update
This commit is contained in:
Arya Kiran
parent
e97c740d09
commit
d9ee381f01
|
|
@ -4,9 +4,9 @@
|
|||
|
||||
Currently its deployed on vern.cc and vern0.me, both the domains we manage
|
||||
|
||||
The master is hosted on our linode, statusvern and the slave is on our main VPS.
|
||||
The slave is hosted on our India Linode, Hellfire and the master is on our main VPS on Hetzner, Mythos.
|
||||
|
||||
We use the `knot` package from debian repos.
|
||||
We use the `knot` package from https://deb.knot-dns.cz/knot-latest.
|
||||
|
||||
To apply changes, bump the serial by 1 (in same file, below SOA line) and then `knotc reload`. Then on your slave, run `knotc zone-retransfer yourdomain.me; kontc zone-reload yourdomain.me`
|
||||
|
||||
|
|
@ -14,7 +14,7 @@ Note: For serial, its recommended to use YYYYMMDDXX format. For example, thirtee
|
|||
|
||||
## Setup
|
||||
|
||||
Put the files in master/ and slave/ in the respective places.
|
||||
Put the files in master/ and slave/ in /etc/knot
|
||||
|
||||
You might want to also add an auth key (for sync) but i haven't experimented with it yet.
|
||||
|
||||
|
|
@ -26,7 +26,7 @@ Thats all the setup you need for a basic authoritative DNS server.
|
|||
|
||||
In order to setup DNSSEC do the following :-
|
||||
|
||||
1. Run `keymgr vern.cc ds` in order to get your DS key
|
||||
1. Run `keymgr yourdomain.com ds` in order to get your DS key
|
||||
|
||||
Example: `54674 13 2 E28E3DB78E5517A577353A43799AD14EC044720BAE4906D134F5EA40 74AC0287`
|
||||
|
||||
|
|
|
|||
|
|
@ -1,69 +0,0 @@
|
|||
; To be placed in /var/lib/knot/zones/vern.cc.zone
|
||||
$ORIGIN vern.cc. ; 'default' domain as FQDN for this zone
|
||||
$TTL 86400 ; default time-to-live for this zone
|
||||
|
||||
vern.cc. IN SOA ns1.vern.cc. ns2.vern.cc. (
|
||||
2022102301 ;Serial
|
||||
14400 ;Refresh
|
||||
3600 ;Retry
|
||||
1209600 ;Expire
|
||||
3600 ;Negative response caching TTL
|
||||
)
|
||||
|
||||
;; NameServer
|
||||
@ NS ns1.vern.cc.
|
||||
@ NS ns2.vern.cc.
|
||||
ns1.vern.cc. A 139.144.17.216
|
||||
ns2.vern.cc. A 167.114.67.70
|
||||
|
||||
;; Core
|
||||
@ A 167.114.67.70
|
||||
* A 167.114.67.70
|
||||
@ TXT "oa1:xmr recipient_address=4ATm8EZaC4iEuwt1VABuxFPi5xq4HgvqgghmKqvgQyvwQf9KK7AyYFXCYCZ3xBiqZ38CctAWihJ3yLeKAeGJfQBgDxQnn91; recipient_name=~vern;"
|
||||
|
||||
;; XMPP
|
||||
_xmpp-client._tcp SRV 10 0 5222 vern.cc.
|
||||
_xmpp-server._tcp SRV 5 0 5269 vern.cc.
|
||||
_xmpps-client._tcp SRV 5 0 5223 vern.cc.
|
||||
_xmpps-server._tcp SRV 5 0 5270 vern.cc.
|
||||
|
||||
;; Statusvern
|
||||
librespeed.vern.cc. A 139.144.17.216
|
||||
ls.vern.cc. A 139.144.17.216
|
||||
speedtest.vern.cc. A 139.144.17.216
|
||||
status.vern.cc. A 139.144.17.216
|
||||
librespeed.vern.cc. AAAA 2600:3c02::f03c:93ff:feeb:c06a
|
||||
ls.vern.cc. AAAA 2600:3c02::f03c:93ff:feeb:c06a
|
||||
speedtest.vern.cc. AAAA 2600:3c02::f03c:93ff:feeb:c06a
|
||||
status.vern.cc. AAAA 2600:3c02::f03c:93ff:feeb:c06a
|
||||
|
||||
;; Mail - Main
|
||||
mail.vern.cc. A 167.114.67.70
|
||||
vern.cc. MX 10 mail.vern.cc.
|
||||
autoconfig.vern.cc. CNAME mail.vern.cc.
|
||||
autodiscover.vern.cc. CNAME mail.vern.cc.
