summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2023-08-02 15:53:27 +0200
committertv <tv@krebsco.de>2023-08-02 15:53:27 +0200
commit193baa8f2f64a4909e38069d4f21ac6c46d2796b (patch)
tree9b1d7cbab360f0630af7ae1743bd7f5f8408b6cb
parent6bd5f06770f0b16ae6ec6fd906402883bd6e75b6 (diff)
nameserver config: add he.net as secondary
-rw-r--r--krebs/2configs/nameserver.nix10
-rw-r--r--krebs/3modules/zones.nix2
2 files changed, 12 insertions, 0 deletions
diff --git a/krebs/2configs/nameserver.nix b/krebs/2configs/nameserver.nix
index a4c4b5f05..4c6b95516 100644
--- a/krebs/2configs/nameserver.nix
+++ b/krebs/2configs/nameserver.nix
@@ -60,6 +60,9 @@ in {
any: debug
remote:
+ - id: henet_ns1
+ address: 216.218.130.2
+
- id: krebscode_ni
address: ${config.krebs.hosts.ni.nets.internet.ip4.addr}
key: krebs_transfer_notify_key
@@ -73,6 +76,11 @@ in {
key: dane
action: update
+ - id: transfer_to_henet_secondary
+ key: henet_transfer_key
+ address: [ 216.218.133.2, 2001:470:600::2 ]
+ action: transfer
+
- id: transfer_to_krebscode_secondary
key: krebs_transfer_notify_key
action: transfer
@@ -101,7 +109,9 @@ in {
file: ${pkgs.krebs.zones."krebsco.de"}
dnssec-signing: on
dnssec-policy: rsa2k
+ notify: henet_ns1
notify: krebscode_ni
+ acl: transfer_to_henet_secondary
acl: transfer_to_krebscode_secondary
acl: dane_acl
diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix
index bf904a268..8cb68c4f7 100644
--- a/krebs/3modules/zones.nix
+++ b/krebs/3modules/zones.nix
@@ -13,6 +13,8 @@ with lib; {
@ 3600 IN SOA spam.krebsco.de. spam.krebsco.de. 0 7200 3600 86400 3600
@ 3600 IN NS ns1
@ 3600 IN NS ni
+ @ 3600 IN NS ns2.he.net.
+ @ 3600 IN NS ns3.he.net.
'';
};
};