The ability to supplement the standard MiaB generated nsd.conf file with external NSD configuration files would enable many very important capabilities of NSD. This could be accomplished with a modest modification of the dns.sh file. In particular, line 52 could be replaced by new lines 52 to 63 as follows:
echo ’
# This include: directive is for use by expert Mail-in-a-Box users.
# Do not put any configuration files into /etc/nsd/includes/ unless
# you are certain that you know what you are doing. No support for
# such custom configurations will be provided by the developers of
# Mail-in-a-Box. See https://www.nlnetlabs.nl/projects/nsd/nsd.conf.5.html
# for more information about the NSD configuration file.
include: /etc/nsd/includes/*.conf’ >> /etc/nsd/nsd.conf;
mkdir -p “/etc/nsd/includes”;
It should be noted that NSD will not generate an error if the Include: directive finds neither the includes directory nor any files within it that are named with the .conf file name extension, so this modification cannot disrupt a standard MiaB installation. I have tested a dns.sh file modified as proposed in this Topic. It seems to work perfectly.
The following is an example of a critical need for this improvement: We have two DigitalOcean VPSs, one running MiaB, and the other running other services on FreeBSD. Both VPSs are running NSD. The other VPS should be configured as a NSD slave to the MiaB NSD master. That will enable the two VPSs to serve as the mandatory primary and secondary name servers for the domains served by MiaB. The zone updates between the two NSD servers should be protected for security. That is not possible with the current version of MiaB, which is v0.26c. With the proposed new standard MiaB nsd.conf file as created by the proposed modified dns.sh script, an external supplemental NSD configuration file could be added to the new includes directory that causes the zone update communications to be protected by a shared secret and be transmitted across the DigitalOcean private network that is only accessible by the VPSs within our firm’s DigitalOcean account.
If this improvement is incorporated into the standard release version of MiaB, then other configuration files automatically generated by MiaB could be considered for modification by addition of similar new include directives. That would enable new configuration options for advanced users while maintaining the simplicity of MiaB for most users and avoiding any new support burdens for the MiaB developers.
Further testing revealed that the version of NSD installed by MiaB does not handle wildcard includes as is described in the current online NSD documentation. The currently installed version of NSD is 4.0.1, released on Jan 27, 2014. As of the date of this writing, the current version of NSD is 4.1.19, released on Dec 11, 2017. The include: directive wildcard feature was introduced in version 4.1.0, released on Sep 4, 2014. To compensate for the lack of wildcard support, the dns.sh script must do more than what the code proposed above would do. The revised proposal is to replace line 52 of the dns.sh script file with new lines 52 to 78 as follows:
echo ‘
# This include: directive is for use by expert Mail-in-a-Box users.
# Do not put any configuration files into /etc/nsd/includes/ unless
# you are certain that you know what you are doing. No support for
# such custom configurations will be provided by the developers of
# Mail-in-a-Box. See https://www.nlnetlabs.nl/projects/nsd/nsd.conf.5.html
# for more information about the NSD configuration file.
include: /etc/nsd/includes/nsd-include.conf’ >> /etc/nsd/nsd.conf;
# Create the NSD configuration includes directory if it does not already exist.
mkdir -p “/etc/nsd/includes”;
# Create the nsd-include.conf file if it does not already exist.
# This ensures that the include: directive finds an includable configuration file.
if [ -f /etc/nsd/includes/nsd-include.conf ]; then
echo "The Name Server Daemon custom configuration file currently exists."
else
cat > /etc/nsd/includes/nsd-include.conf << EOF;
# This is the main NSD supplemental configuration file.
# Do not edit this file unless you are sure that you know what you are doing.
# No support for custom configurations will be provided by the Mail-in-a-Box developers.
EOF
echo “A Name Server Daemon custom configuration file has been created.”;
fi
This code is less elegant (especially with leading HT characters suppressed by this Discussion Forum system), yet it provides the badly needed functionality previously described. Supplemental configuration directives can be added to the automatically created nsd-include.conf file as needed. Also, additional include: directives can be added to the nsd-include.conf file to include other external configuration files. This functionality exposes the full range of NSD configuration options without modification of the nsd.conf file created by MiaB. Also, the new nsd-include.conf file provides another opportunity for caveats about the lack of support by MiaB developers and the need for independent expertise.