Self-host DNS #78

New Issue

Closed

opened 2023-10-22 20:24:13 +02:00 by simon · 3 comments

simon commented 2023-10-22 20:24:13 +02:00

Owner

Currently, I use Hetzer DNS for everything.
For flexibility and easier maintenance, I want to self-host it now.

Structure

Machines

• Primary DNS (has the zone files): vueko
• Secondary DNS: okarin (should always be on different network than primary)
• Secondary DNS: INWX (provides two DNS servers acting as secondary)

Nameserver in DNS

Should under different domains/TLDs. For me that would be sbruder.de and sbruder.xyz
This can be done by having one common ($INCLUDEd) zone file that is added to all domains listed above:

; Always add glue records to this for all domains this is included in!
nsa1 IN A 192.0.0.1 ; FIXME should be vueko
nsa2 IN A 192.0.0.1 ; FIXME should be okarin
nsb1 IN A 192.0.0.1 ; FIXME should be INWX
nsb2 IN A 192.0.0.1 ; FIXME should be INWX second
; FIXME records are just for demonstration, AAAA are missing

Configuration

• Static zones, managed in separate git repository
• Dynamic zone for vpn.sbruder.de (generated by nixos configuration on vueko)

Currently, I use Hetzer DNS for everything. For flexibility and easier maintenance, I want to self-host it now. ## Structure ### Machines * Primary DNS (has the zone files): vueko * Secondary DNS: okarin (should always be on different network than primary) * Secondary DNS: INWX (provides two DNS servers acting as secondary) ### Nameserver in DNS Should under different domains/TLDs. For me that would be `sbruder.de` and `sbruder.xyz` This can be done by having one common (`$INCLUDE`d) zone file that is added to all domains listed above: ```zone ; Always add glue records to this for all domains this is included in! nsa1 IN A 192.0.0.1 ; FIXME should be vueko nsa2 IN A 192.0.0.1 ; FIXME should be okarin nsb1 IN A 192.0.0.1 ; FIXME should be INWX nsb2 IN A 192.0.0.1 ; FIXME should be INWX second ; FIXME records are just for demonstration, AAAA are missing ``` ## Configuration * Static zones, managed in separate git repository * Dynamic zone for vpn.sbruder.de (generated by nixos configuration on vueko)

simon added the

affects/style

type

feature

labels 2023-10-22 20:24:13 +02:00

simon commented 2023-10-25 21:42:18 +02:00

Poster

Owner

Done except for multi-tld nameserver (not necessary in my case IMHO)

Done except for multi-tld nameserver (not necessary in my case IMHO)

simon closed this issue 2023-10-25 21:42:18 +02:00

simon commented 2023-11-02 22:56:32 +01:00

Poster

Owner

I should change the nameservers to adhere to the following (on both sbruder.de and sbruder.eu):

; vueko
a.ns IN A 168.119.176.53
a.ns IN AAAA 2a01:4f8:c012:2f4::1
; okarin
b.ns IN A 82.165.242.252
b.ns IN AAAA 2001:8d8:1800:8627::1

; ns.inwx.de
x.ns IN A 192.174.68.104
x.ns IN AAAA 2001:67c:1bc::104
; ns2.inwx.de
y.ns IN A 176.97.158.104
y.ns IN AAAA 2001:67c:10b8::104
; ns3.inwx.eu
z.ns IN A 45.87.158.53
z.ns IN AAAA 2a02:d500::53

TODOs (order is important)

• create glue records
• add new records (keep old ones intact)
• change NS records in common/ns.zone
• change the SOA of all zones to now have a.ns.sbruder.de. as server
• change external nameserver template
• change delegation on all zones at registrar/registry
• check if everything still works

I should change the nameservers to adhere to the following (on both `sbruder.de` and `sbruder.eu`): ``` ; vueko a.ns IN A 168.119.176.53 a.ns IN AAAA 2a01:4f8:c012:2f4::1 ; okarin b.ns IN A 82.165.242.252 b.ns IN AAAA 2001:8d8:1800:8627::1 ; ns.inwx.de x.ns IN A 192.174.68.104 x.ns IN AAAA 2001:67c:1bc::104 ; ns2.inwx.de y.ns IN A 176.97.158.104 y.ns IN AAAA 2001:67c:10b8::104 ; ns3.inwx.eu z.ns IN A 45.87.158.53 z.ns IN AAAA 2a02:d500::53 ``` ## TODOs (order is important) - [x] create glue records - [x] add new records (keep old ones intact) - [x] change NS records in `common/ns.zone` - [x] change the SOA of all zones to now have `a.ns.sbruder.de.` as server - [x] change external nameserver template - [x] change delegation on all zones at registrar/registry - [x] check if everything still works

simon reopened this issue 2023-11-02 22:56:32 +01:00

simon commented 2023-11-25 13:41:32 +01:00

Poster

Owner

has been working great

has been working great

simon closed this issue 2023-11-25 13:41:32 +01:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

okarin2

hyper

catering

reuse

yuzuru2

renge2

23.11

nazuna

neomutt

sayuri-mesa-clover

upower

binfmt

ayu

restic-rest-server

Labels

Clear labels   

affects/hardware

  

affects/legal

  

affects/reproducibility

  

affects/security

  

affects/style

  

affects/usability

  

blocked by/release 21.05

  

blocked by/release 21.11

  

blocked by/release 22.05

  

blocked by/testing needed

  

blocked by/testing needed/fuuko

  

blocked by/testing needed/sayuri

  

blocked by/upstream

  

resolution

deferred

  

resolution

permanent workaround

  

resolution

upstream wontfix

  

resolution

wontfix

  

type

bug

  

type

chore

  

type

feature

  

type

new machine

  

type

question

  

type

regression

  

type

tracking

No Label

affects/hardware

affects/legal

affects/reproducibility

affects/security

affects/style

affects/usability

blocked by/release 21.05

blocked by/release 21.11

blocked by/release 22.05

blocked by/testing needed

blocked by/testing needed/fuuko

blocked by/testing needed/sayuri

blocked by/upstream

resolution

deferred

resolution

permanent workaround

resolution

upstream wontfix

resolution

wontfix

type

bug

type

chore

type

feature

type

new machine

type

question

type

regression

type

tracking

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: simon/nixos-config#78

There is no content yet.