From 88adc84f5386e2177731b0ee4ece3abecb9dec94 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 29 May 2021 16:56:36 +0200 Subject: knot@surtr: firewall & inwx --- hosts/surtr/dns/default.nix | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'hosts') diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 790e6850..3fe76dbf 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix @@ -5,6 +5,15 @@ { device = "surtr/safe/var-lib-knot"; fsType = "zfs"; }; + + firewall = { + allowedTCPPorts = [ + 53 # DNS + ]; + allowedUDPPorts = [ + 53 # DNS + ]; + }; services.knot = { enable = true; @@ -22,6 +31,8 @@ zonefile-load: difference-no-serial semantic-checks: on dnssec-signing: on + notify: inwx + acl: [inwx_acl] policy: - id: rsa @@ -30,6 +41,15 @@ zsk-size: 2048 zsk-lifetime: 30d + remote: + - id: inwx + address: 185.181.104.96@53 + + acl: + - id: inwx_acl + address: 185.181.104.96 + action: transfer + zone: - domain: yggdrasil.li file: ${./zones/li.yggdrasil.soa} -- cgit v1.2.3