# Authoritative domain name server # Copyright (C) 2022 Nguyễn Gia Phong # # This file is part of loang configuration. # # Loang configuration is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Loang configuration is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with loang configuration. If not, see . { ... }: { networking.firewall = { allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 ]; }; services.knot = { enable = true; extraConfig = '' server: listen: 0.0.0.0@53 listen: ::@53 remote: - id: secondary address: 204.87.183.53@53 address: 2607:7c80:54:6::53@53 log: - target: syslog any: info acl: - id: lego address: 127.0.0.1 address: ::1 key: lego action: update update-type: TXT update-owner: key - id: secondary address: 204.87.183.53 address: 2607:7c80:54:6::53 action: transfer - id: xarvos key: xrvs.net action: update update-owner: key template: - id: default storage: /var/lib/knot/zones file: %s dnssec-signing: on zone: - domain: cnx.gdn notify: secondary acl: secondary - domain: loang.net notify: secondary acl: lego acl: secondary - domain: xrvs.net notify: secondary acl: secondary acl: xarvos ''; keyFiles = [ "/var/lib/knot/keys/update/lego" "/var/lib/knot/keys/update/xrvs.net" ]; }; }