diff --git a/README.md b/README.md index 0844cae..cb191a6 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,9 @@ Currently its deployed on vern.cc and vern0.me, both the domains we manage -The master is hosted on our linode, statusvern and the slave is on our main VPS. +The slave is hosted on our India Linode, Hellfire and the master is on our main VPS on Hetzner, Mythos. -We use the `knot` package from debian repos. +We use the `knot` package from https://deb.knot-dns.cz/knot-latest. To apply changes, bump the serial by 1 (in same file, below SOA line) and then `knotc reload`. Then on your slave, run `knotc zone-retransfer yourdomain.me; kontc zone-reload yourdomain.me` @@ -14,7 +14,7 @@ Note: For serial, its recommended to use YYYYMMDDXX format. For example, thirtee ## Setup -Put the files in master/ and slave/ in the respective places. +Put the files in master/ and slave/ in /etc/knot You might want to also add an auth key (for sync) but i haven't experimented with it yet. @@ -26,7 +26,7 @@ Thats all the setup you need for a basic authoritative DNS server. In order to setup DNSSEC do the following :- -1. Run `keymgr vern.cc ds` in order to get your DS key +1. Run `keymgr yourdomain.com ds` in order to get your DS key Example: `54674 13 2 E28E3DB78E5517A577353A43799AD14EC044720BAE4906D134F5EA40 74AC0287` diff --git a/master/vern.cc.zone b/master/vern.cc.zone deleted file mode 100644 index d8655f8..0000000 --- a/master/vern.cc.zone +++ /dev/null @@ -1,69 +0,0 @@ -; To be placed in /var/lib/knot/zones/vern.cc.zone -$ORIGIN vern.cc. ; 'default' domain as FQDN for this zone -$TTL 86400 ; default time-to-live for this zone - -vern.cc. IN SOA ns1.vern.cc. ns2.vern.cc. ( - 2022102301 ;Serial - 14400 ;Refresh - 3600 ;Retry - 1209600 ;Expire - 3600 ;Negative response caching TTL -) - -;; NameServer -@ NS ns1.vern.cc. -@ NS ns2.vern.cc. -ns1.vern.cc. A 139.144.17.216 -ns2.vern.cc. A 167.114.67.70 - -;; Core -@ A 167.114.67.70 -* A 167.114.67.70 -@ TXT "oa1:xmr recipient_address=4ATm8EZaC4iEuwt1VABuxFPi5xq4HgvqgghmKqvgQyvwQf9KK7AyYFXCYCZ3xBiqZ38CctAWihJ3yLeKAeGJfQBgDxQnn91; recipient_name=~vern;" - -;; XMPP -_xmpp-client._tcp SRV 10 0 5222 vern.cc. -_xmpp-server._tcp SRV 5 0 5269 vern.cc. -_xmpps-client._tcp SRV 5 0 5223 vern.cc. -_xmpps-server._tcp SRV 5 0 5270 vern.cc. - -;; Statusvern -librespeed.vern.cc. A 139.144.17.216 -ls.vern.cc. A 139.144.17.216 -speedtest.vern.cc. A 139.144.17.216 -status.vern.cc. A 139.144.17.216 -librespeed.vern.cc. AAAA 2600:3c02::f03c:93ff:feeb:c06a -ls.vern.cc. AAAA 2600:3c02::f03c:93ff:feeb:c06a -speedtest.vern.cc. AAAA 2600:3c02::f03c:93ff:feeb:c06a -status.vern.cc. AAAA 2600:3c02::f03c:93ff:feeb:c06a - -;; Mail - Main -mail.vern.cc. A 167.114.67.70 -vern.cc. MX 10 mail.vern.cc. -autoconfig.vern.cc. CNAME mail.vern.cc. -autodiscover.vern.cc. CNAME