The ability to supplement the standard MiaB generated nsd.conf file with external NSD configuration files would enable many very important capabilities of NSD. This could be accomplished with a modest modification of the dns.sh file. In particular, line 52 could be replaced by new lines 52 to 63 as follows:
echo “include: /etc/nsd/zones.conf” >> /etc/nsd/nsd.conf;
echo " include: /etc/nsd/zones.conf" >> /etc/nsd/nsd.conf;
# This include: directive is for use by expert Mail-in-a-Box users.
# Do not put any configuration files into /etc/nsd/includes/ unless
# you are certain that you know what you are doing. No support for
# such custom configurations will be provided by the developers of
# Mail-in-a-Box. See https://www.nlnetlabs.nl/projects/nsd/nsd.conf.5.html
# for more information about the NSD configuration file.
include: /etc/nsd/includes/*.conf’ >> /etc/nsd/nsd.conf;
mkdir -p “/etc/nsd/includes”;
It should be noted that NSD will not generate an error if the Include: directive finds neither the includes directory nor any files within it that are named with the .conf file name extension, so this modification cannot disrupt a standard MiaB installation. I have tested a dns.sh file modified as proposed in this Topic. It seems to work perfectly.
The following is an example of a critical need for this improvement: We have two DigitalOcean VPSs, one running MiaB, and the other running other services on FreeBSD. Both VPSs are running NSD. The other VPS should be configured as a NSD slave to the MiaB NSD master. That will enable the two VPSs to serve as the mandatory primary and secondary name servers for the domains served by MiaB. The zone updates between the two NSD servers should be protected for security. That is not possible with the current version of MiaB, which is v0.26c. With the proposed new standard MiaB nsd.conf file as created by the proposed modified dns.sh script, an external supplemental NSD configuration file could be added to the new includes directory that causes the zone update communications to be protected by a shared secret and be transmitted across the DigitalOcean private network that is only accessible by the VPSs within our firm’s DigitalOcean account.
If this improvement is incorporated into the standard release version of MiaB, then other configuration files automatically generated by MiaB could be considered for modification by addition of similar new include directives. That would enable new configuration options for advanced users while maintaining the simplicity of MiaB for most users and avoiding any new support burdens for the MiaB developers.