diff options
Diffstat (limited to 'network')
-rw-r--r-- | network/nsd/README | 19 | ||||
-rw-r--r-- | network/nsd/doinst.sh | 28 | ||||
-rw-r--r-- | network/nsd/localhost.zone | 11 | ||||
-rw-r--r-- | network/nsd/nsd.SlackBuild | 153 | ||||
-rw-r--r-- | network/nsd/nsd.conf | 319 | ||||
-rw-r--r-- | network/nsd/nsd.info | 10 | ||||
-rw-r--r-- | network/nsd/nsd.logrotate | 11 | ||||
-rw-r--r-- | network/nsd/rc.nsd | 50 | ||||
-rw-r--r-- | network/nsd/slack-desc | 19 |
9 files changed, 620 insertions, 0 deletions
diff --git a/network/nsd/README b/network/nsd/README new file mode 100644 index 0000000000000..1b774e071ee4d --- /dev/null +++ b/network/nsd/README @@ -0,0 +1,19 @@ +NSD is being developed with the purpose of creating more diversity in the +DNS landscape. Secondly we want to create a fast, modern, RFC compliant +nameserver. + +NSD requires its own user in order to run securely. It is not advised to +run services as root user without special reason. + + +To add NSD user in system run as root: + +# groupadd -g 336 nsd +# useradd -u 336 -d /var/lib/nsd -g nsd -s /bin/false nsd + + +In order to run NSD during boot process, add to /etc/rc.d/rc.local : + +if [ -x /etc/rc.d/rc.nsd ]; then + /etc/rc.d/rc.nsd start +fi diff --git a/network/nsd/doinst.sh b/network/nsd/doinst.sh new file mode 100644 index 0000000000000..99c48b57d1970 --- /dev/null +++ b/network/nsd/doinst.sh @@ -0,0 +1,28 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +preserve_perms etc/rc.d/rc.nsd.new +preserve_perms etc/nsd/nsd.conf.new +preserve_perms var/lib/nsd/zones/master/localhost.zone.new +preserve_perms etc/logrotate.d/nsd.new diff --git a/network/nsd/localhost.zone b/network/nsd/localhost.zone new file mode 100644 index 0000000000000..c47baf5f1f7db --- /dev/null +++ b/network/nsd/localhost.zone @@ -0,0 +1,11 @@ +$TTL 86400 +$ORIGIN localhost. +@ 1D IN SOA @ root ( + 42 ; serial (d. adams) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum + + 1D IN NS @ + 1D IN A 127.0.0.1 diff --git a/network/nsd/nsd.SlackBuild b/network/nsd/nsd.SlackBuild new file mode 100644 index 0000000000000..7db9129e99aaf --- /dev/null +++ b/network/nsd/nsd.SlackBuild @@ -0,0 +1,153 @@ +#!/bin/sh + +# Slackware build script for YADIFA, Authoritative DNS server + +# Copyright (c) 2016, Sergey Fedosov <eleksir@gmail.com> +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=nsd +USER=$PRGNAM +GROUP=$PRGNAM +VERSION=${VERSION:-4.1.13} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if ! grep -q "^nsd:" /etc/group; then + echo "$0: Error: $PRGNAM group ($GROUP) doesn't exist." + echo "$0: Try creating one with:" + echo " # groupadd -g 336 $GROUP" + exit 1 +fi + +if ! grep -q "^nsd:" /etc/passwd; then + echo "$0: Error: $PRGNAM user ($GROUP) doesn't exist." + echo "$0: Try creating one with:" + echo " # useradd -u 336 -d /var/lib/$USER -g $GROUP -s /bin/false $USER" + exit 1 +fi + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i586 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf "$PKG" +mkdir -p "$TMP" "$PKG" "$OUTPUT" +cd "$TMP" +rm -rf "$PRGNAM-$VERSION" +tar xvf "$CWD/$PRGNAM-$VERSION.tar.gz" +cd "$PRGNAM-$VERSION" +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ +--prefix=/usr \ +--bindir=/usr/bin \ +--sbindir=/usr/sbin \ +--libexecdir=/usr/libexec \ +--sysconfdir=/etc \ +--localstatedir=/var \ +--libdir=/usr/lib \ +--enable-ratelimit \ +--enable-ratelimit-default-is-off \ +--with-nsd_conf_file="/etc/$PRGNAM/$PRGNAM.conf" \ +--with-configdir="/var/lib/$USER" \ +--with-logfile="/var/log/$PRGNAM/$PRGNAM.log" \ +--with-pidfile="/var/run/$PRGNAM/$PRGNAM.pid" \ +--with-dbfile="/var/lib/$USER/$PRGNAM.db" \ +--with-zonesdir="/var/lib/$USER/zones" \ +--with-xfrdfile="/var/lib/$USER/$PRGNAM.xfrd" \ +--with-zonelistfile="/var/lib/$USER/$PRGNAM.zones" \ +--with-xfrdir="/var/lib/$USER/xfrd" \ +--with-user=$USER + +make +make install DESTDIR="$PKG" + +find "$PKG" -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +mv $PKG/usr/share/man $PKG/usr/ +find "$PKG/usr/man" -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s "$( readlink $i ).gz" "$i.gz" ; rm "$i" ; done + +mkdir -p "$PKG/usr/doc/$PRGNAM-$VERSION" +install --mode=644 "$CWD/$PRGNAM.SlackBuild" "$PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild" + +mkdir -p "$PKG/install" +install --mode=644 "$CWD/slack-desc" "$PKG/install/slack-desc" +install --mode=644 "$CWD/doinst.sh" "$PKG/install/doinst.sh" + +mkdir -p "$PKG/etc/rc.d" +install --mode=644 "$CWD/rc.$PRGNAM" "$PKG/etc/rc.d/rc.$PRGNAM.new" + +mkdir -p "$PKG/var/run/$PRGNAM" +chown $USER:$GROUP "$PKG/var/run/$PRGNAM" + +mkdir -p "$PKG/var/log/$PRGNAM" +chown $USER:$GROUP "$PKG/var/log/$PRGNAM" + +chown -R $USER:$GROUP "$PKG/var/lib/$USER" + +mkdir -p "$PKG/etc/$PRGNAM" +install --mode=644 "$CWD/$PRGNAM.conf" "$PKG/etc/$PRGNAM/${PRGNAM}.conf.new" + +mkdir -p $PKG/etc/logrotate.d +install --mode=644 $CWD/nsd.logrotate $PKG/etc/logrotate.d/nsd.new + +# remove empty file +rm -rf "$PKG/etc/$PRGNAM/$PRGNAM.conf.sample" + +# add sample zone +mkdir -p "$PKG/var/lib/$USER/zones/master" +install --mode=644 "$CWD/localhost.zone" "$PKG/var/lib/$USER/zones/master/localhost.zone.new" + +cd "$PKG" +/sbin/makepkg -l y -c n "$OUTPUT/$PRGNAM-${VERSION}-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}" diff --git a/network/nsd/nsd.conf b/network/nsd/nsd.conf new file mode 100644 index 0000000000000..8e691e1923a94 --- /dev/null +++ b/network/nsd/nsd.conf @@ -0,0 +1,319 @@ +# +# nsd.conf -- the NSD(8) configuration file, nsd.conf(5). +# +# Copyright (c) 2001-2011, NLnet Labs. All rights reserved. +# +# See LICENSE for the license. +# + +# This is a comment. +# Sample configuration file +# include: "file" # include that file's text over here. Globbed, "*.conf" + +# options for the nsd server +server: + # Number of NSD servers to fork. Put the number of CPUs to use here. + # server-count: 1 + + # uncomment to specify specific interfaces to bind (default are the + # wildcard interfaces 0.0.0.0 and ::0). + # For servers with multiple IP addresses, list them one by one, + # or the source address of replies could be wrong. + # Use ip-transparent to be able to list addresses that turn on later. + # ip-address: 1.2.3.4 + # ip-address: 1.2.3.4@5678 + # ip-address: 12fe::8ef0 + + # Allow binding to non local addresses. Default no. + # ip-transparent: no + + # Allow binding to addresses that are down. Default no. + # ip-freebind: no + + # use the reuseport socket option for performance. Default no. + # reuseport: no + reuseport: yes + + # enable debug mode, does not fork daemon process into the background. + # debug-mode: no + + # listen on IPv4 connections + # do-ip4: yes + + # listen on IPv6 connections + # do-ip6: yes + + # port to answer queries on. default is 53. + # port: 53 + + # Verbosity level. + # verbosity: 0 + + # After binding socket, drop user privileges. + # can be a username, id or id.gid. + # username: nsd + username: nsd + + # Run NSD in a chroot-jail. + # make sure to have pidfile and database reachable from there. + # by default, no chroot-jail is used. + # chroot: "/var/lib/nsd" + + # The directory for zonefile: files. The daemon chdirs here. + # zonesdir: "/var/lib/nsd/zones" + + # the list of dynamically added zones. + # zonelistfile: "/var/lib/nsd/nsd.zones" + + # the database to use + # if set to "" then no disk-database is