knot: add dns catalog

2024-03-23 20:57:27 +01:00 · 2024-03-23 20:57:27 +01:00 · 866793e0ce
parent 923b5ebd19
commit 866793e0ce
1 changed files with 41 additions and 20 deletions
--- a/hosts/knot/default.nix
+++ b/hosts/knot/default.nix
@ -60,6 +60,17 @@
          ];
          action = [ "transfer" "notify" ];
        }
+        {
+          # https://www.knot-dns.cz/docs/3.3/singlehtml/index.html#catalog-zones-configuration-examples
+          id = "zone_xfr";
+          address  = [
+            # ns.spaceboyz.net
+            "95.217.229.209" "2a01:4f9:4b:39ec::4"
+            # ns1.supersandro.de
+            "188.34.196.104" "2a01:4f8:1c1c:1d38::1"
+          ];
+          action = "transfer";
+        }
      ];

      log = [ {
@ -81,11 +92,6 @@
          id = "ns0.q-ix.net";
          address = [ "217.115.12.65" "2a00:1328:e101:b01::1" ];
        }
-        # {
-          # TODO
-          # id = "ns1.supersandro.de";
-          # address = [ "188.34.196.104" "2a01:4f8:1c1c:1d38::1" ];
-        # }
      ];

      remotes = [ {
@ -108,24 +114,39 @@
        version = null;
      };

-      template = [ {
-        id = "default";
-        # dnssec-signing = true; ???
-        file = "%s.zone";
-        global-module = [ "mod-stats" ];
-        journal-content = "all"; # required for zonefile-load=difference-no-serial and makes cold starts like zone reloads
-        module = "mod-stats/default";
-        semantic-checks = true;
-        serial-policy = "dateserial";
-        storage = "/var/lib/knot/zones";
-        zonefile-load = "difference-no-serial";
-      } ];
+      template = [
+        {
+          # default is a magic name and is always loaded.
+          # Because we want to use catalog-role/catalog-zone settings for all zones *except* the catalog zone itself, we must split the templates
+          id = "default";
+          global-module = [ "mod-stats" ];
+        }
+        {
+          id = "c3d2";
+          catalog-role = "member";
+          catalog-zone = "c3d2.";
+          dnssec-signing = true;
+          file = "%s.zone";
+          journal-content = "all"; # required for zonefile-load=difference-no-serial and makes cold starts like zone reloads
+          module = "mod-stats/default";
+          semantic-checks = true;
+          serial-policy = "dateserial";
+          storage = "/var/lib/knot/zones";
+          zonefile-load = "difference-no-serial";
+        }
+      ];

-      zone = map ({ acl ? [], ... }@zone: {
+      zone = [
+        {
+          domain = "c3d2.";
+          acl = "zone_xfr";
+          catalog-role = "generate";
+        }
+      ] ++ map ({ acl ? [], ... }@zone: {
        inherit (zone) domain;
-        template = "default";
+        template = "c3d2";
        notify = [ "all" ];
-        acl = [ "axfr" ] ++ acl;
+        acl = [ "axfr" "zone_xfr" ] ++ acl;
      }) [
        { domain = "c3dd.de"; }
        { domain = "c3d2.de"; acl = [ "jabber" ]; }