wm: doc

ref: d8e841de8404a534c5ea60446cc1b8d7dacb6b30
dir: /ndb.ms/

View raw version
Note the differences in how the addresses must be formatted:

.P1
; ndb/csquery
> tcp!ircnow.org!443
/net/tcp/clone 198.251.82.194!443

; ndb/dnsquery
> ircnow.org ipv6
ircnow.org ipv6	2605:6404:2d3::
.P2

.PP
Note: All addresses in plan 9 are IPv6 addresses. So an ipmask=/123 for an IPv4 address is actually an IPv4 /27 subnet.

Note: when you lookup a name using whatever nameserver is defined in /lib/ndb/local, if it's not found, ndb will recursively search the root nameservers to find the entry
Most resolvers will normally give up, but ndb is really persistent.

.PP
To run a caching DNS server, modify /cfg/$sysname/termrc or /cfg/$sysname/cpurc (whichever is appropriate) to include the following: 
.P1
ndb/dns -rLs
.P2
.PP
Be aware that you must include -L to prevent users outside the local network from being able to turn your caching server into an open relay for denial of service amplification attacks. -L provides a crude form of access control. Otherwise, you must firewall off access to prevent becoming an attack vector.

You will want to add your records to /lib/ndb/local, similar to the following:

sys=example.com ether=f2b2b3daeb89 ip=198.51.100.2 ipmask=255.255.255.0 ipgw=198.51.100.1
	ntp=pool.ntp.org
	dns=198.51.100.1
	auth=198.51.100.1
	authdom=example.com

dom=example.com soa=
	refresh=300 ttl=300
	ns=ns1.example.com
	ns=ns2.example.com
	ip=198.51.100.2
	dnsslave=ns2.example.com
	mb=postmaster@example.com
	mx=mail.example.com pref=5
	txt="v=spf1 mx -all"

sys=ns1 dom=ns1.example.com ip=198.51.100.2
sys=ns2 dom=ns2.example.com ip=198.51.100.2
sys=mail dom=mail.example.com ip=198.51.100.2
sys=_dmarc dom=_dmarc.example.com txt="v=DMARC1; p=none"
dom=p9auth.example.com
	cname=example.com

dom=2.100.51.198.in-addr.arpa soa=
	refresh=300 ttl=300
	ns=ns1.example.com
	ns=ns2.example.com


Replace 198.51.100.1, 198.51.100.2, example.com, and postmaster@example.com with your actual values.

NOTE: ndb is extremely sensitive to poorly formatted whitespace! If ndb is not recognizing your tuples properly, double check your whitespace.

NOTE: Make sure to define your tuple for sys=example.com in /lib/ndb/local right after the definition for localhost, before other tuples. Otherwise, the system might use the wrong subnet mask, causing routing issues.

To refresh cs and dns after an update to /lib/ndb/local:

.P1
echo -n refresh > /net/cs
echo -n refresh > /net/dns
.P2

Suppose you have a server example.com, and you want to delegate subdomain.example.com.

In example.com, you need to have something like this in /lib/ndb/local:

dom=subdomain.example.com soa=delegated
    ns=ns1.subdomain.example.com
    ns=ns2.subdomain.example.com
    dom=ns1.subdomain.example.com ip=198.51.100.3
    dom=ns2.subdomain.example.com ip=198.51.100.4

Then, in subdomain.example.com, add this to /lib/ndb/local:

sys=ns1 dom=ns1.subdomain.example.com ip=198.51.100.3
sys=ns2 dom=ns2.subdomain.example.com ip=198.51.100.4

dom=subdomain.example.com soa=
         refresh=300 ttl=300
         ns=ns1.subdomain.example.com
         ns=ns2.subdomain.example.com
         ip=198.51.100.3
         dnsslave=ns2.subdomain.example.com
         mb=username@subdomain.example.com
         mx=mail.subdomain.example.com
         txt="v=spf1 mx -all"

dom=3.100.51.198.in-addr.arpa soa=
   refresh=300 ttl=300
   ns=ns1.subdomain.example.com
   ns=ns2.subdomain.example.com

.PP
Note: If you are providing name delegation, you may need to remove
the -L flag when starting ndb/dns.