knot-dns: update DNSSEC procedure

2024-10-12 18:21:13 +02:00 · 2024-10-12 18:21:13 +02:00 · 7c362f5a42
parent 70a3d521c2
commit 7c362f5a42
1 changed files with 2 additions and 1 deletions
--- a/hosts/alpha/knot-dns.nix
+++ b/hosts/alpha/knot-dns.nix
@ -55,9 +55,10 @@
          # Enable automatic DNSSEC signing on all zones. The KSK must be
          # configured in the parent zone. Use the following command to get the
          # required record(s):
-          # > nix shell nixpkgs#knot-dns -c sudo keymgr caspervk.net ds
+          # > sudo keymgr caspervk.net ds
          # [<zone> <record-type> <key-tag> <algorithm-type> <digest-type> <digest>]
          # https://knot.readthedocs.io/en/master/configuration.html#automatic-dnssec-signing
+          # DNSSEC can be validated using https://dnsviz.net.
          dnssec-signing = "on";
          dnssec-policy = "default";
          # Knot overwrites the zonefiles with auto-generated DNSSEC records by