M IMGBUILD => IMGBUILD +3 -1
@@ 1,5 1,5 @@
# The name of this image. Mostly cosmetic, e.g. for output file naming.
-imgname=bfy
+imgname=bfxy
# Build an Alpine Linux image
target=alpine
@@ 133,6 133,8 @@ services="
"
# Custom stuff
+dns_primary="81.171.24.121"
+dns_secondary="185.17.144.15"
case "$BF_HOST" in
x)
hostname="x"
M files/etc/knot/knot.conf.makeimg.template => files/etc/knot/knot.conf.makeimg.template +33 -2
@@ 5,6 5,12 @@ server:
user: knot:knot
listen: [ ${host_ipv4}@53, ${host_ipv6}@53 ]
+remote:
+ - id: primary
+ address: ${dns_primary}@53
+ - id: secondary
+ address: ${dns_secondary}@53
+
log:
- target: /var/log/knotd.log
any: info
@@ 19,16 25,41 @@ mod-stats:
edns-presence: on
query-type: on
+key:
+ - id: txtkey
+ algorithm: hmac-sha256
+ secret: $(makeimg -S +tsig_txt)
+
+acl:
+ - id: txt_updates
+ action: update
+ update-type: [TXT]
+ key: txtkey
+ - id: notify
+ address: ${dns_primary}
+ action: notify
+ - id: transfer
+ address: ${dns_secondary}
+ action: transfer
+
template:
- id: default
storage: "/var/lib/knot"
file: "%s.zone"
module: mod-stats/default
+ dnssec-policy: manual
+ acl: [notify, transfer, txt_updates]
+ $(if [ "$hostname" = "x" ]; then
+ printf "notify: secondary"
+ else
+ printf "master: primary"
+ fi)
zone:
- domain: bitfehler.net
- domain: bitfehler.org
- domain: bitfehler.com
- domain: anemos.io
- dnssec-signing: on
- dnssec-policy: manual
+ $(if [ "$hostname" = "x" ]; then
+ printf "dnssec-signing: on\n"
+ fi)
A secrets/+tsig_txt => secrets/+tsig_txt +1 -0
@@ 0,0 1,1 @@
+pass show bitfehler/dns/tsig/bfcomtxt