb is not recognizing your tuples properly, double check your whitespace. NOTE: Make sure to define your tuple for sys=example.com in /lib/ndb/local right after the definition for localhost, before other tuples. Otherwise, the system might use the wrong subnet mask, causing routing issues. To refresh cs and dns after an update to /lib/ndb/local: echo -n refresh > /net/cs echo -n refresh > /net/dns Suppose you have a server example.com, and you want to dele- gate subdomain.example.com. In example.com, you need to have something like this in /lib/ndb/local: dom=subdomain.example.com soa=delegated ns=ns1.subdomain.example.com ns=ns2.subdomain.example.com dom=ns1.subdomain.example.com ip=198.51.100.3 dom=ns2.subdomain.example.com ip=198.51.100.4 Then, in subdomain.example.com, add this to /lib/ndb/local: sys=ns1 dom=ns1.subdomain.example.com ip=198.51.100.3 sys=ns2 dom=ns2.subdomain.example.com ip=198.51.100.4 dom=subdomain.example.com soa= refresh=300 ttl=300 ns=ns1.subdomain.example.com ns=ns2.subdomain.example.com ip=198.51.100.3 dnsslave=ns2.subdomain.example.com mb=username@subdomain.example.com mx=mail.subdomain.example.com txt="v=spf1 mx -all" November 23, 2024 - 3 - dom=3.100.51.198.in-addr.arpa soa= refresh=300 ttl=300 ns=ns1.subdomain.example.com ns=ns2.subdomain.example.com Note: If you are providing name delegation, you may need to remove the -L flag when starting ndb/dns. November 23, 2024