||1 month ago|
|master||1 month ago|
|slave||1 month ago|
|LICENSE||1 month ago|
|README.md||1 month ago|
~vern uses knot-dns.cz for our self-hosted DNS. This is complete with DNSSEC.
Currently its only deployed to vern0.me, and not to production yet.
The master is hosted on our linode, statusvern and the slave is on our main VPS.
We use the
knot package from debian repos.
To apply changes, bump the serial by 1 (in same file, below SOA line) and then
systemctl restart knot (there is probably a better way to do this)
Note: For serial, its recommended to use YYYYMMDDXX format. For example, thirteenth revision on 16/10/2022 would be serial 2022161013.
Put the files in master/ and slave/ in the respective places.
You might want to also add an auth key (for sync) but i haven't experimented with it yet.
On your registrar side, add the GLUE records. (On namecheap, its under Advanced DNS -> Personal DNS Server -> Add nameserver)
After that, add ns1.yourdomain.me and ns2.yourdomain.me to the custom dns part.
Thats all the setup you need for a basic authoritative DNS server.
In order to setup DNSSEC do the following :-
dig DS yourdomain.me. +shortin order to get your DS key
54674 13 2 E28E3DB78E5517A577353A43799AD14EC044720BAE4906D134F5EA40 74AC0287
- Then, add the DS record on your registrar's side.
With the example provided,
a) Key tag - 54674
b) Algorithm - 13
c) Digest Type - 2
d) Digest - E28E3...287 (omit space)
(On namecheap, you add this at Advanced DNS -> DNSSEC)
I need help
If you want help with this, feel free to join #chat. I can help you with it if needed :)