# Authoritative domain name server # Copyright (C) 2022 Nguyễn Gia Phong # # This file is part of loang configuration. # # Loang configuration is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Loang configuration is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with loang configuration. If not, see . { ... }: let localZone = serial: let s = toString serial; in '' @ SOA danh.loang.net. cnx.loang.net. ${s} 14400 3600 604800 3600 @ NS danh.loang.net. @ NS puck.nether.net. @ A 37.205.11.127 @ AAAA 2a03:3b40:100::1:2 ''; openNICZone = domain: file: { domain = domain; file = builtins.toFile "${domain}.zone" file; notify = "puck"; acl = [ "puck" ]; dnssec-signing = false; }; in { networking.firewall = { allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 ]; }; services.knot = { enable = true; keyFiles = [ "/var/lib/knot/keys/update/xrvs.net" ]; settings = { server.listen = [ "0.0.0.0@53" "::@53" ]; remote = [ { id = "ns-global"; address = [ "204.87.183.53@53" "2607:7c80:54:6::53@53" ]; } { id = "puck"; address = [ "204.42.254.5@53" "2001:418:3f4::5@53" ]; } ]; log = [ { target = "syslog"; any = "info"; } ]; acl = [ { id = "ns-global"; address = [ "204.87.183.53" "2607:7c80:54:6::53" ]; action = "transfer"; } { id = "puck"; address = [ "204.42.254.5" "2001:418:3f4::5" ]; action = "transfer"; } { id = "xarvos"; key = "xrvs.net"; action = "update"; update-owner = "key"; } ]; template = [ { id = "default"; storage = "/var/lib/knot/zones"; file = "%s"; dnssec-signing = true; } ]; zone = [ (openNICZone "cercle.libre" (localZone 2023021702)) { domain = "cnx.gdn"; notify = [ "ns-global" "puck" ]; acl = [ "ns-global" "puck" ]; } { domain = "loang.net"; notify = [ "ns-global" "puck" ]; acl = [ "ns-global" "puck" ]; } (openNICZone "musike.pirate" (localZone 2023071727)) (openNICZone "rub.parody" (localZone 2023032101)) (openNICZone "sinyx.indy" ((localZone 2023022002) + '' * A 37.205.11.127 * AAAA 2a03:3b40:100::1:2 '')) (openNICZone "striproman.pirate" (localZone 2023022023)) { domain = "xrvs.net"; notify = [ "ns-global" ]; acl = [ "ns-global" "xarvos" ]; } ]; }; }; }