ref: 3461629bdae8138029de731ed5c38d699f1e5abf
dir: /ndb.ms/
Note the differences in how the addresses must be formatted:
.P1
; ndb/csquery
> tcp!ircnow.org!443
/net/tcp/clone 198.251.82.194!443
; ndb/dnsquery
> ircnow.org ipv6
ircnow.org ipv6 2605:6404:2d3::
.P2
.PP
Note: All addresses in plan 9 are IPv6 addresses. So an ipmask=/123 for an IPv4 address is actually an IPv4 /27 subnet.
Note: when you lookup a name using whatever nameserver is defined in /lib/ndb/local, if it's not found, ndb will recursively search the root nameservers to find the entry
Most resolvers will normally give up, but ndb is really persistent.
.PP
To run a caching DNS server, modify /cfg/$sysname/termrc or /cfg/$sysname/cpurc (whichever is appropriate) to include the following:
.P1
ndb/dns -rLs
.P2
.PP
Be aware that you must include -L to prevent users outside the local network from being able to turn your caching server into an open relay for denial of service amplification attacks. -L provides a crude form of access control. Otherwise, you must firewall off access to prevent becoming an attack vector.
You will want to add your records to /lib/ndb/local, similar to the following:
sys=example.com ether=f2b2b3daeb89 ip=198.51.100.2 ipmask=255.255.255.0 ipgw=198.51.100.1
ntp=pool.ntp.org
dns=198.51.100.1
auth=198.51.100.1
authdom=example.com
dom=example.com soa=
refresh=300 ttl=300
ns=ns1.example.com
ns=ns2.example.com
ip=198.51.100.2
dnsslave=ns2.example.com
mb=postmaster@example.com
mx=mail.example.com pref=5
txt="v=spf1 mx -all"
sys=ns1 dom=ns1.example.com ip=198.51.100.2
sys=ns2 dom=ns2.example.com ip=198.51.100.2
sys=mail dom=mail.example.com ip=198.51.100.2
sys=_dmarc dom=_dmarc.example.com txt="v=DMARC1; p=none"
dom=p9auth.example.com
cname=example.com
dom=2.100.51.198.in-addr.arpa soa=
refresh=300 ttl=300
ns=ns1.example.com
ns=ns2.example.com
Replace 198.51.100.1, 198.51.100.2, example.com, and postmaster@example.com with your actual values.
NOTE: ndb is extremely sensitive to poorly formatted whitespace! If ndb is not recognizing your tuples properly, double check your whitespace.
To refresh cs and dns after an update to /lib/ndb/local:
.P1
echo -n refresh > /net/cs
echo -n refresh > /net/dns
.P2
Suppose you have a server example.com, and you want to delegate subdomain.example.com.
In example.com, you need to have something like this in /lib/ndb/local:
dom=subdomain.example.com soa=delegated
ns=ns1.subdomain.example.com
ns=ns2.subdomain.example.com
dom=ns1.subdomain.example.com ip=198.51.100.3
dom=ns2.subdomain.example.com ip=198.51.100.4
Then, in subdomain.example.com, add this to /lib/ndb/local:
sys=ns1 dom=ns1.subdomain.example.com ip=198.51.100.3
sys=ns2 dom=ns2.subdomain.example.com ip=198.51.100.4
dom=subdomain.example.com soa=
refresh=300 ttl=300
ns=ns1.subdomain.example.com
ns=ns2.subdomain.example.com
ip=198.51.100.3
dnsslave=ns2.subdomain.example.com
mb=username@subdomain.example.com
mx=mail.subdomain.example.com
txt="v=spf1 mx -all"
dom=3.100.51.198.in-addr.arpa soa=
refresh=300 ttl=300
ns=ns1.subdomain.example.com
ns=ns2.subdomain.example.com