used, less memory usage. + # database: "/var/lib/nsd/nsd.db" + database: "" + + # log messages to file. Default to stderr and syslog (with + # facility LOG_DAEMON). stderr disappears when daemon goes to bg. + logfile: "/var/log/nsd/nsd.log" + + # File to store pid for nsd in. + pidfile: "/var/run/nsd/nsd.pid" + + # The file where secondary zone refresh and expire timeouts are kept. + # If you delete this file, all secondary zones are forced to be + # 'refreshing' (as if nsd got a notify). Set to "" to disable. + xfrdfile: "/var/lib/nsd/nsd.xfrd" + + # The directory where zone transfers are stored, in a subdir of it. + xfrdir: "/var/lib/nsd/xfrd" + + # don't answer VERSION.BIND and VERSION.SERVER CHAOS class queries + # hide-version: no + hide-version: yes + + # version string the server responds with for chaos queries. + # default is 'NSD x.y.z' with the server's version number. + # version: "NSD" + + # identify the server (CH TXT ID.SERVER entry). + # identity: "unidentified server" + + # NSID identity (hex string, or "ascii_somestring"). default disabled. + # nsid: "aabbccdd" + + # Maximum number of concurrent TCP connections per server. + # tcp-count: 100 + + # Maximum number of queries served on a single TCP connection. + # By default 0, which means no maximum. + # tcp-query-count: 0 + + # Override the default (120 seconds) TCP timeout. + # tcp-timeout: 120 + tcp-timeout: 10 + + # Maximum segment size (MSS) of TCP socket on which the server + # responds to queries. Default is 0, system default MSS. + # tcp-mss: 0 + + # Maximum segment size (MSS) of TCP socket for outgoing AXFR request. + # Default is 0, system default MSS. + # outgoing-tcp-mss: 0 + + # Preferred EDNS buffer size for IPv4. + # ipv4-edns-size: 4096 + + # Preferred EDNS buffer size for IPv6. + # ipv6-edns-size: 4096 + + # statistics are produced every number of seconds. Prints to log. + # Default is 0, meaning no statistics are produced. + # statistics: 3600 + + # Number of seconds between reloads triggered by xfrd. + # xfrd-reload-timeout: 1 + + # log timestamp in ascii (y-m-d h:m:s.msec), yes is default. + # log-time-ascii: yes + + # round robin rotation of records in the answer. + # round-robin: no + + # check mtime of all zone files on start and sighup + # zonefiles-check: yes + + # write changed zonefiles to disk, every N seconds. + # default is 0(disabled) or 3600(if database is ""). + # zonefiles-write: 3600 + + # RRLconfig + # Response Rate Limiting, size of the hashtable. Default 1000000. + # rrl-size: 1000000 + + # Response Rate Limiting, maximum QPS allowed (from one query source). + # If set to 0, ratelimiting is disabled. Also set + # rrl-whitelist-ratelimit to 0 to disable ratelimit processing. + # Default is off. + # rrl-ratelimit: 200 + + # Response Rate Limiting, number of packets to discard before + # sending a SLIP response (a truncated one, allowing an honest + # resolver to retry with TCP). Default is 2 (one half of the + # queries will receive a SLIP response, 0 disables SLIP (all + # packets are discarded), 1 means every request will get a + # SLIP response. When the ratelimit is hit the traffic is + # divided by the rrl-slip value. + # rrl-slip: 2 + + # Response Rate Limiting, IPv4 prefix length. Addresses are + # grouped by netblock. + # rrl-ipv4-prefix-length: 24 + + # Response Rate Limiting, IPv6 prefix length. Addresses are + # grouped by netblock. + # rrl-ipv6-prefix-length: 64 + + # Response Rate Limiting, maximum QPS allowed (from one query source) + # for whitelisted types. Default is off. + # rrl-whitelist-ratelimit: 2000 + # RRLend + +# Remote control config section. +remote-control: + # Enable remote control