Add config examples for zone transferts with Knot

2022-11-01 00:18:06 +01:00 · 2022-11-01 00:18:06 +01:00 · 9316ab1a80
parent 4bdfe900c4
commit 9316ab1a80
2 changed files with 90 additions and 0 deletions
--- a/mkosi.extra/etc/knot/knot-primary.conf
+++ b/mkosi.extra/etc/knot/knot-primary.conf
@ -0,0 +1,53 @@
+server:
+    version: "Knot"
+    nsid: ""
+    rundir: "/run/knot"
+    user: "knot:knot"
+    automatic-acl: "on"
+    listen: [ "2001:db8::1@42053", "203.0.113.1@42053" ]
+
+log:
+  - target: "/var/log/knot/knot.log"
+    any: "debug"
+
+database:
+    storage: "/var/lib/knot"
+
+key:
+  - id: "primary-to-secondary."
+    algorithm: "hmac-sha256"
+    secret: "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGH" # keymgr -t primary-to-secondary hmac-sha256
+
+remote:
+  - id: "secondary"
+    address: [ "2001:db8::2@53", "203.0.113.2@53" ]
+    key: "primary-to-secondary."
+
+policy:
+  - id: "niver"
+    algorithm: "ed25519"
+    nsec3: "on"
+    nsec3-iterations: 10
+
+template:
+  - id: "niver-ns"
+    storage: "/srv/niver/ns"
+    file: "%s.zone"
+    zonefile-load: "difference"
+    dnssec-signing: "on"
+    dnssec-policy: "niver"
+    catalog-role: "member"
+    catalog-zone: "niver.test.invalid."
+
+zone:
+  - domain: "niver.test."
+    storage: "/srv/niver/reg"
+    file: "%s.zone"
+    zonefile-load: "difference"
+    dnssec-signing: "on"
+    dnssec-policy: "niver"
+
+  - domain: "niver.test.invalid."
+    notify: "secondary"
+    zonefile-load: "difference"
+    catalog-role: "generate"
--- a/mkosi.extra/etc/knot/knot-secondary.conf
+++ b/mkosi.extra/etc/knot/knot-secondary.conf
@ -0,0 +1,37 @@
+server:
+    version: "Knot"
+    nsid: ""
+    rundir: "/run/knot"
+    user: "knot:knot"
+    automatic-acl: "on"
+    listen: [ "2001:db8::2@53", "203.0.113.2@53" ]
+
+log:
+  - target: "/var/log/knot/knot.log"
+    any: "debug"
+
+database:
+    storage: "/var/lib/knot"
+
+key:
+  - id: "primary-to-secondary."
+    algorithm: "hmac-sha256"
+    secret: "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGH"
+
+remote:
+  - id: "primary"
+    address: [ "2001:db8::1@53", "203.0.113.1@53" ]
+    key: "primary-to-secondary."
+
+template:
+  - id: "niver"
+    storage: "/var/lib/knot"
+    file: "%s.zone"
+    master: "primary"
+
+zone:
+  - domain: "niver.test.invalid."
+    master: "primary"
+    catalog-role: interpret
+    catalog-template: "niver"
+