knot-dns: update DNSSEC procedure

alpha: allow 25/tcp
2024-10-12 18:21:13 +02:00 · 2024-10-12 02:52:58 +02:00
2 changed files with 3 additions and 1 deletions
--- a/hosts/alpha/knot-dns.nix
+++ b/hosts/alpha/knot-dns.nix
@ -55,9 +55,10 @@
          # Enable automatic DNSSEC signing on all zones. The KSK must be
          # configured in the parent zone. Use the following command to get the
          # required record(s):
-          # > nix shell nixpkgs#knot-dns -c sudo keymgr caspervk.net ds
+          # > sudo keymgr caspervk.net ds
          # [<zone> <record-type> <key-tag> <algorithm-type> <digest-type> <digest>]
          # https://knot.readthedocs.io/en/master/configuration.html#automatic-dnssec-signing
+          # DNSSEC can be validated using https://dnsviz.net.
          dnssec-signing = "on";
          dnssec-policy = "default";
          # Knot overwrites the zonefiles with auto-generated DNSSEC records by
--- a/hosts/alpha/network.nix
+++ b/hosts/alpha/network.nix
@ -91,6 +91,7 @@
  };

  networking = {
+    firewall.allowedTCPPorts = [25];
    firewall.allowedUDPPorts = [51820 51821];
  };
Author	SHA1	Message	Date
Casper V. Kristensen	8f92fe37cd	knot-dns: update DNSSEC procedure	2024-10-12 18:21:13 +02:00
Casper V. Kristensen	5c0e07428a	alpha: allow 25/tcp	2024-10-12 02:52:58 +02:00