with nsd-control(8) here. + # set up the keys and certificates with nsd-control-setup. + # control-enable: no + + # what interfaces are listened to for control, default is on localhost. + # control-interface: 127.0.0.1 + # control-interface: ::1 + + # port number for remote control operations (uses TLS over TCP). + # control-port: 8952 + + # nsd server key file for remote control. + # server-key-file: "/var/lib/nsd/nsd_server.key" + + # nsd server certificate file for remote control. + # server-cert-file: "/var/lib/nsd/nsd_server.pem" + + # nsd-control key file. + # control-key-file: "/var/lib/nsd/nsd_control.key" + + # nsd-control certificate file. + # control-cert-file: "/var/lib/nsd/nsd_control.pem" + + +# Secret keys for TSIGs that secure zone transfers. +# You could include: "secret.keys" and put the 'key:' statements in there, +# and give that file special access control permissions. +# +# key: + # The key name is sent to the other party, it must be the same + #name: "keyname" + # algorithm hmac-md5, or sha1, sha256, sha224, sha384, sha512 + #algorithm: sha256 + # secret material, must be the same as the other party uses. + # base64 encoded random number. + # e.g. from dd if=/dev/random of=/dev/stdout count=1 bs=32 | base64 + #secret: "K2tf3TRjvQkVCmJF3/Z9vA==" + + +# Patterns have zone configuration and they are shared by one or more zones. +# +# pattern: + # name by which the pattern is referred to + #name: "myzones" + # the zonefile for the zones that use this pattern. + # if relative then from the zonesdir (inside the chroot). + # the name is processed: %s - zone name (as appears in zone:name). + # %1 - first character of zone name, %2 second, %3 third. + # %z - topleveldomain label of zone, %y, %x next labels in name. + # if label or character does not exist you get a dot '.'. + # for example "%s.zone" or "zones/%1/%2/%3/%s" or "secondary/%z/%s" + #zonefile: "%s.zone" + + # If no master and slave access control elements are provided, + # this zone will not be served to/from other servers. + + # A master zone needs notify: and provide-xfr: lists. A slave + # may also allow zone transfer (for debug or other secondaries). + # notify these slaves when the master zone changes, address TSIG|NOKEY + # IP can be ipv4 and ipv6, with @port for a nondefault port number. + #notify: 192.0.2.1 NOKEY + # allow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED + # address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40 + #provide-xfr: 192.0.2.0/24 my_tsig_key_name + # set the number of retries for notify. + #notify-retry: 5 + + # uncomment to provide AXFR to all the world + # provide-xfr: 0.0.0.0/0 NOKEY + # provide-xfr: ::0/0 NOKEY + + # A slave zone needs allow-notify: and request-xfr: lists. + #allow-notify: 2001:db8::0/64 my_tsig_key_name + # By default, a slave will request a zone transfer with IXFR/TCP. + # If you want to make use of IXFR/UDP use: UDP addr tsigkey + # for a master that only speaks AXFR (like NSD) use AXFR addr tsigkey + #request-xfr: 192.0.2.2 the_tsig_key_name + # Attention: You cannot use UDP and AXFR together. AXFR is always over + # TCP. If you use UDP, we higly recommend you to deploy TSIG. + # Allow AXFR fallback if the master does not support IXFR. Default + # is yes. + #allow-axfr-fallback: yes + # set local interface for sending zone transfer requests. + # default is let the OS choose. + #outgoing-interface: 10.0.0.10 + # limit the refresh and retry interval in seconds. + #max-refresh-time: 2419200 + #min-refresh-time: 0 + #max-retry-time: 1209600 + #min-retry-time: 0 + # Slave server tries zone transfer to all masters and picks highest + # zone version available, for