servnest-containers/conf/knot.conf

server:
    version: ""
    nsid: ""
    rundir: "/run/knot"
    listen: [ "::@42053", "0.0.0.0@42053" ] #, "/run/knot/dns.sock" ]
    listen-quic: [ "::@42853", "0.0.0.0@42853" ]
    automatic-acl: "on"

log:
  - target: stderr
    any: warning
  - target: "/var/log/knot/knot.log"
    any: debug

database:
    storage: "/var/lib/knot"

policy:
  - id: "servnest"
    algorithm: "ed25519"
    nsec3: "on"
    nsec3-iterations: 0
    nsec3-salt-length: 0
    delete-delay: 60d
    dnskey-management: "incremental"

remote:
  - id: "secondary"
    address: [ "10.5.0.52@42853" ]
    quic: on
    cert-key: "1111111111111111111111111111111111111111111=" # will be replaced by setup-xoq.sh

template:
  - id: "servnest"
    storage: "/srv/servnest/ns"
#    notify: "secondary"
    dnssec-signing: "on"
    dnssec-policy: "servnest"
    catalog-role: "member"
    catalog-zone: "servnest.test.invalid."

zone:
  - domain: "servnest.test.invalid."
#   notify: "secondary"
    catalog-role: "generate"

  - domain: "servnest.test."
    template: "servnest"
    storage: "/srv/servnest/reg"

  - domain: "test.servnest.test."
    template: "servnest"
    storage: "/srv/servnest/reg"
Initial commit 2022-04-20 00:29:47 +02:00			`server:`
update knot configuration set nsec3 iterations and salt length to 0 and completely disable server version disclosure 2024-11-18 22:24:30 +01:00			`version: ""`
Full zone file loading 2022-11-20 01:03:19 +01:00			`nsid: ""`
Add sudoers.d/niver, among other things 2022-05-03 15:41:14 +02:00			`rundir: "/run/knot"`
fully qualified images + static ips 2025-01-20 17:24:27 +01:00			`listen: [ "::@42053", "0.0.0.0@42053" ] #, "/run/knot/dns.sock" ]`
			`listen-quic: [ "::@42853", "0.0.0.0@42853" ]`
add knot-secondary container 2024-12-19 15:50:52 +01:00			`automatic-acl: "on"`
Initial commit 2022-04-20 00:29:47 +02:00
			`log:`
podman containers introduction 2024-07-18 20:58:12 +02:00			`- target: stderr`
			`any: warning`
add knot-secondary container 2024-12-19 15:50:52 +01:00			`- target: "/var/log/knot/knot.log"`
			`any: debug`
Initial commit 2022-04-20 00:29:47 +02:00
			`database:`
Add sudoers.d/niver, among other things 2022-05-03 15:41:14 +02:00			`storage: "/var/lib/knot"`
Initial commit 2022-04-20 00:29:47 +02:00
			`policy:`
Niver > ServNest 2023-01-29 21:14:36 +01:00			`- id: "servnest"`
Initial commit 2022-04-20 00:29:47 +02:00			`algorithm: "ed25519"`
			`nsec3: "on"`
update knot configuration set nsec3 iterations and salt length to 0 and completely disable server version disclosure 2024-11-18 22:24:30 +01:00			`nsec3-iterations: 0`
			`nsec3-salt-length: 0`
Update for mkosi 15.1 2023-09-04 20:12:28 +02:00			`delete-delay: 60d`
			`dnskey-management: "incremental"`
Initial commit 2022-04-20 00:29:47 +02:00
add knot-secondary container 2024-12-19 15:50:52 +01:00			`remote:`
			`- id: "secondary"`
fully qualified images + static ips 2025-01-20 17:24:27 +01:00			`address: [ "10.5.0.52@42853" ]`
add knot-secondary container 2024-12-19 15:50:52 +01:00			`quic: on`
			`cert-key: "1111111111111111111111111111111111111111111=" # will be replaced by setup-xoq.sh`

Initial commit 2022-04-20 00:29:47 +02:00			`template:`
Niver > ServNest 2023-01-29 21:14:36 +01:00			`- id: "servnest"`
			`storage: "/srv/servnest/ns"`
knot.conf: disable notify to secondary by default 2025-01-22 19:06:37 +01:00			`# notify: "secondary"`
Initial commit 2022-04-20 00:29:47 +02:00			`dnssec-signing: "on"`
Niver > ServNest 2023-01-29 21:14:36 +01:00			`dnssec-policy: "servnest"`
Add catalog to default knot configuration 2023-05-06 19:59:13 +02:00			`catalog-role: "member"`
			`catalog-zone: "servnest.test.invalid."`
Initial commit 2022-04-20 00:29:47 +02:00
			`zone:`
Add catalog to default knot configuration 2023-05-06 19:59:13 +02:00			`- domain: "servnest.test.invalid."`
knot.conf: disable notify to secondary by default 2025-01-22 19:06:37 +01:00			`# notify: "secondary"`
Add catalog to default knot configuration 2023-05-06 19:59:13 +02:00			`catalog-role: "generate"`

Niver > ServNest 2023-01-29 21:14:36 +01:00			`- domain: "servnest.test."`
			`template: "servnest"`
			`storage: "/srv/servnest/reg"`
Add catalog to default knot configuration 2023-05-06 19:59:13 +02:00
Niver > ServNest 2023-01-29 21:14:36 +01:00			`- domain: "test.servnest.test."`
			`template: "servnest"`
			`storage: "/srv/servnest/reg"`