diff options
author | tv <tv@krebsco.de> | 2023-08-02 11:39:33 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2023-08-02 13:56:04 +0200 |
commit | 7cd50a3c07e788fa0b4ab53c78b9dea10ff30b2d (patch) | |
tree | 0b48967f268134f42c9eaad546abb25ac3a071a4 | |
parent | 73a64cc57af95a876168151654f06277f91a2243 (diff) |
nameserver config: add ni as secondary
-rw-r--r-- | krebs/2configs/nameserver.nix | 9 | ||||
-rw-r--r-- | krebs/3modules/zones.nix | 1 |
2 files changed, 10 insertions, 0 deletions
diff --git a/krebs/2configs/nameserver.nix b/krebs/2configs/nameserver.nix index 4b205a13d..a4c4b5f05 100644 --- a/krebs/2configs/nameserver.nix +++ b/krebs/2configs/nameserver.nix @@ -60,6 +60,9 @@ in { any: debug remote: + - id: krebscode_ni + address: ${config.krebs.hosts.ni.nets.internet.ip4.addr} + key: krebs_transfer_notify_key acl: - id: acme_acl @@ -70,6 +73,10 @@ in { key: dane action: update + - id: transfer_to_krebscode_secondary + key: krebs_transfer_notify_key + action: transfer + mod-rrl: - id: default rate-limit: 200 # Allow 200 resp/s for each flow @@ -94,6 +101,8 @@ in { file: ${pkgs.krebs.zones."krebsco.de"} dnssec-signing: on dnssec-policy: rsa2k + notify: krebscode_ni + acl: transfer_to_krebscode_secondary acl: dane_acl - domain: _acme-challenge.krebsco.de diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix index 1d63548b8..bf904a268 100644 --- a/krebs/3modules/zones.nix +++ b/krebs/3modules/zones.nix @@ -12,6 +12,7 @@ with lib; { $TTL 60 @ 3600 IN SOA spam.krebsco.de. spam.krebsco.de. 0 7200 3600 86400 3600 @ 3600 IN NS ns1 + @ 3600 IN NS ni ''; }; }; |