Bump

README.md

@@ -4,29 +4,29 @@
 
 Currently its deployed on vern.cc and vern0.me, both the domains we manage
 
-The master is hosted on our linode, statusvern and the slave is on our main VPS.
+The slave is hosted on our India Linode, Hellfire and the master is on our main VPS on Hetzner, Mythos.
 
-We use the `knot` package from debian repos.
+We use the `knot` package from https://deb.knot-dns.cz/knot-latest.
 
-To apply changes, bump the serial by 1 (in same file, below SOA line) and then `knotc reload`. Then on your slave, run `knotc zone-retransfer yourdomain.me; kontc zone-reload yourdomain.me`
+To apply changes, bump the serial by 1 (in same file, below SOA line) and then `knotc reload`. Then on your slave, run `knotc zone-retransfer yourdomain.com; kontc zone-reload yourdomain.com`
 
 Note: For serial, its recommended to use YYYYMMDDXX format. For example, thirteenth revision on 16/10/2022 would be serial 2022161013.
 
 ## Setup
 
-Put the files in master/ and slave/ in the respective places.
+Put the files in master/ and slave/ in /etc/knot
 
 You might want to also add an auth key (for sync) but i haven't experimented with it yet.
 
 On your registrar side, add the GLUE records. (On namecheap, its under Advanced DNS -> Personal DNS Server -> Add nameserver)
 
-After that, add ns1.yourdomain.me and ns2.yourdomain.me to the custom dns part.
+After that, add ns1.yourdomain.com and ns2.yourdomain.com to the custom dns part.
 
 Thats all the setup you need for a basic authoritative DNS server.
 
 In order to setup DNSSEC do the following :-
 
-1. Run `keymgr vern.cc ds` in order to get your DS key
+1. Run `keymgr yourdomain.com ds` in order to get your DS key
 
 Example: `54674 13 2 E28E3DB78E5517A577353A43799AD14EC044720BAE4906D134F5EA40 74AC0287`
 

master/geo.conf

@@ -0,0 +1,5 @@
+gcdn.vern.cc: 
+  - geo: "*;*;*" 
+    A: 5.161.108.85
+    TXT: "Worldwide (US Server)" 
+# HellFire is dead, we will readd once ~aryak gets static ip

master/knot.conf

@@ -1,8 +1,8 @@
-# This file must be placed in /etc/knot/knot.conf
 server:
     rundir: "/run/knot"
     user: knot:knot
-    listen: [ 127.0.0.1@53, ::1@53, 139.144.17.216@53 ]
+    listen: 0.0.0.0@53
+    listen: ::@53
 
 log:
   - target: syslog
@@ -22,10 +22,20 @@ acl:
 
 template:
   - id: default
-    storage: "/var/lib/knot/zones"
+    storage: "/etc/knot/zones"
     file: "%s.zone"
     dnssec-signing: on
     semantic-checks: on
+    zonefile-sync: -1
+    zonefile-load: difference
+    journal-content: changes
+
+mod-geoip:
+  - id: geo 
+    config-file: "/etc/knot/geo.conf"
+    mode: geodb
+    geodb-file: "/var/lib/knot/GeoLite2-City.mmdb"
+    geodb-key: [ continent/code, country/iso_code, city/names/en ]
 
 zone:
   - domain: vern0.me
@@ -34,3 +44,4 @@ zone:
   - domain: vern.cc
     notify: secondary
     acl: acl_secondary
+    module: mod-geoip/geo

