Allow zone transfers

2025-07-06 17:30:19 +02:00 · 2025-07-06 17:30:19 +02:00 · b4c5177f6c
commit b4c5177f6c
parent ded49ebc4e
3 changed files with 15 additions and 11 deletions
--- a/modules/bind9/default.nix
+++ b/modules/bind9/default.nix
@ -30,16 +30,20 @@ in {
              forwarders {  };
              directory "/run/named";
              pid-file "/run/named/named.pid";
-              allow-transfer { none; };
              allow-recursion { none; };
              version none;
              notify no;
            };

+            key "kun.is." {
+              algorithm hmac-sha512;
+              secret "ref+sops://secrets.yml#/bind/zoneTransferKeys/kunis+";
+            };
+
            zone "kun.is" {
              type master;
              file "/etc/bind/kun.is.zone";
-              allow-transfer {  };
+              allow-transfer { 192.168.20.91; };
              allow-query { any; };
            };
          '';