simon/nixos-config

Fork 0

Self-host DNS #78

New issue

Closed

opened 2023-10-22 20:24:13 +02:00 by simon · 3 comments

simon commented

2023-10-22 20:24:13 +02:00

Owner

Currently, I use Hetzer DNS for everything.
For flexibility and easier maintenance, I want to self-host it now.

Structure

Machines

Primary DNS (has the zone files): vueko
Secondary DNS: okarin (should always be on different network than primary)
Secondary DNS: INWX (provides two DNS servers acting as secondary)

Nameserver in DNS

Should under different domains/TLDs. For me that would be sbruder.de and sbruder.xyz
This can be done by having one common ($INCLUDEd) zone file that is added to all domains listed above:

; Always add glue records to this for all domains this is included in!
nsa1 IN A 192.0.0.1 ; FIXME should be vueko
nsa2 IN A 192.0.0.1 ; FIXME should be okarin
nsb1 IN A 192.0.0.1 ; FIXME should be INWX
nsb2 IN A 192.0.0.1 ; FIXME should be INWX second
; FIXME records are just for demonstration, AAAA are missing

Configuration

Static zones, managed in separate git repository
Dynamic zone for vpn.sbruder.de (generated by nixos configuration on vueko)

Currently, I use Hetzer DNS for everything. For flexibility and easier maintenance, I want to self-host it now. ## Structure ### Machines * Primary DNS (has the zone files): vueko * Secondary DNS: okarin (should always be on different network than primary) * Secondary DNS: INWX (provides two DNS servers acting as secondary) ### Nameserver in DNS Should under different domains/TLDs. For me that would be `sbruder.de` and `sbruder.xyz` This can be done by having one common (`$INCLUDE`d) zone file that is added to all domains listed above: ```zone ; Always add glue records to this for all domains this is included in! nsa1 IN A 192.0.0.1 ; FIXME should be vueko nsa2 IN A 192.0.0.1 ; FIXME should be okarin nsb1 IN A 192.0.0.1 ; FIXME should be INWX nsb2 IN A 192.0.0.1 ; FIXME should be INWX second ; FIXME records are just for demonstration, AAAA are missing ``` ## Configuration * Static zones, managed in separate git repository * Dynamic zone for vpn.sbruder.de (generated by nixos configuration on vueko)

simon added the

affects/style

type

feature

labels 2023-10-22 20:24:13 +02:00

simon commented

2023-10-25 21:42:18 +02:00

Author

Owner

Done except for multi-tld nameserver (not necessary in my case IMHO)

simon closed this issue

2023-10-25 21:42:18 +02:00

simon commented

2023-11-02 22:56:32 +01:00

Author

Owner

I should change the nameservers to adhere to the following (on both sbruder.de and sbruder.eu):

; vueko
a.ns IN A 168.119.176.53
a.ns IN AAAA 2a01:4f8:c012:2f4::1
; okarin
b.ns IN A 82.165.242.252
b.ns IN AAAA 2001:8d8:1800:8627::1

; ns.inwx.de
x.ns IN A 192.174.68.104
x.ns IN AAAA 2001:67c:1bc::104
; ns2.inwx.de
y.ns IN A 176.97.158.104
y.ns IN AAAA 2001:67c:10b8::104
; ns3.inwx.eu
z.ns IN A 45.87.158.53
z.ns IN AAAA 2a02:d500::53

TODOs (order is important)

create glue records
add new records (keep old ones intact)
change NS records in common/ns.zone
change the SOA of all zones to now have a.ns.sbruder.de. as server
change external nameserver template
change delegation on all zones at registrar/registry
check if everything still works

I should change the nameservers to adhere to the following (on both `sbruder.de` and `sbruder.eu`): ``` ; vueko a.ns IN A 168.119.176.53 a.ns IN AAAA 2a01:4f8:c012:2f4::1 ; okarin b.ns IN A 82.165.242.252 b.ns IN AAAA 2001:8d8:1800:8627::1 ; ns.inwx.de x.ns IN A 192.174.68.104 x.ns IN AAAA 2001:67c:1bc::104 ; ns2.inwx.de y.ns IN A 176.97.158.104 y.ns IN AAAA 2001:67c:10b8::104 ; ns3.inwx.eu z.ns IN A 45.87.158.53 z.ns IN AAAA 2a02:d500::53 ``` ## TODOs (order is important) - [x] create glue records - [x] add new records (keep old ones intact) - [x] change NS records in `common/ns.zone` - [x] change the SOA of all zones to now have `a.ns.sbruder.de.` as server - [x] change external nameserver template - [x] change delegation on all zones at registrar/registry - [x] check if everything still works

simon reopened this issue

2023-11-02 22:56:32 +01:00

simon commented

2023-11-25 13:41:32 +01:00

Author

Owner

has been working great

simon closed this issue

2023-11-25 13:41:32 +01:00

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: simon/nixos-config#78

No description provided.