Add content
This commit is contained in:
parent
cbccd2abb1
commit
a64f4a767f
43
README.md
43
README.md
|
@ -0,0 +1,43 @@
|
|||
# ~vern DNS
|
||||
|
||||
~vern uses knot-dns.cx for our self-hosted DNS. This is complete with DNSSEC.
|
||||
|
||||
Currently its only deployed to vern0.me, and not to production.
|
||||
|
||||
The master is hosted on our status.vern.cc linode, statusvern and the slave is on our main VPS.
|
||||
|
||||
We use the `knot` package from debian repos.
|
||||
|
||||
To do changes, add the records, bump the serial by 1 (in same file below SOA) and then `systemctl restart knot` (there is probably a better way to do this)
|
||||
|
||||
## Setup
|
||||
|
||||
Put the files in master/ and slave/ in the respective places.
|
||||
|
||||
You might want to also add an auth key (for sync) but i haven't experimented with it yet.
|
||||
|
||||
On your registrar side, add the GLUE records. (On namecheap, its under Advanced DNS -> Personal DNS Server -> Add nameserver)
|
||||
|
||||
After that, add ns1.yourdomain.me and ns2.yourdomain.me to the custom dns part.
|
||||
|
||||
Thats all the setup you need for a basic authoritative DNS server.
|
||||
|
||||
In order to setup DNSSEC do the following :-
|
||||
1. Run `dig DS yourdomain.me. +short` in order to get your DS key
|
||||
Example: `54674 13 2 E28E3DB78E5517A577353A43799AD14EC044720BAE4906D134F5EA40 74AC0287`
|
||||
|
||||
2. Then, add the DS record on your registrar's side.
|
||||
|
||||
With the example provided,
|
||||
a) Key tag - 54674
|
||||
b) Algorithm - 13
|
||||
c) Digest Type - 2
|
||||
d) Digest - E28E3...287
|
||||
|
||||
(On namecheap, you add this at Advanced DNS -> DNSSEC)
|
||||
|
||||
## I need help
|
||||
|
||||
If you want help with this, feel free to join #chat. I can help you with it if needed :)
|
||||
|
||||
~aryak
|
|
@ -0,0 +1,33 @@
|
|||
# This file must be placed in /etc/knot/knot.conf
|
||||
server:
|
||||
rundir: "/run/knot"
|
||||
user: knot:knot
|
||||
listen: [ 127.0.0.1@53, ::1@53, 139.144.17.216@53 ]
|
||||
|
||||
log:
|
||||
- target: syslog
|
||||
any: info
|
||||
|
||||
database:
|
||||
storage: "/var/lib/knot"
|
||||
|
||||
remote:
|
||||
- id: secondary
|
||||
address: 167.114.67.70@53
|
||||
|
||||
acl:
|
||||
- id: acl_secondary
|
||||
address: 167.114.67.70
|
||||
action: transfer
|
||||
|
||||
template:
|
||||
- id: default
|
||||
storage: "/var/lib/knot/zones"
|
||||
file: "%s.zone"
|
||||
dnssec-signing: on
|
||||
semantic-checks: on
|
||||
|
||||
zone:
|
||||
- domain: vern0.me
|
||||
notify: secondary
|
||||
acl: acl_secondary
|
|
@ -0,0 +1,28 @@
|
|||
; To be placed in /var/lib/knot/zones/vern0.me.zone
|
||||
$ORIGIN vern0.me. ; 'default' domain as FQDN for this zone
|
||||
$TTL 86400 ; default time-to-live for this zone
|
||||
|
||||
vern0.me. IN SOA ns1.vern0.me. ns2.vern0.me. (
|
||||
2020080303 ;Serial
|
||||
7200 ;Refresh
|
||||
3600 ;Retry
|
||||
1209600 ;Expire
|
||||
3600 ;Negative response caching TTL
|
||||
)
|
||||
|
||||
; The nameserver that are authoritative for this zone.
|
||||
; NS vern0.me.
|
||||
; Is IN required?
|
||||
@ IN NS ns1.vern0.me.
|
||||
@ IN NS ns2.vern0.me.
|
||||
|
||||
; these A records below are equivalent
|
||||
@ A 167.114.67.70
|
||||
* A 167.114.67.70
|
||||
ns1.vern0.me. A 139.144.17.216
|
||||
ns2.vern0.me. A 167.114.67.70
|
||||
www CNAME vern0.me.
|
||||
|
||||
; mail MX 10 example.com.
|
||||
|
||||
216.17.144.139.in-addr.arpa. PTR vern0.me.
|
|
@ -0,0 +1,31 @@
|
|||
# This must be placed in /etc/knot/knot.conf
|
||||
server:
|
||||
rundir: "/run/knot"
|
||||
user: knot:knot
|
||||
listen: [ 127.0.0.1@53, ::1@53, 167.114.67.70@53 ]
|
||||
|
||||
log:
|
||||
- target: syslog
|
||||
any: info
|
||||
|
||||
database:
|
||||
storage: "/var/lib/knot"
|
||||
|
||||
remote:
|
||||
- id: primary
|
||||
address: 139.144.17.216@53
|
||||
|
||||
acl:
|
||||
- id: acl_primary
|
||||
address: 139.144.17.216
|
||||
action: notify
|
||||
|
||||
template:
|
||||
- id: default
|
||||
storage: "/var/lib/knot/zones"
|
||||
file: "%s.zone"
|
||||
|
||||
zone:
|
||||
- domain: vern0.me
|
||||
master: primary
|
||||
acl: acl_primary
|
Loading…
Reference in New Issue