DNS/README.md

# ~vern DNS

~vern uses knot-dns.cz for our self-hosted DNS. This is complete with <a href=https://dnsviz.net/d/vern0.me/dnssec>DNSSEC</a>.

Currently its deployed on vern.cc and vern0.me, both the domains we manage

The slave is hosted on our India Linode, Hellfire and the master is on our main VPS on Hetzner, Mythos.

We use the `knot` package from https://deb.knot-dns.cz/knot-latest.

To apply changes, bump the serial by 1 (in same file, below SOA line) and then `knotc reload`. Then on your slave, run `knotc zone-retransfer yourdomain.me; kontc zone-reload yourdomain.me`

Note: For serial, its recommended to use YYYYMMDDXX format. For example, thirteenth revision on 16/10/2022 would be serial 2022161013.

## Setup

Put the files in master/ and slave/ in /etc/knot

You might want to also add an auth key (for sync) but i haven't experimented with it yet.

On your registrar side, add the GLUE records. (On namecheap, its under Advanced DNS -> Personal DNS Server -> Add nameserver)

After that, add ns1.yourdomain.me and ns2.yourdomain.me to the custom dns part.

Thats all the setup you need for a basic authoritative DNS server.

In order to setup DNSSEC do the following :-

1. Run `keymgr yourdomain.com ds` in order to get your DS key

Example: `54674 13 2 E28E3DB78E5517A577353A43799AD14EC044720BAE4906D134F5EA40 74AC0287`

2. Then, add the DS record on your registrar's side. 

With the example provided,

a) Key tag - 54674

b) Algorithm - 13

c) Digest Type - 2

d) Digest - E28E3...287 (omit space)

(On namecheap, you add this at Advanced DNS -> DNSSEC)

## I need help

If you want help with this, feel free to join #vern-chat. I can help you with it if needed :)