50 lines
1.6 KiB
Markdown
50 lines
1.6 KiB
Markdown
# ~vern DNS
|
|
|
|
~vern uses knot-dns.cz for our self-hosted DNS. This is complete with <a href=https://dnsviz.net/d/vern0.me/dnssec>DNSSEC</a>.
|
|
|
|
Currently its deployed on vern.cc and vern0.me, both the domains we manage
|
|
|
|
The slave is hosted on our India Linode, Hellfire and the master is on our main VPS on Hetzner, Mythos.
|
|
|
|
We use the `knot` package from https://deb.knot-dns.cz/knot-latest.
|
|
|
|
To apply changes, bump the serial by 1 (in same file, below SOA line) and then `knotc reload`. Then on your slave, run `knotc zone-retransfer yourdomain.me; kontc zone-reload yourdomain.me`
|
|
|
|
Note: For serial, its recommended to use YYYYMMDDXX format. For example, thirteenth revision on 16/10/2022 would be serial 2022161013.
|
|
|
|
## Setup
|
|
|
|
Put the files in master/ and slave/ in /etc/knot
|
|
|
|
You might want to also add an auth key (for sync) but i haven't experimented with it yet.
|
|
|
|
On your registrar side, add the GLUE records. (On namecheap, its under Advanced DNS -> Personal DNS Server -> Add nameserver)
|
|
|
|
After that, add ns1.yourdomain.me and ns2.yourdomain.me to the custom dns part.
|
|
|
|
Thats all the setup you need for a basic authoritative DNS server.
|
|
|
|
In order to setup DNSSEC do the following :-
|
|
|
|
1. Run `keymgr yourdomain.com ds` in order to get your DS key
|
|
|
|
Example: `54674 13 2 E28E3DB78E5517A577353A43799AD14EC044720BAE4906D134F5EA40 74AC0287`
|
|
|
|
2. Then, add the DS record on your registrar's side.
|
|
|
|
With the example provided,
|
|
|
|
a) Key tag - 54674
|
|
|
|
b) Algorithm - 13
|
|
|
|
c) Digest Type - 2
|
|
|
|
d) Digest - E28E3...287 (omit space)
|
|
|
|
(On namecheap, you add this at Advanced DNS -> DNSSEC)
|
|
|
|
## I need help
|
|
|
|
If you want help with this, feel free to join #vern-chat. I can help you with it if needed :)
|