~vern's knot-dns config and tutorial on how to set it up
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Arya K 065dd5e97f
Merge branch 'main' of ssh://vern.cc:1813/vern/DNS
1 month ago
master Update info on serial 1 month ago
slave Add content 1 month ago
LICENSE add license 1 month ago
README.md Merge branch 'main' of ssh://vern.cc:1813/vern/DNS 1 month ago


~vern DNS

~vern uses knot-dns.cz for our self-hosted DNS. This is complete with DNSSEC.

Currently its only deployed to vern0.me, and not to production yet.

The master is hosted on our linode, statusvern and the slave is on our main VPS.

We use the knot package from debian repos.

To apply changes, bump the serial by 1 (in same file, below SOA line) and then systemctl restart knot (there is probably a better way to do this)

Note: For serial, its recommended to use YYYYMMDDXX format. For example, thirteenth revision on 16/10/2022 would be serial 2022161013.


Put the files in master/ and slave/ in the respective places.

You might want to also add an auth key (for sync) but i haven't experimented with it yet.

On your registrar side, add the GLUE records. (On namecheap, its under Advanced DNS -> Personal DNS Server -> Add nameserver)

After that, add ns1.yourdomain.me and ns2.yourdomain.me to the custom dns part.

Thats all the setup you need for a basic authoritative DNS server.

In order to setup DNSSEC do the following :-

  1. Run dig DS yourdomain.me. +short in order to get your DS key

Example: 54674 13 2 E28E3DB78E5517A577353A43799AD14EC044720BAE4906D134F5EA40 74AC0287

  1. Then, add the DS record on your registrar's side.

With the example provided,

a) Key tag - 54674

b) Algorithm - 13

c) Digest Type - 2

d) Digest - E28E3...287 (omit space)

(On namecheap, you add this at Advanced DNS -> DNSSEC)

I need help

If you want help with this, feel free to join #chat. I can help you with it if needed :)