master/vern.cc.zone

@@ -1,69 +0,0 @@
-; To be placed in /var/lib/knot/zones/vern.cc.zone
-$ORIGIN vern.cc. ; 'default' domain as FQDN for this zone
-$TTL 86400 ; default time-to-live for this zone
-
-vern.cc.   IN  SOA     ns1.vern.cc. ns2.vern.cc. (
-        2022102301  ;Serial
-        14400       ;Refresh
-        3600        ;Retry
-        1209600     ;Expire
-        3600        ;Negative response caching TTL
-)
-
-;; NameServer
-@		NS	ns1.vern.cc.
-@		NS	ns2.vern.cc.
-ns1.vern.cc.	A	139.144.17.216
-ns2.vern.cc.	A	167.114.67.70
-
-;; Core
-@                               A       167.114.67.70
-*                               A       167.114.67.70
-@		TXT	"oa1:xmr recipient_address=4ATm8EZaC4iEuwt1VABuxFPi5xq4HgvqgghmKqvgQyvwQf9KK7AyYFXCYCZ3xBiqZ38CctAWihJ3yLeKAeGJfQBgDxQnn91; recipient_name=~vern;"
-
-;; XMPP
-_xmpp-client._tcp	SRV	10	0	5222	vern.cc.
-_xmpp-server._tcp	SRV	5	0	5269	vern.cc.
-_xmpps-client._tcp	SRV	5	0	5223	vern.cc.
-_xmpps-server._tcp	SRV	5	0	5270	vern.cc.
-
-;; Statusvern
-librespeed.vern.cc.		A	139.144.17.216
-ls.vern.cc.		A	139.144.17.216
-speedtest.vern.cc.		A	139.144.17.216
-status.vern.cc.		A	139.144.17.216
-librespeed.vern.cc.		AAAA	2600:3c02::f03c:93ff:feeb:c06a
-ls.vern.cc.		AAAA	2600:3c02::f03c:93ff:feeb:c06a
-speedtest.vern.cc.		AAAA	2600:3c02::f03c:93ff:feeb:c06a
-status.vern.cc.		AAAA	2600:3c02::f03c:93ff:feeb:c06a
-
-;; Mail - Main
-mail.vern.cc.	A	167.114.67.70
-vern.cc.                    MX      10      mail.vern.cc.
-autoconfig.vern.cc.		CNAME	mail.vern.cc.
-autodiscover.vern.cc.		CNAME	mail.vern.cc.
-@		TXT	"v=spf1 a mx ip4:167.114.67.70 ~all"
-_dmarc		TXT	"v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@vern.cc"
-_acme-challenge	TXT	"Hg6SM8_f-GSINSC-4qmecq7QUEMIPMx4deuyogmQVzs"
-modoboa._domainkey.vern.cc. IN TXT (
-  "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyCvde3brJOXbIf"
-  "OghNjhzZNouExmUeRheSTK3J5iExqA43nNaqE9WqQEc6CJlM5/dfIcdli9pkQy3VRnH8M5Olcr"
-  "sVt5d5eVZ2A8LJi4MUuEdp2/Ma09aaFLi/4htwfxpfShunA/VUtzTMlrYqOTb4PCSdmYKtz6hc"
-  "QZHrEoEG7Cohy8VL72Ol92nyEkZmw4lBhnDFjhYHIqIVXdGncMLR1815uwWwRN+jHHO86Fwue+"
-  "1p9BFC3X8oos4Idw2FQBecYNk7cd/qksLh0ZlEAnHH3ICgWsAawzhVpUgubMdr5Y3xNYmXOkSq"
-  "Eu2clDJxFgJVBmnsStWv41tq8pmi0FDYTknPJ9XDV7+vCIX7UKRw/27kwHpe0cCL0BWg2a9j8r"
-  "l46IRM2fFk2fKl4Spzw2dVRo70LmRH2Eh4p4fMoA+iTa9/UHHSVq5sdkqFxE3SBlYrvChA4phS"
-  "B94Fe/uFraY91c+0jdWVVwSBMBqyj0I7qAU3ERwo/W3j6kZGPhGGIo4zKGkZskfSvOn3YK3khN"
-  "nx8PWWkpivizAZRIknHxG8muUPZHyAdRBicPPxI8mEz8EG3IipW7AfiPWm3qpnKHamihFgFoxM"
-  "hiC0bfSfsq45JOACLdN0u2BcXoVkDQbrQcp0Wg6GA9qLx5R1nPBo+v932RZ8wCr4MNWL6rYYFa"
-  "QtECAwEAAQ==")
-
-;; Mail - Mailman
-lists.vern.cc.		A	139.144.17.216
-lists.vern.cc.                    MX      10      lists.vern.cc.
-lists		TXT	"v=spf1 mx a ip4:139.144.17.216 ip6:2600:3c02::f03c:93ff:feeb:c06a ~all"
-_dmarc.lists	TXT	"v=DMARC1; p=quarantine; pct=100; rua=mailto:root@vern.cc; ruf=mailto:root@vern.cc; aspf=r"
-
-;; PTR
-70.67.114.167.in-addr.arpa.	PTR	vern.cc.
-216.17.144.139.in-addr.arpa.	PTR	lists.vern.cc.

