31 lines
921 B
Text
31 lines
921 B
Text
ITS DNS Zone Managment
|
|
======================
|
|
|
|
This repo contains the primary copies of all our DNS zones.
|
|
|
|
If you have access to our primary DNS server (dns.parabox.it-syndikat.org),
|
|
deploy them using this command:
|
|
|
|
$ make sign upload
|
|
|
|
This will sign the zones using gpg using your default key and upload them
|
|
to the server using sftp. The server has incron running which will detect
|
|
the upload, verify the gpg signature, copy the zones into knot's zone
|
|
directory and reload the modified zones.
|
|
|
|
Beware, you should use an editor that supports auto-incrementing the zone
|
|
SOA for the update to be applied sucessfully on the server side. Emacs does
|
|
this by default, just say'in.
|
|
|
|
Note: Knot handles DNSSEC signing on the server side.
|
|
|
|
|
|
Using a non-default GPG key
|
|
---------------------------
|
|
|
|
Create a file `local.mk` and specify GPG_FLAGS as follows:
|
|
|
|
```
|
|
# local.mk
|
|
GPG_FLAGS=--default-key=<YOUR KEY FINGERPRINT>
|
|
```
|