summaryrefslogtreecommitdiff
path: root/hosts/kay/modules/dns
diff options
context:
space:
mode:
authorsinanmohd <sinan@sinanmohd.com>2024-02-02 14:38:25 +0530
committersinanmohd <sinan@sinanmohd.com>2024-02-02 15:16:36 +0530
commit858795db02776ed266c51c3211af49667ea5f21e (patch)
treebdbb25d1bdd539f092a6515b63bf77209d4cc1bf /hosts/kay/modules/dns
parenta02000c713b9daf81c08e806d4b1b3664515c276 (diff)
kay/dns: init DNSSEC
Diffstat (limited to 'hosts/kay/modules/dns')
-rw-r--r--hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone2
-rw-r--r--hosts/kay/modules/dns/default.nix28
-rw-r--r--hosts/kay/modules/dns/sinanmohd.com.zone2
3 files changed, 26 insertions, 6 deletions
diff --git a/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone b/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone
index c12f969..3991e1f 100644
--- a/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone
+++ b/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone
@@ -2,7 +2,7 @@ $ORIGIN 5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.
$TTL 2d
@ IN SOA ns1.sinanmohd.com. sinan.sinanmohd.com. (
- 2024020100 ; serial
+ 2024020400 ; serial
2h ; refresh
5m ; retry
1d ; expire
diff --git a/hosts/kay/modules/dns/default.nix b/hosts/kay/modules/dns/default.nix
index 6bd4774..28e48c5 100644
--- a/hosts/kay/modules/dns/default.nix
+++ b/hosts/kay/modules/dns/default.nix
@@ -20,10 +20,28 @@ in {
settings = {
server.listen = listen_addr;
- remote = [{
- id = "ns1.he.net";
- address = [ "2001:470:100::2" "216.218.130.2" ];
- via = "2001:470:ee65::1";
+ remote = [
+ {
+ id = "ns1.he.net";
+ address = [ "2001:470:100::2" "216.218.130.2" ];
+ via = "2001:470:ee65::1";
+ }
+ {
+ id = "m.gtld-servers.net";
+ address = [ "2001:501:b1f9::30" "192.55.83.30" ];
+ }
+ ];
+
+ submission = [{
+ id = "gtld-servers.net";
+ parent = "m.gtld-servers.net";
+ }];
+
+ policy = [{
+ id = "gtld-servers.net";
+ algorithm = "ecdsap384sha384";
+ ksk-lifetime = "365d";
+ ksk-submission = "gtld-servers.net";
}];
# generate TSIG key with keymgr -t name
@@ -56,6 +74,8 @@ in {
}
{
id = "master";
+ dnssec-signing = "on";
+ dnssec-policy = "gtld-servers.net";
semantic-checks = "on";
notify = [ "ns1.he.net" ];
acl = [ "ns1.he.net" "localhost" ];
diff --git a/hosts/kay/modules/dns/sinanmohd.com.zone b/hosts/kay/modules/dns/sinanmohd.com.zone
index 9cff3c5..1c92366 100644
--- a/hosts/kay/modules/dns/sinanmohd.com.zone
+++ b/hosts/kay/modules/dns/sinanmohd.com.zone
@@ -2,7 +2,7 @@ $ORIGIN sinanmohd.com.
$TTL 2d
@ IN SOA ns1 sinan (
- 2024020100 ; serial
+ 2024020400 ; serial
2h ; refresh
5m ; retry
1d ; expire