Setting up your own DNS server might sound like rocket science, but it’s not that bad—especially when you use a lightweight tool like NSD. NSD stands for Name Server Daemon. It’s a simple program that answers DNS queries (like “Where’s google.com?”) from other computers.
If you’ve ever wanted to run your own nameserver for your domain, NSD is a great choice. It’s small, fast, and easy to understand. It only handles authoritative DNS, which means it just answers questions about the zones (domains) it knows about. That makes it perfect for serving your own websites.
In this post, I’ll show you how to set up a basic DNS server using NSD. I’ll explain everything as simply as possible. I’ve used NSD on my own home lab and VPS servers—it’s one of those “set it and forget it” tools once it’s up and running.
What Is DNS and NSD?
Let’s start with the basics.
DNS stands for Domain Name System. It’s like a phonebook for the internet. When you type a website name like example.com, DNS translates that into an IP address like 192.0.2.1. Your browser needs that number to know where to go.
NSD is a small program that runs on a server. It stores DNS zone files and responds to queries with the right information. Unlike full DNS servers like BIND, NSD doesn’t do recursion—it only tells you about domains it’s in charge of.
That means if you set up NSD for yourdomain.com, it will answer when someone asks, “What’s the IP for www.yourdomain.com?” But it won’t look up facebook.com or openai.com. It just focuses on your zone.
That’s one of the reasons I like it. Fewer moving parts. Less to break.
Why Set Up Your Own DNS Server?
Here are a few good reasons:
- You want full control over your DNS records.
- You run your own web or email server.
- You’re curious and want to learn how DNS works.
- Your cat told you it’s time to level up your sysadmin skills (meow-nagement).
Sure, you can use services like Cloudflare or your domain registrar’s DNS. But running your own gives you more flexibility—and it’s fun in a nerdy way.
What You’ll Need
Before we begin, here’s what you need:
- A Linux VPS or bare-metal server.
- Root access (or sudo).
- A domain name you can configure.
- Basic terminal skills (copy/paste is fine).
I’ll be using Debian-based commands, but this works on most Linux systems with small tweaks.
Step 1: Install NSD
Let’s get NSD installed.
On Debian or Ubuntu:
sudo apt update
sudo apt install nsd
On CentOS or RHEL:
sudo yum install nsd
Once installed, NSD might already be running. You can check with:
sudo systemctl status nsd
If it’s running, great. If not, we’ll fix that later.
Step 2: Create a Zone File
Next, you need to tell NSD what domain it’s managing. This is done using a zone file. A zone file is just a text file with records like:
- A records (IP addresses)
- NS records (nameservers)
- MX records (mail servers)
Let’s make a folder for your zones:
sudo mkdir -p /etc/nsd/zones
Now create a zone file for your domain. Example: yourdomain.com.zone
sudo nano /etc/nsd/zones/yourdomain.com.zone
Here’s a basic zone file example:
$ORIGIN yourdomain.com.
$TTL 86400
@ IN SOA ns1.yourdomain.com. admin.yourdomain.com. (
2024050701 ; serial
3600 ; refresh
1800 ; retry
1209600 ; expire
86400 ) ; minimum
IN NS ns1.yourdomain.com.
IN NS ns2.yourdomain.com.
ns1 IN A 192.0.2.1
ns2 IN A 192.0.2.2
@ IN A 192.0.2.3
www IN A 192.0.2.3
What do all those weird-looking lines mean?
SOAis the “start of authority.” It tells the world your server is the boss for this zone.NSlines list your nameservers.Alines map names to IP addresses.
Change the IP addresses and domain names to match your setup.
Step 3: Tell NSD About Your Zone
Now you need to let NSD know about the zone you just created.
Edit the nsd.conf file:
sudo nano /etc/nsd/nsd.conf
At the end, add:
zone:
name: "yourdomain.com"
zonefile: "zones/yourdomain.com.zone"
Save and exit.
Then check if your zone file is valid:
sudo nsd-checkzone yourdomain.com /etc/nsd/zones/yourdomain.com.zone
If it says “ok,” you’re good. If not, check for typos or missing dots.
Step 4: Start NSD and Enable It
Now reload NSD and tell it to use your config.
sudo nsd-control rebuild
sudo systemctl restart nsd
sudo systemctl enable nsd
If all went well, NSD should now be running and ready to answer DNS queries.
Step 5: Open Firewall Ports
DNS runs on port 53. You need to allow it in your firewall.
If you use ufw:
sudo ufw allow 53
If you use iptables:
sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
Make sure your server’s public IP matches the A records in your zone file.
Step 6: Set Up Glue Records (Optional But Important)
Glue records are A records for your nameservers stored at your domain registrar. Without glue records, the internet won’t know how to find ns1.yourdomain.com.
Log into your registrar’s control panel. Add:
ns1.yourdomain.com→192.0.2.1ns2.yourdomain.com→192.0.2.2
Then set those as your domain’s nameservers.
It might take a while to update. Be patient. DNS is fast… at taking its time.
Step 7: Test Your DNS Server
Use the dig tool to test your DNS server:
dig @192.0.2.1 yourdomain.com
If it shows an answer with the correct IP, congrats—your DNS server works.
Try other tests:
dig @192.0.2.1 www.yourdomain.comdig @192.0.2.1 ns1.yourdomain.com
Three Benefits of Using NSD
Here’s why I like NSD:
- Simple: Fewer features means fewer bugs.
- Fast: It’s light on memory and CPU.
- Secure: Smaller code base, easier to audit.
Compared to BIND, NSD is like a bicycle. BIND is more like a space shuttle. Both get you places—but one is easier to ride without a helmet.
Three Tips for Managing NSD
Keep things smooth with these habits:
- Use
nsd-checkzoneevery time you change a zone. - Always update the serial number in your zone file.
- Restart NSD after changes using
nsd-control reload.
Forget the serial? DNS might ignore your new records. It’s picky like that.
Three Common Gotchas
Here are some mistakes I’ve made so you don’t have to:
- Forgetting the trailing dot in domain names (
yourdomain.com.notyourdomain.com) - Setting wrong file permissions (NSD needs to read the zone file)
- Opening only TCP 53, but forgetting UDP 53
When something breaks, logs are your friend:
sudo journalctl -u nsd
Or check /var/log/syslog depending on your system.
Wrapping It Up
You just built your own DNS server using NSD. That’s pretty cool. You’ve joined a small club of people who run their own nameservers.
Let’s recap:
- Installed NSD
- Made a zone file
- Edited the config
- Opened ports
- Tested with dig
It might seem like a lot, but take it slow, one step at a time. Setting this up taught me a lot about how the internet works behind the scenes. Now when people ask “what’s DNS?”—you can smile and say, “I run one.”
So, are you going to name your server “Sir Digs-a-Lot” or “NSDiddy”?
Let me know how your setup goes. Got stuck somewhere? I’ve been there too.
