I’m using nsd to be the authoritative nameserver for one of my domains. It’s been about a year and it has so far proven to be the perfect balance between reliability and fast feedback for what I’m doing. However, I need to change how I update the zone files.
As written, the zones for the nsd service are configured via services.nsd.zones in configuration.nix. This means that I need to do a “nixos-rebuild switch” every time I add, remove, or change a DNS entry. This works, but it is semantically perverse. The zones are not part of my system’s configuration. They are more like a database which an API queries to return results.
This is what I think I need to do to get the correct behavior:
- Edit these two lines in nsd.nix to prevent the zone files from getting overwritten;
- Somehow use this changed file instead of the original when I do a nixos-rebuild;
- Write the zone files to /var/lib/nsd/zones myself whenever they change;
- “systemctl restart nsd” as necessary.
Am I on the right track here? If so, can you point me to an example of doing step 2?