master/zones/vern.cc.zone

@@ -0,0 +1,119 @@
+$ORIGIN vern.cc. ; 'default' domain as FQDN for this zone
+$TTL 3600 ; default time-to-live for this zone
+
+vern.cc.   IN  SOA     ns1.vern.cc. ns2.vern.cc. (
+        2023080501  ;Serial
+        14400       ;Refresh
+        3600        ;Retry
+        1209600     ;Expire
+        3600        ;Negative response caching TTL
+)
+
+
+;; NameServer
+@		NS	ns1.vern.cc.
+@		NS	ns2.vern.cc.
+ns1.vern.cc.	A	5.161.108.85
+ns1.vern.cc.	AAAA	2a01:4ff:f0:4fb3::
+ns2.vern.cc.	A	135.148.121.130
+ns2.vern.cc.	AAAA	2604:2dc0:101:200::4621
+
+;; Core
+@                               A       5.161.108.85
+@				AAAA	2a01:4ff:f0:4fb3::
+*                               A       5.161.108.85
+*				AAAA	2a01:4ff:f0:4fb3::
+bw                              A       5.161.108.85
+bw				AAAA	2a01:4ff:f0:4fb3::
+breezewiki                      A       5.161.108.85
+breezewiki			AAAA	2a01:4ff:f0:4fb3::
+fandom                          A       5.161.108.85
+fandom				AAAA	2a01:4ff:f0:4fb3::
+@		TXT	"oa1:xmr recipient_address=4ATm8EZaC4iEuwt1VABuxFPi5xq4HgvqgghmKqvgQyvwQf9KK7AyYFXCYCZ3xBiqZ38CctAWihJ3yLeKAeGJfQBgDxQnn91; recipient_name=~vern;"
+gcdn		A	5.161.108.85
+gcdn		AAAA	2a01:4ff:f0:4fb3::
+;;@			CAA	0 	issue ";"
+
+;; XMPP
+_xmpp-client._tcp	SRV	10	0	5222	vern.cc.
+_xmpp-server._tcp	SRV	5	0	5269	vern.cc.
+_xmpps-client._tcp	SRV	5	0	5223	vern.cc.
+_xmpps-server._tcp	SRV	5	0	5270	vern.cc.
+
+;; Typhoon
+inv.vern.cc.		A	135.148.121.130
+inv.vern.cc.		AAAA	2604:2dc0:101:200::4621
+invidious.vern.cc.	A	135.148.121.130
+invidious.vern.cc.	AAAA	2604:2dc0:101:200::4621
+yt.vern.cc.		A	135.148.121.130
+yt.vern.cc.		AAAA	2604:2dc0:101:200::4621
+
+game.vern.cc.		A	135.148.121.130
+game.vern.cc.		AAAA	2604:2dc0:101:200::4621
+stk.vern.cc.		A	135.148.121.130
+stk.vern.cc.		AAAA	2604:2dc0:101:200::4621
+teeworlds.vern.cc.	A	135.148.121.130
+teeworlds.vern.cc.	AAAA	2604:2dc0:101:200::4621
+xon.vern.cc.		A	135.148.121.130
+xon.vern.cc.		AAAA	2604:2dc0:101:200::4621
+
+mumble.vern.cc.		A	135.148.121.130
+mumble.vern.cc.		AAAA	2604:2dc0:101:200::4621
+
+;; Iceberg
+iceberg.vern.cc.	A	173.255.236.85
+dns.vern.cc.	A	173.255.236.85
+librespeed.vern.cc.		A	173.255.236.85
+ls.vern.cc.		A	173.255.236.85
+speedtest.vern.cc.		A	173.255.236.85
+status.vern.cc.		A	173.255.236.85
+id.vern.cc.		A	173.255.236.85
+ft.vern.cc.		A	173.255.236.85
+fedtester.vern.cc.		A	173.255.236.85
+iceberg.vern.cc.	AAAA	2600:3c03::f03c:93ff:fed9:3504
