From 7c362f5a42209bf640949ae2ee4fedc95110242f Mon Sep 17 00:00:00 2001
From: "Casper V. Kristensen" <casper@vkristensen.dk>
Date: Sat, 12 Oct 2024 18:21:13 +0200
Subject: [PATCH] knot-dns: update DNSSEC procedure

---
 hosts/alpha/knot-dns.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosts/alpha/knot-dns.nix b/hosts/alpha/knot-dns.nix
index 5b1bc60..668023b 100644
--- a/hosts/alpha/knot-dns.nix
+++ b/hosts/alpha/knot-dns.nix
@@ -55,9 +55,10 @@
           # Enable automatic DNSSEC signing on all zones. The KSK must be
           # configured in the parent zone. Use the following command to get the
           # required record(s):
-          # > nix shell nixpkgs#knot-dns -c sudo keymgr caspervk.net ds
+          # > sudo keymgr caspervk.net ds
           # [<zone> <record-type> <key-tag> <algorithm-type> <digest-type> <digest>]
           # https://knot.readthedocs.io/en/master/configuration.html#automatic-dnssec-signing
+          # DNSSEC can be validated using https://dnsviz.net.
           dnssec-signing = "on";
           dnssec-policy = "default";
           # Knot overwrites the zonefiles with auto-generated DNSSEC records by