diff options
| author | sinanmohd <sinan@sinanmohd.com> | 2024-02-02 14:38:25 +0530 |
|---|---|---|
| committer | sinanmohd <sinan@sinanmohd.com> | 2024-02-02 15:16:36 +0530 |
| commit | 858795db02776ed266c51c3211af49667ea5f21e (patch) | |
| tree | bdbb25d1bdd539f092a6515b63bf77209d4cc1bf /hosts/kay/modules | |
| parent | a02000c713b9daf81c08e806d4b1b3664515c276 (diff) | |
kay/dns: init DNSSEC
Diffstat (limited to 'hosts/kay/modules')
| -rw-r--r-- | hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone | 2 | ||||
| -rw-r--r-- | hosts/kay/modules/dns/default.nix | 28 | ||||
| -rw-r--r-- | hosts/kay/modules/dns/sinanmohd.com.zone | 2 |
3 files changed, 26 insertions, 6 deletions
diff --git a/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone b/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone index c12f969..3991e1f 100644 --- a/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone +++ b/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone @@ -2,7 +2,7 @@ $ORIGIN 5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa. $TTL 2d @ IN SOA ns1.sinanmohd.com. sinan.sinanmohd.com. ( - 2024020100 ; serial + 2024020400 ; serial 2h ; refresh 5m ; retry 1d ; expire diff --git a/hosts/kay/modules/dns/default.nix b/hosts/kay/modules/dns/default.nix index 6bd4774..28e48c5 100644 --- a/hosts/kay/modules/dns/default.nix +++ b/hosts/kay/modules/dns/default.nix @@ -20,10 +20,28 @@ in { settings = { server.listen = listen_addr; - remote = [{ - id = "ns1.he.net"; - address = [ "2001:470:100::2" "216.218.130.2" ]; - via = "2001:470:ee65::1"; + remote = [ + { + id = "ns1.he.net"; + address = [ "2001:470:100::2" "216.218.130.2" ]; + via = "2001:470:ee65::1"; + } + { + id = "m.gtld-servers.net"; + address = [ "2001:501:b1f9::30" "192.55.83.30" ]; + } + ]; + + submission = [{ + id = "gtld-servers.net"; + parent = "m.gtld-servers.net"; + }]; + + policy = [{ + id = "gtld-servers.net"; + algorithm = "ecdsap384sha384"; + ksk-lifetime = "365d"; + ksk-submission = "gtld-servers.net"; }]; # generate TSIG key with keymgr -t name @@ -56,6 +74,8 @@ in { } { id = "master"; + dnssec-signing = "on"; + dnssec-policy = "gtld-servers.net"; semantic-checks = "on"; notify = [ "ns1.he.net" ]; acl = [ "ns1.he.net" "localhost" ]; diff --git a/hosts/kay/modules/dns/sinanmohd.com.zone b/hosts/kay/modules/dns/sinanmohd.com.zone index 9cff3c5..1c92366 100644 --- a/hosts/kay/modules/dns/sinanmohd.com.zone +++ b/hosts/kay/modules/dns/sinanmohd.com.zone @@ -2,7 +2,7 @@ $ORIGIN sinanmohd.com. $TTL 2d @ IN SOA ns1 sinan ( - 2024020100 ; serial + 2024020400 ; serial 2h ; refresh 5m ; retry 1d ; expire |