when masters have different versions. + #multi-master-check: no + + # limit the zone transfer size (in bytes), stops very large transfers + # 0 is no limits enforced. + # size-limit-xfr: 0 + + # if compiled with --enable-zone-stats, give name of stat block for + # this zone (or group of zones). Output from nsd-control stats. + # zonestats: "%s" + + # if you give another pattern name here, at this point the settings + # from that pattern are inserted into this one (as if it were a + # macro). The statement can be given in between other statements, + # because the order of access control elements can make a difference + # (which master to request from first, which slave to notify first). + #include-pattern: "common-masters" + + +# Fixed zone entries. Here you can config zones that cannot be deleted. +# Zones that are dynamically added and deleted are put in the zonelist file. +# +# zone: + # name: "example.com" + # you can give a pattern here, all the settings from that pattern + # are then inserted at this point + # include-pattern: "master" + # You can also specify (additional) options directly for this zone. + # zonefile: "example.com.zone" + # request-xfr: 192.0.2.1 example.com.key + + # RRLconfig + # Response Rate Limiting, whitelist types + # rrl-whitelist: nxdomain + # rrl-whitelist: error + # rrl-whitelist: referral + # rrl-whitelist: any + # rrl-whitelist: rrsig + # rrl-whitelist: wildcard + # rrl-whitelist: nodata + # rrl-whitelist: dnskey + # rrl-whitelist: positive + # rrl-whitelist: all + # RRLend + +zone: + name: "localhost" + zonefile: "master/localhost.zone" diff --git a/network/nsd/nsd.info b/network/nsd/nsd.info new file mode 100644 index 0000000000000..d76c501cef603 --- /dev/null +++ b/network/nsd/nsd.info @@ -0,0 +1,10 @@ +PRGNAM="nsd" +VERSION="4.1.13" +HOMEPAGE="https://www.nlnetlabs.nl/projects/nsd/" +DOWNLOAD="https://www.nlnetlabs.nl/downloads/nsd/nsd-4.1.13.tar.gz" +MD5SUM="a3f2a9885bc8664ba4a25c938d26a587" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="" +MAINTAINER="Sergei Fedosoff" +EMAIL="eleksir@gmail.com" diff --git a/network/nsd/nsd.logrotate b/network/nsd/nsd.logrotate new file mode 100644 index 0000000000000..eb49072a75912 --- /dev/null +++ b/network/nsd/nsd.logrotate @@ -0,0 +1,11 @@ +/var/log/nsd/*.log { + daily + rotate 14 + notifempty + missingok + compress + sharedscripts + postrotate + /etc/rc.d/rc.nsd logreopen + endscript +} diff --git a/network/nsd/rc.nsd b/network/nsd/rc.nsd new file mode 100644 index 0000000000000..55118d9464cff --- /dev/null +++ b/network/nsd/rc.nsd @@ -0,0 +1,50 @@ +#!/bin/sh +# +# Start/stop/restart nsd +# + +do_start() { + if [ -x /usr/sbin/nsd ]; then + echo "Starting Name Server Daemon: /usr/sbin/nsd" + /usr/sbin/nsd -c /etc/nsd/nsd.conf 2> /dev/null + fi +} + +do_stop() { + echo "Stopping Name Server Daemon" + kill $(cat /var/run/nsd/nsd.pid) 2> /dev/null +} + +do_restart() { + do_stop + sleep 1 + do_start +} + +do_reload() { + kill -HUP $(cat /var/run/nsd/nsd.pid) +} + +do_logreopen() { + do_reload +} + +case "$1" in +'start') + do_start + ;; +'stop') + do_stop + ;; +'restart') + do_restart + ;; +'reload') + do_reload + ;; +'logreopen') + do_logreopen + ;; +*) + echo "usage $0 start|stop|restart|reload|logreopen" +esac diff --git a/network/nsd/slack-desc b/network/nsd/slack-desc new file mode 100644 index 0000000000000..2aec14873ae25 --- /dev/null +++ b/network/nsd/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +nsd: nsd (Name Server Daemon) +nsd: +nsd: NSD is an authoritative only, high performance, simple and open +nsd: source name server. +nsd: +nsd: +nsd: +nsd: +nsd: +nsd: Website: https://www.nlnetlabs.nl/projects/nsd/ +nsd: |