c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

knot: add dns catalog

This commit is contained in:
Sandro - 2024-03-23 20:57:27 +01:00
parent 923b5ebd19
commit 866793e0ce
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
1 changed files with 41 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
hosts/knot/default.nix
View File

@ -60,6 +60,17 @@
]; ];
action = [ "transfer" "notify" ]; action = [ "transfer" "notify" ];
} }
{
# https://www.knot-dns.cz/docs/3.3/singlehtml/index.html#catalog-zones-configuration-examples
id = "zone_xfr";
address = [
# ns.spaceboyz.net
"95.217.229.209" "2a01:4f9:4b:39ec::4"
# ns1.supersandro.de
"188.34.196.104" "2a01:4f8:1c1c:1d38::1"
];
action = "transfer";
}
]; ];
log = [ { log = [ {
@ -81,11 +92,6 @@
id = "ns0.q-ix.net"; id = "ns0.q-ix.net";
address = [ "217.115.12.65" "2a00:1328:e101:b01::1" ]; address = [ "217.115.12.65" "2a00:1328:e101:b01::1" ];
} }
# {
# TODO
# id = "ns1.supersandro.de";
# address = [ "188.34.196.104" "2a01:4f8:1c1c:1d38::1" ];
# }
]; ];
remotes = [ { remotes = [ {
@ -108,24 +114,39 @@
version = null; version = null;
}; };
template = [ { template = [
id = "default"; {
# dnssec-signing = true; ??? # default is a magic name and is always loaded.
file = "%s.zone"; # Because we want to use catalog-role/catalog-zone settings for all zones *except* the catalog zone itself, we must split the templates
global-module = [ "mod-stats" ]; id = "default";
journal-content = "all"; # required for zonefile-load=difference-no-serial and makes cold starts like zone reloads global-module = [ "mod-stats" ];
module = "mod-stats/default"; }
semantic-checks = true; {
serial-policy = "dateserial"; id = "c3d2";
storage = "/var/lib/knot/zones"; catalog-role = "member";
zonefile-load = "difference-no-serial"; catalog-zone = "c3d2.";
} ]; dnssec-signing = true;
file = "%s.zone";
journal-content = "all"; # required for zonefile-load=difference-no-serial and makes cold starts like zone reloads
module = "mod-stats/default";
semantic-checks = true;
serial-policy = "dateserial";
storage = "/var/lib/knot/zones";
zonefile-load = "difference-no-serial";
}
];
zone = map ({ acl ? [], ... }@zone: { zone = [
{
domain = "c3d2.";
acl = "zone_xfr";
catalog-role = "generate";
}
] ++ map ({ acl ? [], ... }@zone: {
inherit (zone) domain; inherit (zone) domain;
template = "default"; template = "c3d2";
notify = [ "all" ]; notify = [ "all" ];
acl = [ "axfr" ] ++ acl; acl = [ "axfr" "zone_xfr" ] ++ acl;
}) [ }) [
{ domain = "c3dd.de"; } { domain = "c3dd.de"; }
{ domain = "c3d2.de"; acl = [ "jabber" ]; } { domain = "c3d2.de"; acl = [ "jabber" ]; }