50 lines
1.6 KiB
Markdown
50 lines
1.6 KiB
Markdown
# ~vern DNS
|
|
|
|
~vern uses knot-dns.cz for our self-hosted DNS. This is complete with <a href=https://dnsviz.net/d/vern.cc/dnssec>DNSSEC</a>.
|
|
|
|
Currently its deployed on vern.cc and vern0.me, both the domains we manage
|
|
|
|
The slave is hosted on Iceberg and Typhoon, and the master is on Mythos.
|
|
|
|
We use the `knot` package from https://deb.knot-dns.cz/knot-latest.
|
|
|
|
To apply changes, bump the serial by 1 (in same file, below SOA line) and then `knotc reload`. Then on your slave, run `knotc zone-retransfer yourdomain.com; kontc zone-reload yourdomain.com`
|
|
|
|
Note: For serial, its recommended to use YYYYMMDDXX format. For example, thirteenth revision on 16/10/2022 would be serial 2022161013.
|
|
|
|
## Setup
|
|
|
|
Put the files in master/ and slave/ in /etc/knot
|
|
|
|
You might want to also add an auth key (for sync) but i haven't experimented with it yet.
|
|
|
|
On your registrar side, add the GLUE records. (On Njalla, its under DNS Settings)
|
|
|
|
After that, add ns1.yourdomain.com and ns2.yourdomain.com to the custom dns part.
|
|
|
|
Thats all the setup you need for a basic authoritative DNS server.
|
|
|
|
In order to setup DNSSEC do the following :-
|
|
|
|
1. Run `keymgr yourdomain.com ds` in order to get your DS key
|
|
|
|
Example: `54674 13 2 33ef9ebb00e9492c4b7f9939cdf1058ee9232bc761c62cdf51e08d072fe6156e88ce0084ab8f603f5b21626bb72ba71c`
|
|
|
|
2. Then, add the DS record on your registrar's side.
|
|
|
|
With the example provided,
|
|
|
|
a) Key tag - 54674
|
|
|
|
b) Algorithm - 13
|
|
|
|
c) Digest Type - 2
|
|
|
|
d) Digest - E28E3...287
|
|
|
|
(On Njalla, you add this under DNSSEC)
|
|
|
|
## "I need help"
|
|
|
|
If you want help with this, feel free to join #vern-chat. I can help you with it if needed :)
|