Add content

This commit is contained in:
Arya Kiran 2022-09-06 20:46:21 +05:30
parent cbccd2abb1
commit a64f4a767f
No known key found for this signature in database
GPG Key ID: 3A6EA2D0EE314EEF
4 changed files with 135 additions and 0 deletions

View File

@ -0,0 +1,43 @@
# ~vern DNS
~vern uses knot-dns.cx for our self-hosted DNS. This is complete with DNSSEC.
Currently its only deployed to vern0.me, and not to production.
The master is hosted on our status.vern.cc linode, statusvern and the slave is on our main VPS.
We use the `knot` package from debian repos.
To do changes, add the records, bump the serial by 1 (in same file below SOA) and then `systemctl restart knot` (there is probably a better way to do this)
## Setup
Put the files in master/ and slave/ in the respective places.
You might want to also add an auth key (for sync) but i haven't experimented with it yet.
On your registrar side, add the GLUE records. (On namecheap, its under Advanced DNS -> Personal DNS Server -> Add nameserver)
After that, add ns1.yourdomain.me and ns2.yourdomain.me to the custom dns part.
Thats all the setup you need for a basic authoritative DNS server.
In order to setup DNSSEC do the following :-
1. Run `dig DS yourdomain.me. +short` in order to get your DS key
Example: `54674 13 2 E28E3DB78E5517A577353A43799AD14EC044720BAE4906D134F5EA40 74AC0287`
2. Then, add the DS record on your registrar's side.
With the example provided,
a) Key tag - 54674
b) Algorithm - 13
c) Digest Type - 2
d) Digest - E28E3...287
(On namecheap, you add this at Advanced DNS -> DNSSEC)
## I need help
If you want help with this, feel free to join #chat. I can help you with it if needed :)
~aryak

33
master/knot.conf Normal file
View File

@ -0,0 +1,33 @@
# This file must be placed in /etc/knot/knot.conf
server:
rundir: "/run/knot"
user: knot:knot
listen: [ 127.0.0.1@53, ::1@53, 139.144.17.216@53 ]
log:
- target: syslog
any: info
database:
storage: "/var/lib/knot"
remote:
- id: secondary
address: 167.114.67.70@53
acl:
- id: acl_secondary
address: 167.114.67.70
action: transfer
template:
- id: default
storage: "/var/lib/knot/zones"
file: "%s.zone"
dnssec-signing: on
semantic-checks: on
zone:
- domain: vern0.me
notify: secondary
acl: acl_secondary

28
master/vern0.me.zone Normal file
View File

@ -0,0 +1,28 @@
; To be placed in /var/lib/knot/zones/vern0.me.zone
$ORIGIN vern0.me. ; 'default' domain as FQDN for this zone
$TTL 86400 ; default time-to-live for this zone
vern0.me. IN SOA ns1.vern0.me. ns2.vern0.me. (
2020080303 ;Serial
7200 ;Refresh
3600 ;Retry
1209600 ;Expire
3600 ;Negative response caching TTL
)
; The nameserver that are authoritative for this zone.
; NS vern0.me.
; Is IN required?
@ IN NS ns1.vern0.me.
@ IN NS ns2.vern0.me.
; these A records below are equivalent
@ A 167.114.67.70
* A 167.114.67.70
ns1.vern0.me. A 139.144.17.216
ns2.vern0.me. A 167.114.67.70
www CNAME vern0.me.
; mail MX 10 example.com.
216.17.144.139.in-addr.arpa. PTR vern0.me.

31
slave/knot.conf Normal file
View File

@ -0,0 +1,31 @@
# This must be placed in /etc/knot/knot.conf
server:
rundir: "/run/knot"
user: knot:knot
listen: [ 127.0.0.1@53, ::1@53, 167.114.67.70@53 ]
log:
- target: syslog
any: info
database:
storage: "/var/lib/knot"
remote:
- id: primary
address: 139.144.17.216@53
acl:
- id: acl_primary
address: 139.144.17.216
action: notify
template:
- id: default
storage: "/var/lib/knot/zones"
file: "%s.zone"
zone:
- domain: vern0.me
master: primary
acl: acl_primary