+dns.vern.cc.	AAAA	2600:3c03::f03c:93ff:fed9:3504
+ls.vern.cc.		AAAA	2600:3c03::f03c:93ff:fed9:3504
+librespeed.vern.cc.		AAAA	2600:3c03::f03c:93ff:fed9:3504
+speedtest.vern.cc.		AAAA	2600:3c03::f03c:93ff:fed9:3504
+status.vern.cc.		AAAA	2600:3c03::f03c:93ff:fed9:3504
+id.vern.cc.		AAAA	2600:3c03::f03c:93ff:fed9:3504
+ft.vern.cc.		AAAA	2600:3c03::f03c:93ff:fed9:3504
+fedtester.vern.cc.		AAAA	2600:3c03::f03c:93ff:fed9:3504
+
+;; Mail - Main
+vern.cc.                    MX      10      mail.vern.cc.
+autoconfig.vern.cc.		CNAME	mail.vern.cc.
+autodiscover.vern.cc.		CNAME	mail.vern.cc.
+@		TXT	"v=spf1 a mx ip4:5.161.108.85 ~all"
+_dmarc		TXT	"v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@vern.cc"
+
+modoboa._domainkey.vern.cc. IN TXT (
+  "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw9gewPxFiEBojR"
+  "Y2DIpW7vYFjATrev+ZEuOObX9NvBff+FCVLz8oNwPPD7wv6xW4mQXQ5uBKrVu+QjFsDTEskTu5"
+  "tOGJrqyVGAceWT9B/8pVePeZ72d+Mmlc5TxXGtBwdk1xxWpXu00xUsasCq11gz6shxzDagFewG"
+  "OmuK6hQm0dg0FoS6MLhIe/xSg5QgdDd2zXoEqr9GR5FTSbyWRKc5mkf5grXx3/vLyJZ+beDEH4"
+  "cuCvFEi9b4657KK3Cbefm1PnrNf6Rcd5anfNpW1EeA+KyHgOqBdusgZrulNs5ktZ89uVdMUuXZ"
+  "002xLn9uK6OrEzxRvACnvkns+x7HhaHmDO4Fm3uipO1YbIiHBMaeClVm5aHisjfi6xgOiF3icX"
+  "69mIQj8j9dHL3rSzzjeaz8inNX1GIVsi0FEvO3JWXnhzk+5+qk/GCl0zFvQrLYtHOiEEk44yqj"
+  "k7qHpPmbwUg0hwWphSbPmHZv5sENJsv+a1/ejTe5KTCDO5wnHODLBfH3zkbqqLYgf/xOBkwU38"
+  "BHdHLT8CRfcMwY7a7CBb5vKXS19oK7p8BkCqfVZX0+KjdWyxF8pjYHayIGtl06Mxnib0840CtC"
+  "Vji8NjtoX28Va6Man6s/2mAs3EKTYmz4ZgVgaF6zEmns1xuXkV15V+dKDU2yKEOj9H2DEuq5G2"
+  "+MkCAwEAAQ==") 
+
+;; Mail - SimpleLogin
+sl.vern.cc.	A	173.255.236.85
+sl.vern.cc.	AAAA	2600:3c03::f03c:93ff:fed9:3504
+sl.vern.cc.                    MX      10      sl.vern.cc.
+sl		TXT	"v=spf1 mx ~all"
+_dmarc.sl	TXT	"v=DMARC1; p=quarantine; adkim=r; aspf=r;"
+default._domainkey.sl.vern.cc.	TXT	"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcmrZT4de3q6UTOHHq5KjJT9pTwYxfcaeEATHXSrgdLGMcSopLx0PH7gdC4c1v8RRJcF+i+DmyEdNR1410ORIZSuK2kNh3a8TB+ewHIEdnJlRqics+iKc80v+DfdVfHRAdpNMo/FXq2yLXJ9uuETTjuQgh87PAz7ltMX4JQOw9zwIDAQAB"
+
+;; ACME
+_acme-challenge.breezewiki TXT "b02v7_ZoRMwbuZRB5A3y6w_G0aIsKwhke3u0zTqaL3s"
+_acme-challenge.bw TXT "C1RUboyDZG8RryUrE2wwkEnl78bjA2zwcCLDzAFR5qM"
+_acme-challenge.fandom TXT "wKAf3pQ02NaGP33aXWg-UuTUirHUI8tTrTKrMx4KvQU"
+_acme-challenge TXT "mW8vZt8g_wHCfGdsedt_75hWu8aYCqW_WNda1DtOf3k"
+
+;; PTR
+85.108.161.5.in-addr.arpa.	PTR	vern.cc.
+85.236.255.173.in-addr.arpa.	PTR	sl.vern.cc