|
||||
@ TXT "v=spf1 a mx ip4:167.114.67.70 ~all"
|
||||
_dmarc TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@vern.cc"
|
||||
_acme-challenge TXT "Hg6SM8_f-GSINSC-4qmecq7QUEMIPMx4deuyogmQVzs"
|
||||
modoboa._domainkey.vern.cc. IN TXT (
|
||||
"v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyCvde3brJOXbIf"
|
||||
"OghNjhzZNouExmUeRheSTK3J5iExqA43nNaqE9WqQEc6CJlM5/dfIcdli9pkQy3VRnH8M5Olcr"
|
||||
"sVt5d5eVZ2A8LJi4MUuEdp2/Ma09aaFLi/4htwfxpfShunA/VUtzTMlrYqOTb4PCSdmYKtz6hc"
|
||||
"QZHrEoEG7Cohy8VL72Ol92nyEkZmw4lBhnDFjhYHIqIVXdGncMLR1815uwWwRN+jHHO86Fwue+"
|
||||
"1p9BFC3X8oos4Idw2FQBecYNk7cd/qksLh0ZlEAnHH3ICgWsAawzhVpUgubMdr5Y3xNYmXOkSq"
|
||||
"Eu2clDJxFgJVBmnsStWv41tq8pmi0FDYTknPJ9XDV7+vCIX7UKRw/27kwHpe0cCL0BWg2a9j8r"
|
||||
"l46IRM2fFk2fKl4Spzw2dVRo70LmRH2Eh4p4fMoA+iTa9/UHHSVq5sdkqFxE3SBlYrvChA4phS"
|
||||
"B94Fe/uFraY91c+0jdWVVwSBMBqyj0I7qAU3ERwo/W3j6kZGPhGGIo4zKGkZskfSvOn3YK3khN"
|
||||
"nx8PWWkpivizAZRIknHxG8muUPZHyAdRBicPPxI8mEz8EG3IipW7AfiPWm3qpnKHamihFgFoxM"
|
||||
"hiC0bfSfsq45JOACLdN0u2BcXoVkDQbrQcp0Wg6GA9qLx5R1nPBo+v932RZ8wCr4MNWL6rYYFa"
|
||||
"QtECAwEAAQ==")
|
||||
|
||||
;; Mail - Mailman
|
||||
lists.vern.cc. A 139.144.17.216
|
||||
lists.vern.cc. MX 10 lists.vern.cc.
|
||||
lists TXT "v=spf1 mx a ip4:139.144.17.216 ip6:2600:3c02::f03c:93ff:feeb:c06a ~all"
|
||||
_dmarc.lists TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:root@vern.cc; ruf=mailto:root@vern.cc; aspf=r"
|
||||
|
||||
;; PTR
|
||||
70.67.114.167.in-addr.arpa. PTR vern.cc.
|
||||
216.17.144.139.in-addr.arpa. PTR lists.vern.cc.
|
||||
|
|
@ -0,0 +1,90 @@
|
|||
$ORIGIN vern.cc. ; 'default' domain as FQDN for this zone
|
||||
$TTL 3600 ; default time-to-live for this zone
|
||||
|
||||
vern.cc. IN SOA ns1.vern.cc. ns2.vern.cc. (
|
||||
2022111611 ;Serial
|
||||
14400 ;Refresh
|
||||
3600 ;Retry
|
||||
1209600 ;Expire
|
||||
3600 ;Negative response caching TTL
|
||||
)
|
||||
|
||||
|
||||
;; NameServer
|
||||
@ NS ns1.vern.cc.
|
||||
@ NS ns2.vern.cc.
|
||||
ns1.vern.cc. A 5.161.108.85
|
||||
ns2.vern.cc. A 192.46.210.187
|
||||
|
||||
;; Core
|
||||
@ A 5.161.108.85
|
||||
* A 5.161.108.85
|
||||
@ TXT "oa1:xmr recipient_address=4ATm8EZaC4iEuwt1VABuxFPi5xq4HgvqgghmKqvgQyvwQf9KK7AyYFXCYCZ3xBiqZ38CctAWihJ3yLeKAeGJfQBgDxQnn91; recipient_name=~vern;"
|
||||
gcdn A 5.161.108.85
|
||||
;;@ CAA 0 issue ";"
|
||||
|
||||
;; XMPP
|
||||
_xmpp-client._tcp SRV 10 0 5222 vern.cc.
|
||||
_xmpp-server._tcp SRV 5 0 5269 vern.cc.
|
||||
_xmpps-client._tcp SRV 5 0 5223 vern.cc.
|
||||
_xmpps-server._tcp SRV 5 0 5270 vern.cc.
