nameserver config: add ni as secondary

author: tv <tv@krebsco.de> 2023-08-02 11:39:33 +0200
committer: tv <tv@krebsco.de> 2023-08-02 13:56:04 +0200
commit: 7cd50a3c07e788fa0b4ab53c78b9dea10ff30b2d (patch)
tree: 0b48967f268134f42c9eaad546abb25ac3a071a4 /krebs
parent: 73a64cc57af95a876168151654f06277f91a2243 (diff)
2 files changed, 10 insertions, 0 deletions
diff --git a/krebs/2configs/nameserver.nix b/krebs/2configs/nameserver.nix
index 4b205a13d..a4c4b5f05 100644
--- a/krebs/2configs/nameserver.nix
+++ b/krebs/2configs/nameserver.nix
@@ -60,6 +60,9 @@ in {
           any: debug
 
       remote:
+        - id: krebscode_ni
+          address: ${config.krebs.hosts.ni.nets.internet.ip4.addr}
+          key: krebs_transfer_notify_key
 
       acl:
         - id: acme_acl
@@ -70,6 +73,10 @@ in {
           key: dane
           action: update
 
+        - id: transfer_to_krebscode_secondary
+          key: krebs_transfer_notify_key
+          action: transfer
+
       mod-rrl:
         - id: default
           rate-limit: 200   # Allow 200 resp/s for each flow
@@ -94,6 +101,8 @@ in {
           file: ${pkgs.krebs.zones."krebsco.de"}
           dnssec-signing: on
           dnssec-policy: rsa2k
+          notify: krebscode_ni
+          acl: transfer_to_krebscode_secondary
           acl: dane_acl
 
         - domain: _acme-challenge.krebsco.de
diff --git a/krebs/3modules/zones.nix b/krebs/3modules/zones.nix
index 1d63548b8..bf904a268 100644
--- a/krebs/3modules/zones.nix
+++ b/krebs/3modules/zones.nix
@@ -12,6 +12,7 @@ with lib; {
         $TTL 60
         @ 3600 IN SOA spam.krebsco.de. spam.krebsco.de. 0 7200 3600 86400 3600
         @ 3600 IN NS ns1
+        @ 3600 IN NS ni
       '';
     };
   };
author	tv <tv@krebsco.de>	2023-08-02 11:39:33 +0200
committer	tv <tv@krebsco.de>	2023-08-02 13:56:04 +0200
commit	7cd50a3c07e788fa0b4ab53c78b9dea10ff30b2d (patch)
tree	0b48967f268134f42c9eaad546abb25ac3a071a4 /krebs
parent	73a64cc57af95a876168151654f06277f91a2243 (diff)