diff options
| author | sinanmohd <sinan@sinanmohd.com> | 2024-02-02 14:38:25 +0530 | 
|---|---|---|
| committer | sinanmohd <sinan@sinanmohd.com> | 2024-02-02 15:16:36 +0530 | 
| commit | 858795db02776ed266c51c3211af49667ea5f21e (patch) | |
| tree | bdbb25d1bdd539f092a6515b63bf77209d4cc1bf /hosts/kay | |
| parent | a02000c713b9daf81c08e806d4b1b3664515c276 (diff) | |
kay/dns: init DNSSEC
Diffstat (limited to 'hosts/kay')
| -rw-r--r-- | hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone | 2 | ||||
| -rw-r--r-- | hosts/kay/modules/dns/default.nix | 28 | ||||
| -rw-r--r-- | hosts/kay/modules/dns/sinanmohd.com.zone | 2 | 
3 files changed, 26 insertions, 6 deletions
| diff --git a/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone b/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone index c12f969..3991e1f 100644 --- a/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone +++ b/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone @@ -2,7 +2,7 @@ $ORIGIN 5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.  $TTL 2d  @	IN	SOA	ns1.sinanmohd.com.	sinan.sinanmohd.com. ( -			2024020100 ; serial +			2024020400 ; serial  			2h         ; refresh  			5m         ; retry  			1d         ; expire diff --git a/hosts/kay/modules/dns/default.nix b/hosts/kay/modules/dns/default.nix index 6bd4774..28e48c5 100644 --- a/hosts/kay/modules/dns/default.nix +++ b/hosts/kay/modules/dns/default.nix @@ -20,10 +20,28 @@ in {      settings = {        server.listen = listen_addr; -      remote = [{ -        id = "ns1.he.net"; -        address = [ "2001:470:100::2" "216.218.130.2" ]; -        via = "2001:470:ee65::1"; +      remote = [ +        { +          id = "ns1.he.net"; +          address = [ "2001:470:100::2" "216.218.130.2" ]; +          via = "2001:470:ee65::1"; +        } +        { +          id = "m.gtld-servers.net"; +          address = [ "2001:501:b1f9::30"  "192.55.83.30" ]; +        } +      ]; + +      submission = [{ +        id = "gtld-servers.net"; +        parent = "m.gtld-servers.net"; +      }]; + +      policy = [{ +        id = "gtld-servers.net"; +        algorithm = "ecdsap384sha384"; +        ksk-lifetime = "365d"; +        ksk-submission = "gtld-servers.net";        }];        # generate TSIG key with keymgr -t name @@ -56,6 +74,8 @@ in {          }          {            id = "master"; +          dnssec-signing = "on"; +          dnssec-policy = "gtld-servers.net";            semantic-checks = "on";            notify = [ "ns1.he.net" ];            acl = [ "ns1.he.net" "localhost" ]; diff --git a/hosts/kay/modules/dns/sinanmohd.com.zone b/hosts/kay/modules/dns/sinanmohd.com.zone index 9cff3c5..1c92366 100644 --- a/hosts/kay/modules/dns/sinanmohd.com.zone +++ b/hosts/kay/modules/dns/sinanmohd.com.zone @@ -2,7 +2,7 @@ $ORIGIN sinanmohd.com.  $TTL 2d  @	IN	SOA	ns1	sinan ( -			2024020100 ; serial +			2024020400 ; serial  			2h         ; refresh  			5m         ; retry  			1d         ; expire | 
