ref: 872552b3dc5e0872a6382f7b1e7b02df191508ec
dir: /ndb.ms/
Note the differences in how the addresses must be formatted: .P1 ; ndb/csquery > tcp!ircnow.org!443 /net/tcp/clone 198.251.82.194!443 ; ndb/dnsquery > ircnow.org ipv6 ircnow.org ipv6 2605:6404:2d3:: .P2 .PP Note: All addresses in plan 9 are IPv6 addresses. So an ipmask=/123 for an IPv4 address is actually an IPv4 /27 subnet. Note: when you lookup a name using whatever nameserver is defined in /lib/ndb/local, if it's not found, ndb will recursively search the root nameservers to find the entry Most resolvers will normally give up, but ndb is really persistent. .PP To run a caching DNS server, modify /cfg/$sysname/termrc or /cfg/$sysname/cpurc (whichever is appropriate) to include the following: .P1 ndb/dns -rLs .P2 .PP Be aware that you must include -L to prevent users outside the local network from being able to turn your caching server into an open relay for denial of service amplification attacks. -L provides a crude form of access control. Otherwise, you must firewall off access to prevent becoming an attack vector. You will want to add your records to /lib/ndb/local, similar to the following: sys=example.com ether=f2b2b3daeb89 ip=198.51.100.2 ipmask=255.255.255.0 ipgw=198.51.100.1 ntp=pool.ntp.org dns=198.51.100.1 auth=198.51.100.1 authdom=example.com dom=example.com soa= refresh=300 ttl=300 ns=ns1.example.com ns=ns2.example.com ip=198.51.100.2 dnsslave=ns2.example.com mb=postmaster@example.com mx=mail.example.com pref=5 txt="v=spf1 mx -all" sys=ns1 dom=ns1.example.com ip=198.51.100.2 sys=ns2 dom=ns2.example.com ip=198.51.100.2 sys=mail dom=mail.example.com ip=198.51.100.2 sys=_dmarc dom=_dmarc.example.com txt="v=DMARC1; p=none" dom=p9auth.example.com cname=example.com dom=2.100.51.198.in-addr.arpa soa= refresh=300 ttl=300 ns=ns1.example.com ns=ns2.example.com Replace 198.51.100.1, 198.51.100.2, example.com, and postmaster@example.com with your actual values. NOTE: ndb is extremely sensitive to poorly formatted whitespace! If ndb is not recognizing your tuples properly, double check your whitespace. NOTE: Make sure to define your tuple for sys=example.com in /lib/ndb/local right after the definition for localhost, before other tuples. Otherwise, the system might use the wrong subnet mask, causing routing issues. To refresh cs and dns after an update to /lib/ndb/local: .P1 echo -n refresh > /net/cs echo -n refresh > /net/dns .P2 Suppose you have a server example.com, and you want to delegate subdomain.example.com. In example.com, you need to have something like this in /lib/ndb/local: dom=subdomain.example.com soa=delegated ns=ns1.subdomain.example.com ns=ns2.subdomain.example.com dom=ns1.subdomain.example.com ip=198.51.100.3 dom=ns2.subdomain.example.com ip=198.51.100.4 Then, in subdomain.example.com, add this to /lib/ndb/local: sys=ns1 dom=ns1.subdomain.example.com ip=198.51.100.3 sys=ns2 dom=ns2.subdomain.example.com ip=198.51.100.4 dom=subdomain.example.com soa= refresh=300 ttl=300 ns=ns1.subdomain.example.com ns=ns2.subdomain.example.com ip=198.51.100.3 dnsslave=ns2.subdomain.example.com mb=username@subdomain.example.com mx=mail.subdomain.example.com txt="v=spf1 mx -all" dom=3.100.51.198.in-addr.arpa soa= refresh=300 ttl=300 ns=ns1.subdomain.example.com ns=ns2.subdomain.example.com .PP Note: If you are providing name delegation, you may need to remove the -L flag when starting ndb/dns.