mail.vern.cc. -@ TXT "v=spf1 a mx ip4:167.114.67.70 ~all" -_dmarc TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@vern.cc" -_acme-challenge TXT "Hg6SM8_f-GSINSC-4qmecq7QUEMIPMx4deuyogmQVzs" -modoboa._domainkey.vern.cc. IN TXT ( - "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyCvde3brJOXbIf" - "OghNjhzZNouExmUeRheSTK3J5iExqA43nNaqE9WqQEc6CJlM5/dfIcdli9pkQy3VRnH8M5Olcr" - "sVt5d5eVZ2A8LJi4MUuEdp2/Ma09aaFLi/4htwfxpfShunA/VUtzTMlrYqOTb4PCSdmYKtz6hc" - "QZHrEoEG7Cohy8VL72Ol92nyEkZmw4lBhnDFjhYHIqIVXdGncMLR1815uwWwRN+jHHO86Fwue+" - "1p9BFC3X8oos4Idw2FQBecYNk7cd/qksLh0ZlEAnHH3ICgWsAawzhVpUgubMdr5Y3xNYmXOkSq" - "Eu2clDJxFgJVBmnsStWv41tq8pmi0FDYTknPJ9XDV7+vCIX7UKRw/27kwHpe0cCL0BWg2a9j8r" - "l46IRM2fFk2fKl4Spzw2dVRo70LmRH2Eh4p4fMoA+iTa9/UHHSVq5sdkqFxE3SBlYrvChA4phS" - "B94Fe/uFraY91c+0jdWVVwSBMBqyj0I7qAU3ERwo/W3j6kZGPhGGIo4zKGkZskfSvOn3YK3khN" - "nx8PWWkpivizAZRIknHxG8muUPZHyAdRBicPPxI8mEz8EG3IipW7AfiPWm3qpnKHamihFgFoxM" - "hiC0bfSfsq45JOACLdN0u2BcXoVkDQbrQcp0Wg6GA9qLx5R1nPBo+v932RZ8wCr4MNWL6rYYFa" - "QtECAwEAAQ==") - -;; Mail - Mailman -lists.vern.cc. A 139.144.17.216 -lists.vern.cc. MX 10 lists.vern.cc. -lists TXT "v=spf1 mx a ip4:139.144.17.216 ip6:2600:3c02::f03c:93ff:feeb:c06a ~all" -_dmarc.lists TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:root@vern.cc; ruf=mailto:root@vern.cc; aspf=r" - -;; PTR -70.67.114.167.in-addr.arpa. PTR vern.cc. -216.17.144.139.in-addr.arpa. PTR lists.vern.cc. \ No newline at end of file diff --git a/master/zones/vern.cc.zone b/master/zones/vern.cc.zone new file mode 100644 index 0000000..d6bd144 --- /dev/null +++ b/master/zones/vern.cc.zone @@ -0,0 +1,90 @@ +$ORIGIN vern.cc. ; 'default' domain as FQDN for this zone +$TTL 3600 ; default time-to-live for this zone + +vern.cc. IN SOA ns1.vern.cc. ns2.vern.cc. ( + 2022111611 ;Serial + 14400 ;Refresh + 3600 ;Retry + 1209600 ;Expire + 3600 ;Negative response caching TTL +) + + +;; NameServer +@ NS ns1.vern.cc. +@ NS ns2.vern.cc. +ns1.vern.cc. A 5.161.108.85 +ns2.vern.cc. A 192.46.210.187 + +;; Core +@ A 5.161.108.85 +* A 5.161.108.85 +@ TXT "oa1:xmr recipient_address=4ATm8EZaC4iEuwt1VABuxFPi5xq4HgvqgghmKqvgQyvwQf9KK7AyYFXCYCZ3xBiqZ38CctAWihJ3yLeKAeGJfQBgDxQnn91; recipient_name=~vern;" +gcdn A 5.161.108.85 +;;@ CAA 0 issue ";" + +;; XMPP +_xmpp-client._tcp SRV 10 0 5222 vern.cc. +_xmpp-server._tcp SRV 5 0 5269 vern.cc. +_xmpps-client._tcp SRV 5 0 5223 vern.cc. +_xmpps-server._tcp SRV 5 0 5270 vern.cc. + +;; Zodiac (Inserv) +in.vern.cc. A 192.46.210.187 +in.vern.cc. AAAA 2400:8904::f03c:93ff:feeb:c06a +*.in.vern.cc. A 192.46.210.187 +*.in.vern.cc. AAAA 2400:8904::f03c:93ff:feeb:c06a + +;; Iceberg +iceberg.vern.cc. A 173.255.236.85 +dns.vern.cc. A 173.255.236.85 +librespeed.vern.cc. A 173.255.236.85 +ls.vern.cc. A 173.255.236.85 +speedtest.vern.cc. A 173.255.236.85 +status.vern.cc. A 173.255.236.85 +id.vern.cc. A 173.255.236.85 +ft.vern.cc. A 173.255.236.85 +fedtester.vern.cc. A 173.255.236.85 +iceberg.