~vern's knot DNS configuration files

Go to file

~vern cdbac1d74e Bump		2023-11-30 17:18:33 +00:00
master	Bump	2023-11-30 17:18:33 +00:00
slave	Bump	2023-11-30 17:18:33 +00:00
LICENSE	add license	2022-09-06 21:01:27 +05:30
README.md	README.md: Fix njalla example	2023-11-23 02:41:48 +00:00

README.md

~vern DNS

~vern uses knot-dns.cz for our self-hosted DNS. This is complete with DNSSEC.

Currently its deployed on vern.cc and vern0.me, both the domains we manage

The slave is hosted on Typhoon, and the master is on Mythos.

We use the knot package from https://deb.knot-dns.cz/knot-latest.

To apply changes, bump the serial by 1 (in same file, below SOA line) and then knotc reload. Then on your slave, run knotc zone-retransfer yourdomain.com; kontc zone-reload yourdomain.com

Note: For serial, its recommended to use YYYYMMDDXX format. For example, thirteenth revision on 16/10/2022 would be serial 2022161013.

Setup

Put the files in master/ and slave/ in /etc/knot

You might want to also add an auth key (for sync) but i haven't experimented with it yet.

On your registrar side, add the GLUE records. (On Njalla, it's under Glue records)

After that, add ns1.yourdomain.com and ns2.yourdomain.com to the custom dns part.

Thats all the setup you need for a basic authoritative DNS server.

In order to setup DNSSEC do the following :-

Run keymgr yourdomain.com ds in order to get your DS key

Example: 54674 13 2 33ef9ebb00e9492c4b7f9939cdf1058ee9232bc761c62cdf51e08d072fe6156e88ce0084ab8f603f5b21626bb72ba71c

Then, add the DS record on your registrar's side.

With the example provided,

a) Key tag - 54674

b) Algorithm - 13

c) Digest Type - 2

d) Digest - E28E3...287

(On Njalla, you add this under DNSSEC)

"I need help"

If you want help with this, feel free to join #vern-chat. I can help you with it if needed :)