master/zones/vern0.me.zone

@@ -3,7 +3,7 @@ $ORIGIN vern0.me. ; 'default' domain as FQDN for this zone
 $TTL 86400 ; default time-to-live for this zone
 
 vern0.me.   IN  SOA     ns1.vern0.me. ns2.vern0.me. (
-        2022100205  ;Serial
+        2022121601  ;Serial
         14400       ;Refresh
         3600        ;Retry
         1209600     ;Expire
@@ -11,23 +11,20 @@ vern0.me.   IN  SOA     ns1.vern0.me. ns2.vern0.me. (
 )
 
 ; The nameserver that are authoritative for this zone.
-;                                NS      vern0.me.
-; Is isn't required.
 @	IN	NS	ns1.vern0.me.
 @	IN	NS	ns2.vern0.me.
 
 ; these A records below are equivalent
-@                               A       167.114.67.70
-*                               A       167.114.67.70
-ns1.vern0.me.	A	139.144.17.216
+@                               A       5.161.108.85
+*                               A       5.161.108.85
+ns1.vern0.me.	A	5.161.108.85
 ns2.vern0.me.	A	167.114.67.70
-mail.vern0.me.	A	167.114.67.70
 modoboa._domainkey.vern0.me. IN TXT (
   "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHWx57YT7PrtlLXvv8C1"
   "5o88pByJOunrkySwk4297jMF3mXGOUbnKd79DxdilTMB6SkYU2AQ98cO3X43/1ab1wUND8yfpC"
   "HUD2nxPEAJ3NNaFhKzNr2ta8Hnj05yF4lcczGUNazhoR1KZn2OzS4twUIYW40mD2PdOMPr4sjf"
   "n1CwIDAQAB")
-@		TXT	"v=spf1 a mx ip4:167.114.67.70 ~all"
+@		TXT	"v=spf1 a mx ip4:5.161.108.85 ~all"
 _dmarc		TXT	"v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@vern0.me"
 vern0.me.                    MX      10      mail.vern0.me.
-70.67.114.167.in-addr.arpa.	PTR	vern0.me.
+85.108.161.5.in-addr.arpa.	PTR	vern0.me.

slave/geo.conf

@@ -0,0 +1 @@
+master/geo.conf

slave/knot.conf

@@ -1,8 +1,7 @@
-# This must be placed in /etc/knot/knot.conf
 server:
     rundir: "/run/knot"
     user: knot:knot
-    listen: [ 127.0.0.1@53, ::1@53, 167.114.67.70@53 ]
+    listen: [ 0.0.0.0@53 ]
 
 log:
   - target: syslog
@@ -13,22 +12,31 @@ database:
 
 remote:
   - id: primary
-    address: 139.144.17.216@53
+    address: 5.161.108.85@53
 
 acl:
   - id: acl_primary
-    address: 139.144.17.216
+    address: 5.161.108.85
     action: notify
 
 template:
   - id: default
-    storage: "/var/lib/knot/zones"
+    storage: "/etc/knot"
     file: "%s.zone"
 
+mod-geoip:
+  - id: geo 
+    config-file: "/etc/knot/geo.conf"
+    mode: geodb
+    geodb-file: "/var/lib/knot/GeoLite2-City.mmdb"
+    geodb-key: [ continent/code, country/iso_code, city/names/en ]
+
+
 zone:
   - domain: vern0.me
     master: primary
     acl: acl_primary
   - domain: vern.cc
     master: primary
-    acl: acl_primary
+    acl: acl_primary
+    module: mod-geoip/geo