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504 +dns.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504 +ls.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504 +librespeed.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504 +speedtest.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504 +status.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504 +id.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504 +ft.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504 +fedtester.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504 + +;; Mail - Main +vern.cc. MX 10 mail.vern.cc. +autoconfig.vern.cc. CNAME mail.vern.cc. +autodiscover.vern.cc. CNAME mail.vern.cc. +@ TXT "v=spf1 a mx ip4:5.161.108.85 ~all" +_dmarc TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@vern.cc" +_acme-challenge TXT "Hg6SM8_f-GSINSC-4qmecq7QUEMIPMx4deuyogmQVzs" +modoboa._domainkey.vern.cc. IN TXT ( + "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyCvde3brJOXbIf" + "OghNjhzZNouExmUeRheSTK3J5iExqA43nNaqE9WqQEc6CJlM5/dfIcdli9pkQy3VRnH8M5Olcr" + "sVt5d5eVZ2A8LJi4MUuEdp2/Ma09aaFLi/4htwfxpfShunA/VUtzTMlrYqOTb4PCSdmYKtz6hc" + "QZHrEoEG7Cohy8VL72Ol92nyEkZmw4lBhnDFjhYHIqIVXdGncMLR1815uwWwRN+jHHO86Fwue+" + "1p9BFC3X8oos4Idw2FQBecYNk7cd/qksLh0ZlEAnHH3ICgWsAawzhVpUgubMdr5Y3xNYmXOkSq" + "Eu2clDJxFgJVBmnsStWv41tq8pmi0FDYTknPJ9XDV7+vCIX7UKRw/27kwHpe0cCL0BWg2a9j8r" + "l46IRM2fFk2fKl4Spzw2dVRo70LmRH2Eh4p4fMoA+iTa9/UHHSVq5sdkqFxE3SBlYrvChA4phS" + "B94Fe/uFraY91c+0jdWVVwSBMBqyj0I7qAU3ERwo/W3j6kZGPhGGIo4zKGkZskfSvOn3YK3khN" + "nx8PWWkpivizAZRIknHxG8muUPZHyAdRBicPPxI8mEz8EG3IipW7AfiPWm3qpnKHamihFgFoxM" + "hiC0bfSfsq45JOACLdN0u2BcXoVkDQbrQcp0Wg6GA9qLx5R1nPBo+v932RZ8wCr4MNWL6rYYFa" + "QtECAwEAAQ==") + +;; Mail - SimpleLogin +sl.vern.cc. A 173.255.236.85 +sl.vern.cc. AAAA 2600:3c03::f03c:93ff:fed9:3504 +sl.vern.cc. MX 10 sl.vern.cc. +sl TXT "v=spf1 mx ~all" +_dmarc.sl TXT "v=DMARC1; p=quarantine; adkim=r; aspf=r;" +default._domainkey.sl.vern.cc. TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcmrZT4de3q6UTOHHq5KjJT9pTwYxfcaeEATHXSrgdLGMcSopLx0PH7gdC4c1v8RRJcF+i+DmyEdNR1410ORIZSuK2kNh3a8TB+ewHIEdnJlRqics+iKc80v+DfdVfHRAdpNMo/FXq2yLXJ9uuETTjuQgh87PAz7ltMX4JQOw9zwIDAQAB" + +;; ACME + +;; PTR +85.108.161.5.in-addr.arpa. PTR vern.cc. +85.236.255.173.in-addr.arpa. PTR sl.vern.cc diff --git a/master/vern0.me.zone b/master/zones/vern0.me.zone similarity index 70% rename from master/vern0.me.zone rename to master/zones/vern0.me.zone index 760f363..14e8e28 100644 --- a/master/vern0.me.zone +++ b/master/zones/vern0.me.zone @@ -3,7 +3,7 @@ $ORIGIN vern0.me. ; 'default' domain as FQDN for this zone $TTL 86400 ; default time-to-live for this zone