hosts/plover: update DNS zone and server configuration

2025-01-31 04:58:01 +00:00 · 2023-02-17 23:10:52 +08:00 · 2023-02-17 23:10:52 +08:00 · b3ce46ccf9
commit b3ce46ccf9
parent ff1927deb5
2 changed files with 23 additions and 14 deletions
--- a/hosts/plover/config/coredns/foodogsquared.one.zone
+++ b/hosts/plover/config/coredns/foodogsquared.one.zone
@ -1,18 +1,17 @@
 ; This is trying to be discrete with certain information. This should be copied
 ; and replaced with more confidential information somewhere.
 $TTL 12h
-$ORIGIN foodogsquared.one.

-@	IN	SOA	ns1.first-ns.de. dns.hetzner.com. (
-				2023021501	; serial number
-				2h		; refresh
+@	3600	IN	SOA	ns1.first-ns.de. hostmaster.foodogsquared.one. (
+				2023021701 	; serial number
+				1h		; refresh
 				15m		; update retry
 				3w		; expiry
 				3h		; nx = nxdomain ttl
 			)
-	IN	NS	ns1.first-ns.de.
-	IN	NS	robotns2.second-ns.de.
-	IN	NS	robotns3.second-ns.com.
+	3600	IN	NS	ns1.first-ns.de.
+	3600	IN	NS	robotns2.second-ns.de.
+	3600	IN	NS	robotns3.second-ns.com.

 ; Setting up the mail-related DNS entries.
 ; For future references, please the see the following document at
@ -61,6 +60,9 @@ code	IN	AAAA	@ploverPublicIPv6@
 vpn	IN	A	@ploverPublicIPv4@
 vpn	IN	AAAA	@ploverPublicIPv6@

+plover	IN	A	@ploverPublicIPv4@
+plover	IN	AAAA	@ploverPublicIPv6@
+
 ; Other things.
 _github-pages-challenge-foo-dogsquared	IN	TXT	673febae1ea0095e76d1e02a7a1709

--- a/hosts/plover/modules/services/coredns.nix
+++ b/hosts/plover/modules/services/coredns.nix
@ -91,8 +91,13 @@ in
    # https://docs.hetzner.com/dns-console/dns/general/dnssec
    config = ''
      . {
-        log
-        errors
+        log ${domain} ${fqdn} {
+          class success error
+        }
+
+        errors {
+          consolidate 1m "^.* no next plugin found$"
+        }

        bind lo ${lib.concatStringsSep " " dnsListenAddresses} {
          # These are already taken from systemd-resolved.
@ -114,10 +119,6 @@ in
          block
        }

-        transfer ${domain} {
-          to *
-        }
-
        # ${fqdn} DNS server blocks. This is an internal DNS server so we'll
        # only allow queries from the internal network.
        acl ${fqdn} {
@ -134,7 +135,13 @@ in
          answer "{{ .Name }} IN 60 AAAA ${interfaces.internal.IPv6.address}"
        }

-        file ${domainZoneFile'}
+        file ${domainZoneFile'} ${domain} {
+          reload 30s
+        }
+
+        transfer ${domain} {
+          to ${lib.concatStringsSep " " secondaryNameServersIPs}
+        }
      }

      tls://. {