|
||||
|
||||
;; Zodiac (Inserv)
|
||||
in.vern.cc. A 192.46.210.187
|
||||
in.vern.cc. AAAA 2400:8904::f03c:93ff:feeb:c06a
|
||||
*.in.vern.cc. A 192.46.210.187
|
||||
*.in.vern.cc. AAAA 2400:8904::f03c:93ff:feeb:c06a
|
||||
|
||||
;; Iceberg
|
||||
iceberg.vern.cc. A 173.255.236.85
|
||||
dns.vern.cc. A 173.255.236.85
|
||||
librespeed.vern.cc. A 173.255.236.85
|
||||
ls.vern.cc. A 173.255.236.85
|
||||
speedtest.vern.cc. A 173.255.236.85
|
||||
status.vern.cc. A 173.255.236.85
|
||||
id.vern.cc. A 173.255.236.85
|
||||
ft.vern.cc. A 173.255.236.85
|
||||
fedtester.vern.cc. A 173.255.236.85
|
||||
iceberg.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504
|
||||
dns.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504
|
||||
ls.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504
|
||||
librespeed.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504
|
||||
speedtest.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504
|
||||
status.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504
|
||||
id.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504
|
||||
ft.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504
|
||||
fedtester.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504
|
||||
|
||||
;; Mail - Main
|
||||
vern.cc. MX 10 mail.vern.cc.
|
||||
autoconfig.vern.cc. CNAME mail.vern.cc.
|
||||
autodiscover.vern.cc. CNAME mail.vern.cc.
|
||||
@ TXT "v=spf1 a mx ip4:5.161.108.85 ~all"
|
||||
_dmarc TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@vern.cc"
|
||||
_acme-challenge TXT "Hg6SM8_f-GSINSC-4qmecq7QUEMIPMx4deuyogmQVzs"
|
||||
modoboa._domainkey.vern.cc. IN TXT (
|
||||
"v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyCvde3brJOXbIf"
|
||||
"OghNjhzZNouExmUeRheSTK3J5iExqA43nNaqE9WqQEc6CJlM5/dfIcdli9pkQy3VRnH8M5Olcr"
|
||||
"sVt5d5eVZ2A8LJi4MUuEdp2/Ma09aaFLi/4htwfxpfShunA/VUtzTMlrYqOTb4PCSdmYKtz6hc"
|
||||
"QZHrEoEG7Cohy8VL72Ol92nyEkZmw4lBhnDFjhYHIqIVXdGncMLR1815uwWwRN+jHHO86Fwue+"
|
||||
"1p9BFC3X8oos4Idw2FQBecYNk7cd/qksLh0ZlEAnHH3ICgWsAawzhVpUgubMdr5Y3xNYmXOkSq"
|
||||
"Eu2clDJxFgJVBmnsStWv41tq8pmi0FDYTknPJ9XDV7+vCIX7UKRw/27kwHpe0cCL0BWg2a9j8r"
|
||||
"l46IRM2fFk2fKl4Spzw2dVRo70LmRH2Eh4p4fMoA+iTa9/UHHSVq5sdkqFxE3SBlYrvChA4phS"
|
||||
"B94Fe/uFraY91c+0jdWVVwSBMBqyj0I7qAU3ERwo/W3j6kZGPhGGIo4zKGkZskfSvOn3YK3khN"
|
||||
"nx8PWWkpivizAZRIknHxG8muUPZHyAdRBicPPxI8mEz8EG3IipW7AfiPWm3qpnKHamihFgFoxM"
|
||||
"hiC0bfSfsq45JOACLdN0u2BcXoVkDQbrQcp0Wg6GA9qLx5R1nPBo+v932RZ8wCr4MNWL6rYYFa"
|
||||
"QtECAwEAAQ==")
|
||||
|
||||
;; Mail - SimpleLogin
|
||||
sl.vern.cc. A 173.255.236.85
|
||||
sl.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504
|
||||
sl.vern.cc. MX 10 sl.vern.cc.
|
||||
sl TXT "v=spf1 mx ~all"
|
||||
_dmarc.sl TXT "v=DMARC1; p=quarantine; adkim=r; aspf=r;"
|
||||
default._domainkey.sl.vern.cc. TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcmrZT4de3q6UTOHHq5KjJT9pTwYxfcaeEATHXSrgdLGMcSopLx0PH7gdC4c1v8RRJcF+i+DmyEdNR1410ORIZSuK2kNh3a8TB+ewHIEdnJlRqics+iKc80v+DfdVfHRAdpNMo/FXq2yLXJ9uuETTjuQgh87PAz7ltMX4JQOw9zwIDAQAB"
|
||||
|
||||
;; ACME
|
||||
|
||||
;; PTR
|
||||
85.108.161.5.in-addr.arpa. PTR vern.cc.
|
||||
85.236.255.173.in-addr.arpa. PTR sl.vern.cc
|
||||
|
|
@ -3,7 +3,7 @@ $ORIGIN vern0.me. ; 'default' domain as FQDN for this zone
|
|||
$TTL 86400 ; default time-to-live for this zone
|
||||
|
||||
vern0.me. IN SOA ns1.vern0.me. ns2.vern0.me. (
|
||||
2022100205 ;Serial
|
||||
2022111201 ;Serial
|
||||
14400 ;Refresh
|
||||
3600 ;Retry
|
||||
1209600 ;Expire
|
||||
|
|
@ -11,23 +11,20 @@ vern0.me. IN SOA ns1.vern0.me. ns2.vern0.me. (
|
|||
)
|
||||
|
||||
; The nameserver that are authoritative for this zone.