vern0.me. IN SOA ns1.vern0.me. ns2.vern0.me. ( - 2022100205 ;Serial + 2022111201 ;Serial 14400 ;Refresh 3600 ;Retry 1209600 ;Expire @@ -11,23 +11,20 @@ vern0.me. IN SOA ns1.vern0.me. ns2.vern0.me. ( ) ; The nameserver that are authoritative for this zone. -; NS vern0.me. -; Is isn't required. @ IN NS ns1.vern0.me. @ IN NS ns2.vern0.me. ; these A records below are equivalent -@ A 167.114.67.70 -* A 167.114.67.70 -ns1.vern0.me. A 139.144.17.216 -ns2.vern0.me. A 167.114.67.70 -mail.vern0.me. A 167.114.67.70 +@ A 5.161.108.85 +* A 5.161.108.85 +ns1.vern0.me. A 5.161.108.85 +ns2.vern0.me. A 192.46.210.187 modoboa._domainkey.vern0.me. IN TXT ( "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHWx57YT7PrtlLXvv8C1" "5o88pByJOunrkySwk4297jMF3mXGOUbnKd79DxdilTMB6SkYU2AQ98cO3X43/1ab1wUND8yfpC" "HUD2nxPEAJ3NNaFhKzNr2ta8Hnj05yF4lcczGUNazhoR1KZn2OzS4twUIYW40mD2PdOMPr4sjf" "n1CwIDAQAB") -@ TXT "v=spf1 a mx ip4:167.114.67.70 ~all" +@ TXT "v=spf1 a mx ip4:5.161.108.85 ~all" _dmarc TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@vern0.me" vern0.me. MX 10 mail.vern0.me. -70.67.114.167.in-addr.arpa. PTR vern0.me. \ No newline at end of file +85.108.161.5.in-addr.arpa. PTR vern0.me. diff --git a/slave/geo.conf b/slave/geo.conf new file mode 100644 index 0000000..a263ab2 --- /dev/null +++ b/slave/geo.conf @@ -0,0 +1,19 @@ +gcdn.vern.cc: + - geo: "*;*;*" + A: 5.161.108.85 + TXT: "Worldwide (US Server)" + - geo: "AS;*;*" + A: 192.46.210.187 + TXT: "Asia (India Server)" + - geo: "EU;*;*" + A: 192.46.210.187 + TXT: "Europe (India Server Currently)" + - geo: "EU;NO;*" + A: 5.161.108.85 + TXT: "New York (Norway speeds are better to our US Server than India one)" + - geo: "AF;*;*" + A: 192.46.210.187 + TXT: "Africa (India Server Currently)" + - geo: "OC;*;*" + A: 192.46.210.187 + TXT: "Oceania (India Server Currently)" diff --git a/slave/knot.conf b/slave/knot.conf index e92d8f3..b27510c 100644 --- a/slave/knot.conf +++ b/slave/knot.conf @@ -1,8 +1,7 @@ -# This must be placed in /etc/knot/knot.conf server: rundir: "/run/knot" user: knot:knot - listen: [ 127.0.0.1@53, ::1@53, 167.114.67.70@53 ] + listen: [ 0.0.0.0@53 ] log: - target: syslog @@ -13,22 +12,31 @@ database: remote: - id: primary - address: 139.144.17.216@53 + address: 5.161.108.85@53 acl: - id: acl_primary - address: 139.144.17.216 + address: 5.161.108.85 action: notify template: - id: default - storage: "/var/lib/knot/zones" + storage: "/etc/knot" file: "%s.zone" +mod-geoip: + - id: geo + config-file: "/etc/knot/geo.conf" + mode: geodb + geodb-file: "/var/lib/knot/GeoLite2-City.mmdb" + geodb-key: [ continent/code, country/iso_code, city/names/en ] + + zone: - domain: vern0.me master: primary acl: acl_primary - domain: vern.cc master: primary - acl: acl_primary \ No newline at end of file + acl: acl_primary + module: mod-geoip/geo