From 27571cff72ee6d2240f747b1ee4dc4d7c2a37d5a Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Thu, 6 May 2021 17:52:49 +0200
Subject: [PATCH] nixos-module/container/dns, pkgs/dns-slaves: add explicit
 addresses for zone xfers

---
 nix/nixos-module/container/dns.nix | 11 ++++++++++-
 nix/pkgs/dns-slaves.nix            |  5 +++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/nix/nixos-module/container/dns.nix b/nix/nixos-module/container/dns.nix
index 0466fda..2b0bf30 100644
--- a/nix/nixos-module/container/dns.nix
+++ b/nix/nixos-module/container/dns.nix
@@ -92,7 +92,16 @@ in
             if dynamic
             then "/var/db/bind/${name}.zone"
             else generateZoneFile zone;
-          extraConfig = lib.optionalString dynamic ''
+          extraConfig = ''
+            also-notify {
+              # ns.c3d2.de
+              217.197.84.53;
+              2001:67c:1400:2240::a;
+              # ns.spaceboyz.net
+              95.217.229.209;
+              2a01:4f9:4b:39ec::4;
+            };
+          '' + lib.optionalString dynamic ''
             allow-update { key "dyndns"; };
           '';
         };
diff --git a/nix/pkgs/dns-slaves.nix b/nix/pkgs/dns-slaves.nix
index 3009596..333a6c5 100644
--- a/nix/pkgs/dns-slaves.nix
+++ b/nix/pkgs/dns-slaves.nix
@@ -12,6 +12,11 @@ writeText "named.slave.conf" (
         172.20.73.2;
       };
       file "/var/lib/bind/slave/${name}.zone";
+      allow-notify {
+        2a02:8106:208:5282:2::2;
+        fd23:42:c3d2:582:2::2;
+        172.20.73.2;
+      };
     };
   '') (
     # public zones only