# PVV-DNS This repository contains both the code and data needed to generate PVVs DNS configuration. > [!NOTE] > This is currently very WIP, and not in production use. At the minute, DNS is still managed manually in /etc/bind/zones on ameno. Normal PVV "hosts" (servers, mostly) should be defined in `./hosts.nix`, additional configuration and records for pvv.ntnu.no and pvv.org lives in `./pvv-domain.nix`, and configuration for all other domains are found in their respective files in `./zones/`. The code in this repository is basically a whole heap of pre-processing to turn the hosts-file and zone-specific options into the format used by [nix-community/dns.nix](https://github.com/nix-community/dns.nix), that in turn generates zone files. ## Examples A host configuration like ```nix drolsum = { ipv4 = pvvv4 217; ipv6 = pvvv6 217; aliases = [ "login2" ]; }; roundrobin = { ipv4 = [ (pvvv4 101) (pvvv4 202) ]; ipv6 = [ (pvvv6 101) (pvvv6 202) ]; }; ``` ... will generate zone files like ```bind drolsum.pvv.ntnu.no. IN A 129.241.210.217 drolsum.pvv.ntnu.no. IN AAAA 2001:700:300:1900::217 login2.pvv.ntnu.no. IN CNAME drolsum roundrobin.pvv.ntnu.no. IN A 129.241.210.201 roundrobin.pvv.ntnu.no. IN A 129.241.210.202 roundrobin.pvv.ntnu.no. IN AAAA 2001:700:300:1900::201 roundrobin.pvv.ntnu.no. IN AAAA 2001:700:300:1900::202 201.128-255.210.241.129.in-addr.arpa. PTR roundrobin.pvv.ntnu.no 202.128-255.210.241.129.in-addr.arpa. PTR roundrobin.pvv.ntnu.no 217.128-255.210.241.129.in-addr.arpa. PTR drolsum.pvv.ntnu.no 1.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.1.0.0.3.0.0.0.7.0.1.0.0.2.ip6.arpa PTR roundrobin.pvv.ntnu.no 2.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.1.0.0.3.0.0.0.7.0.1.0.0.2.ip6.arpa PTR roundrobin.pvv.ntnu.no 7.1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.1.0.0.3.0.0.0.7.0.1.0.0.2.ip6.arpa PTR drolsum.pvv.ntnu.no ``` ## Building zone files Provided you have nix on your system, you should be able to run `nix build .#zoneFiles`, and the resulting zone files are placed in `./result`. ## Deployment Automatic deployment through CI/CD is not yet implemented. See subsections for manual installation. ### nsd on OpenBSD `nsd`, the high-performance authoritative-only DNS server developed by NLnet Labs, is included in the base OpenBSD system. The default output, built with `nix build .#`, includes configuration for nsd: ``` result ├── etc │ └── nsd │ └── nsd.conf └── zones ├── 9.1.0.0.3.0.0.0.7.0.1.0.0.2.ip6.arpa.zone ├── 128-255.210.241.129.in-addr.arpa.zone ├── 210.241.129.in-addr.arpa.zone ├── nucc.org.zone ├── pvv.no.zone ├── pvv.ntnu.no.zone └── pvv.org.zone ``` #### First time setup - Enable nsd - `rcctl enable nsd` - Start nsd - `rcctl start nsd` - Follow the steps below for updating zones and configuration #### Updating zones and configuration (**TLDR: Files in /var/nsd, run `nsd-control reload`**) - If applicable, make changes to `./hosts.nix` or the appropriate file in `./zones/` - Build this project (anywhere, on any host with nix) - `nix build .#` - Install the contents of `./result` into `/var/nsd` - `./result/etc/nsd/nsd.conf` becomes `/var/nsd/etc/nsd.conf` - `./result/zones/` becomes `/var/nsd/zones` - Verify the configuration - `nsd-checkconf /var/nsd/etc/nsd.conf` - Reload the config file - `nsd-control reconfig` - Reload the zonefiles - `nsd-control reload` - Verify operation - `dig @smask.pvv.ntnu.no SOA pvv.ntnu.no.` - If something is not working, see `/var/log/nsd.log` --- ## Future plans - Build and verify with CI/CD - Automatically push updated configurations to the DNS server - Also generate DNS server configuration files - [x] [NSD](https://nlnetlabs.nl/projects/nsd/about/), included in OpenBSD - [ ] [Bind9](https://www.isc.org/bind/), common alternative - Per-record or per-host customizable TTL (e.g. for moving a CNAME around when replacing a service/server) - Improve dns.nix or replace it with a homemade zonefile generator to make the output more human readable - Also generate DHCP server configurations