NSD is an authoritative only, high performance, simple and open source name server.
NSD (for "name server daemon") is an open-source server program for the Domain Name System. It was developed by NLnet Labs of Amsterdam in cooperation with the RIPE NCC, from scratch as an authoritative name server (i.e., not implementing the recursive caching function by design). The intention of this development is to add variance to the "gene pool" of DNS implementations used by higher level name servers and thus increase the resilience of DNS against software flaws or exploits.
NSD uses BIND-style zone-files (zone-files used under BIND can usually be used unmodified in NSD, once entered into the NSD configuration).
NSD uses zone information compiled via 'zonec' into a binary database file (nsd.db) which allows fast startup of the NSD name-service daemon, and allows syntax-structural errors in Zone-Files to be flagged at compile-time (before being made available to NSD service itself).
The collection of programs/processes that make-up NSD are designed so that the NSD daemon itself runs as a non-privileged user and can be easily configured to run in a Chroot jail, such that security flaws in the NSD daemon are not so likely to result in system-wide compromise as without such measures.
As of March, 2008, three of the Internet root nameservers are using NSD:
- k.root-servers.net was switched to NSD on February 19, 2003.[2]
- One of the 2 load-balanced servers for h.root-servers.net (called "H1", "H2") was switched to NSD, and now there are 3 servers all running NSD (called "H1", "H2", "H3").[3]
- l.root-servers.net switched to NSD on February 6, 2007. Several other TLDs use NSD for part of their servers.
