NSD

{{short description|Free DNS server software}}

{{other uses}}

{{Infobox software

| name = NSD

| logo = NSD DNS server logo.svg

| caption =

| developer = NLnet Labs

| released = {{release date and age|2002|5|30}}

| latest release version = {{wikidata|property|reference|P348}}

| latest release date = {{start date and age|{{wikidata|qualifier|P348|P577}}}}

| latest preview version =

| latest preview date =

| operating_system = Unix-like

| genre = DNS server

| license = BSD license

}}

In Internet computing, NSD (for "name server daemon") is an open-source Domain Name System (DNS) server. It was developed by NLnet Labs of Amsterdam in cooperation with the RIPE NCC, from scratch as an authoritative name server (i.e., not implementing the recursive caching function by design). The intention of this development is to add variance to the "gene pool" of DNS implementations

used by higher level name servers and thus increase the resilience of DNS against software flaws or exploits.

NSD uses BIND-style zone-files (zone-files used under BIND can usually be used unmodified in NSD, once entered into the NSD configuration).

NSD uses zone information compiled via zonec into a binary database file (nsd.db) which allows fast startup of the NSD name-service daemon, and allows syntax-structural errors in Zone-Files to be flagged at compile-time (before being made available to NSD service itself).

The collection of programs/processes that make-up NSD are designed so that the NSD daemon itself runs as a non-privileged user and can be easily configured to run in a Chroot jail, such that security flaws in the NSD daemon are not so likely to result in system-wide compromise as without such measures.

As of May 2018, four of the Internet root nameservers are using NSD:

• k.root-servers.net was switched to NSD on February 19, 2003.{{cite web |url=http://www.ripe.net/ripe/mail/archives/dns-wg/2003-February/000891.html |title=k.root-servers.net Changing DNS Software at on 19.2.2003 |accessdate=14 May 2014 |last=Karrenberg |first=Daniel |date=14 February 2003 }}
• One of the 2 load-balanced servers for h.root-servers.net (called "H1", "H2") was switched to NSD, and now there are 3 servers all running NSD (called "H1", "H2", "H3").{{cite web |url=http://www.nlnet.nl/project/nlnetlabs/2003-annual/#2.2.2 |title="Stichting NLnet; Annual Report 2003" mentioning NSD on h.root-servers.net |accessdate=30 January 2007 |date=18 May 2004 |publisher=Stichting NLnet Labs |pages=13 }}
• l.root-servers.net switched to NSD{{cite conference |url=http://www.enog.org/presentations/enog-8/329-Lroot-ENOG-Sept2014.pdf |conference-url=http://www.enog.org/meetings/enog-8/meeting-report/minutes/ |title=Lightning Talk on L-root |author=Patrick Jones |conference=ENOG 8 |date=2014-09-09 |accessdate=2016-01-04}} on February 6, 2007{{Citation needed|date=January 2016}}.
• d.root-servers.net was switched to NSD in May 2018.{{cite web |url=http://d.root-servers.org/history.html |title=D-Root History Page}}

Several other TLDs use NSD for part of their servers.