|
||||
; NS vern0.me.
|
||||
; Is isn't required.
|
||||
@ IN NS ns1.vern0.me.
|
||||
@ IN NS ns2.vern0.me.
|
||||
|
||||
; these A records below are equivalent
|
||||
@ A 167.114.67.70
|
||||
* A 167.114.67.70
|
||||
ns1.vern0.me. A 139.144.17.216
|
||||
ns2.vern0.me. A 167.114.67.70
|
||||
mail.vern0.me. A 167.114.67.70
|
||||
@ A 5.161.108.85
|
||||
* A 5.161.108.85
|
||||
ns1.vern0.me. A 5.161.108.85
|
||||
ns2.vern0.me. A 192.46.210.187
|
||||
modoboa._domainkey.vern0.me. IN TXT (
|
||||
"v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHWx57YT7PrtlLXvv8C1"
|
||||
"5o88pByJOunrkySwk4297jMF3mXGOUbnKd79DxdilTMB6SkYU2AQ98cO3X43/1ab1wUND8yfpC"
|
||||
"HUD2nxPEAJ3NNaFhKzNr2ta8Hnj05yF4lcczGUNazhoR1KZn2OzS4twUIYW40mD2PdOMPr4sjf"
|
||||
"n1CwIDAQAB")
|
||||
@ TXT "v=spf1 a mx ip4:167.114.67.70 ~all"
|
||||
@ TXT "v=spf1 a mx ip4:5.161.108.85 ~all"
|
||||
_dmarc TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@vern0.me"
|
||||
vern0.me. MX 10 mail.vern0.me.
|
||||
70.67.114.167.in-addr.arpa. PTR vern0.me.
|
||||
85.108.161.5.in-addr.arpa. PTR vern0.me.
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
gcdn.vern.cc:
|
||||
- geo: "*;*;*"
|
||||
A: 5.161.108.85
|
||||
TXT: "Worldwide (US Server)"
|
||||
- geo: "AS;*;*"
|
||||
A: 192.46.210.187
|
||||
TXT: "Asia (India Server)"
|
||||
- geo: "EU;*;*"
|
||||
A: 192.46.210.187
|
||||
TXT: "Europe (India Server Currently)"
|
||||
- geo: "EU;NO;*"
|
||||
A: 5.161.108.85
|
||||
TXT: "New York (Norway speeds are better to our US Server than India one)"
|
||||
- geo: "AF;*;*"
|
||||
A: 192.46.210.187
|
||||
TXT: "Africa (India Server Currently)"
|
||||
- geo: "OC;*;*"
|
||||
A: 192.46.210.187
|
||||
TXT: "Oceania (India Server Currently)"
|
||||
|
|
@ -1,8 +1,7 @@
|
|||
# This must be placed in /etc/knot/knot.conf
|
||||
server:
|
||||
rundir: "/run/knot"
|
||||
user: knot:knot
|
||||
listen: [ 127.0.0.1@53, ::1@53, 167.114.67.70@53 ]
|
||||
listen: [ 0.0.0.0@53 ]
|
||||
|
||||
log:
|
||||
- target: syslog
|
||||
|
|
@ -13,22 +12,31 @@ database:
|
|||
|
||||
remote:
|
||||
- id: primary
|
||||
address: 139.144.17.216@53
|
||||
address: 5.161.108.85@53
|
||||
|
||||
acl:
|
||||
- id: acl_primary
|
||||
address: 139.144.17.216
|
||||
address: 5.161.108.85
|
||||
action: notify
|
||||
|
||||
template:
|
||||
- id: default
|
||||
storage: "/var/lib/knot/zones"
|
||||
storage: "/etc/knot"
|
||||
file: "%s.zone"
|
||||
|
||||
mod-geoip:
|
||||
- id: geo
|
||||
config-file: "/etc/knot/geo.conf"
|
||||
mode: geodb
|
||||
geodb-file: "/var/lib/knot/GeoLite2-City.mmdb"
|
||||
geodb-key: [ continent/code, country/iso_code, city/names/en ]
|
||||
|
||||
|
||||
zone:
|
||||
- domain: vern0.me
|
||||
master: primary
|
||||
acl: acl_primary
|
||||
- domain: vern.cc
|
||||
master: primary
|
||||
acl: acl_primary
|
||||
acl: acl_primary
|
||||
module: mod-geoip/geo
|
||||
|
|
|
|||
Loading…
Reference in New Issue