Enable authoritative DNS server

1 files changed, 62 insertions, 0 deletions

diff --git a/dns.nix b/dns.nix
new file mode 100644
index 0000000..5e9174f
--- /dev/null
+++ b/dns.nix
@@ -0,0 +1,62 @@
+# Authoritative domain name server
+# Copyright (C) 2022  Nguyễn Gia Phong
+#
+# This file is part of loang configuration.
+#
+# Loang configuration is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Loang configuration is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
+
+{ lib, pkgs, ... }:
+let
+  cnxZone = pkgs.writeText "cnx.gdn.zone" ''
+    @  SOA  ns.cnx.gdn. mcsinyx.disroot.org. 2022091901 10800 3600 604800 3600
+    @  NS   ns
+    ns A    37.205.11.127
+    ns AAAA 2a03:3b40:100::1:2
+    @  A    37.205.11.127
+    @  AAAA 2a03:3b40:100::1:2
+  '';
+  loangZone = pkgs.writeText "loang.net.zone" ''
+    @  SOA  ns.loang.net. mcsinyx.disroot.org. 2022092101 10800 3600 604800 3600
+    @  NS   ns
+    @  A    37.205.11.127
+    @  AAAA 2a03:3b40:100::1:2
+    *  A    37.205.11.127
+    *  AAAA 2a03:3b40:100::1:2
+  '';
+in {
+  networking.firewall = {
+    allowedTCPPorts = [ 53 ];
+    allowedUDPPorts = [ 53 ];
+  };
+
+  services.knot = {
+    enable = true;
+    extraConfig = ''
+      server:
+          listen: 0.0.0.0@53
+          listen: ::@53
+
+      zone:
+        - domain: cnx.gdn
+          file: ${cnxZone}
+        - domain: loang.net
+          file: ${loangZone}
+
+      log:
+        - target: syslog
+          any: info
+    '';
+    keyFiles = [ ];
+  };
+}