124 lines
4.2 KiB
Markdown
124 lines
4.2 KiB
Markdown
# PVV-DNS
|
|
|
|
This repository contains both the code and data needed to generate PVVs DNS configuration.
|
|
|
|
> [!NOTE]
|
|
> This is currently very WIP, and not in production use. At the minute, DNS is still managed manually in /etc/bind/zones on ameno.
|
|
|
|
Normal PVV "hosts" (servers, mostly) should be defined in `./hosts.nix`, additional configuration and records for pvv.ntnu.no and pvv.org lives in `./pvv-domain.nix`, and configuration for all other domains are found in their respective files in `./zones/`.
|
|
|
|
The code in this repository is basically a whole heap of pre-processing to turn the hosts-file and zone-specific options into the format used by [nix-community/dns.nix](https://github.com/nix-community/dns.nix), that in turn generates zone files.
|
|
|
|
## Examples
|
|
|
|
A host configuration like
|
|
|
|
```nix
|
|
drolsum = {
|
|
ipv4 = pvvv4 217;
|
|
ipv6 = pvvv6 217;
|
|
aliases = [ "login2" ];
|
|
};
|
|
|
|
roundrobin = {
|
|
ipv4 = [ (pvvv4 101) (pvvv4 202) ];
|
|
ipv6 = [ (pvvv6 101) (pvvv6 202) ];
|
|
};
|
|
|
|
```
|
|
|
|
... will generate zone files like
|
|
|
|
|
|
```bind
|
|
drolsum.pvv.ntnu.no. IN A 129.241.210.217
|
|
drolsum.pvv.ntnu.no. IN AAAA 2001:700:300:1900::217
|
|
login2.pvv.ntnu.no. IN CNAME drolsum
|
|
|
|
roundrobin.pvv.ntnu.no. IN A 129.241.210.201
|
|
roundrobin.pvv.ntnu.no. IN A 129.241.210.202
|
|
roundrobin.pvv.ntnu.no. IN AAAA 2001:700:300:1900::201
|
|
roundrobin.pvv.ntnu.no. IN AAAA 2001:700:300:1900::202
|
|
|
|
201.128-255.210.241.129.in-addr.arpa. PTR roundrobin.pvv.ntnu.no
|
|
202.128-255.210.241.129.in-addr.arpa. PTR roundrobin.pvv.ntnu.no
|
|
217.128-255.210.241.129.in-addr.arpa. PTR drolsum.pvv.ntnu.no
|
|
|
|
1.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.1.0.0.3.0.0.0.7.0.1.0.0.2.ip6.arpa PTR roundrobin.pvv.ntnu.no
|
|
2.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.1.0.0.3.0.0.0.7.0.1.0.0.2.ip6.arpa PTR roundrobin.pvv.ntnu.no
|
|
7.1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.1.0.0.3.0.0.0.7.0.1.0.0.2.ip6.arpa PTR drolsum.pvv.ntnu.no
|
|
|
|
```
|
|
|
|
## Building zone files
|
|
|
|
Provided you have nix on your system, you should be able to run `nix build .#zoneFiles`, and the resulting zone files are placed in `./result`.
|
|
|
|
## Deployment
|
|
|
|
Automatic deployment through CI/CD is not yet implemented. See subsections for manual installation.
|
|
|
|
### nsd on OpenBSD
|
|
|
|
`nsd`, the high-performance authoritative-only DNS server developed by NLnet Labs, is included in the base OpenBSD system.
|
|
|
|
The default output, built with `nix build .#`, includes configuration for nsd:
|
|
|
|
```
|
|
result
|
|
├── etc
|
|
│ └── nsd
|
|
│ └── nsd.conf
|
|
└── zones
|
|
├── 9.1.0.0.3.0.0.0.7.0.1.0.0.2.ip6.arpa.zone
|
|
├── 128-255.210.241.129.in-addr.arpa.zone
|
|
├── 210.241.129.in-addr.arpa.zone
|
|
├── nucc.org.zone
|
|
├── pvv.no.zone
|
|
├── pvv.ntnu.no.zone
|
|
└── pvv.org.zone
|
|
```
|
|
|
|
|
|
#### First time setup
|
|
|
|
- Enable nsd
|
|
- `rcctl enable nsd`
|
|
- Start nsd
|
|
- `rcctl start nsd`
|
|
- Follow the steps below for updating zones and configuration
|
|
|
|
#### Updating zones and configuration
|
|
|
|
(**TLDR: Files in /var/nsd, run `nsd-control reload`**)
|
|
|
|
- If applicable, make changes to `./hosts.nix` or the appropriate file in `./zones/`
|
|
- ... and update the corresponding serial number(s)
|
|
- Build this project (anywhere, on any host with nix)
|
|
- `nix build .#`
|
|
- Install the contents of `./result` into `/var/nsd`
|
|
- `./result/etc/nsd/nsd.conf` becomes `/var/nsd/etc/nsd/nsd.conf`, `./result/zones` becomes `/var/nsd/zones`
|
|
- Verify the configuration
|
|
- `nsd-checkconf /var/nsd/etc/nsd.conf`
|
|
- Reload the config file
|
|
- `nsd-control reconfig`
|
|
- Reload the zonefiles
|
|
- `nsd-control reload`
|
|
- Verify operation
|
|
- `dig @smask.pvv.ntnu.no SOA pvv.ntnu.no.`
|
|
- If something is not working, see `/var/log/nsd.log`
|
|
|
|
---
|
|
|
|
## Future plans
|
|
|
|
- Automate serial generation
|
|
- Build and verify with CI/CD
|
|
- Automatically push updated configurations to the DNS server
|
|
- Also generate DNS server configuration files
|
|
- [x] [NSD](https://nlnetlabs.nl/projects/nsd/about/), included in OpenBSD
|
|
- [ ] [Bind9](https://www.isc.org/bind/), common alternative
|
|
- Per-record or per-host customizable TTL (e.g. for moving a CNAME around when replacing a service/server)
|
|
- Improve dns.nix or replace it with a homemade zonefile generator to make the output more human readable
|
|
- Also generate DHCP server configurations
|