Allow zone transfers

2025-07-06 17:30:19 +02:00 · 2025-07-06 17:30:19 +02:00 · b4c5177f6c
commit b4c5177f6c
parent ded49ebc4e
3 changed files with 15 additions and 11 deletions
--- a/modules/bind9/default.nix
+++ b/modules/bind9/default.nix
@ -30,16 +30,20 @@ in {
              forwarders {  };
              directory "/run/named";
              pid-file "/run/named/named.pid";
-              allow-transfer { none; };
              allow-recursion { none; };
              version none;
              notify no;
            };

+            key "kun.is." {
+              algorithm hmac-sha512;
+              secret "ref+sops://secrets.yml#/bind/zoneTransferKeys/kunis+";
+            };
+
            zone "kun.is" {
              type master;
              file "/etc/bind/kun.is.zone";
-              allow-transfer {  };
+              allow-transfer { 192.168.20.91; };
              allow-query { any; };
            };
          '';
--- a/modules/bind9/kun.is.zone.nix
+++ b/modules/bind9/kun.is.zone.nix
@ -1,11 +1,13 @@
 globals: dns:
 with dns.lib.combinators; {
+  TTL = 300;
+
  CAA = letsEncrypt "caa@kun.is";

  SOA = {
    nameServer = "ns1";
    adminEmail = "webmaster.kun.is";
-    serial = 2024041302;
+    serial = 2025070600;
  };

  NS = [