From 439bc4e561d3e0cf6e49371f4c7c9e4b8d2650ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kjetil=20=C3=98rbekk?= <kj@orbekk.com>
Date: Tue, 3 Apr 2018 21:49:30 -0400
Subject: add dns setup for dynamic.orbekk.com

---
 config/dns.nix                      | 25 +++++++++++++++++++++++++
 data/dns/db.dynamic.orbekk.com.zone | 16 ++++++++++++++++
 data/dns/db.orbekk.com.zone         |  4 ++++
 data/dns/db.orbekk.shared.zone      |  1 -
 4 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 data/dns/db.dynamic.orbekk.com.zone

diff --git a/config/dns.nix b/config/dns.nix
index d4a98af..37c3952 100644
--- a/config/dns.nix
+++ b/config/dns.nix
@@ -37,6 +37,31 @@ in
 	  notify explicit;
         };
       '') masterZones}
+
+      include "/opt/secret/bind/dynamic.orbekk.com/update/named.conf.key";
+      zone dynamic.orbekk.com {
+        type master;
+	file "/var/run/named/db.dynamic.orbekk.com.zone";
+	auto-dnssec maintain;
+	key-directory "/opt/secret/bind/dynamic.orbekk.com";
+	allow-query { any; };
+        allow-transfer {
+          ::1;
+          193.35.52.61;               // trygve transfer
+          2a00:1b60:1011::6def:e868;  // ns1
+          2001:67c:29f4::61;          // ns2
+          2604:2000:12c1:c0c6::1000;  // sabaki
+        };
+        also-notify {
+          193.35.52.61;               // trygve transfer
+          2a00:1b60:1011::6def:e868;  // ns1
+          2001:67c:29f4::61;          // ns2
+        };
+	notify explicit;
+	update-policy {
+	  grant dynamic.orbekk.com.key zonesub any;
+	};
+      };
     '';
   };
 
diff --git a/data/dns/db.dynamic.orbekk.com.zone b/data/dns/db.dynamic.orbekk.com.zone
new file mode 100644
index 0000000..22c3dce
--- /dev/null
+++ b/data/dns/db.dynamic.orbekk.com.zone
@@ -0,0 +1,16 @@
+$TTL 600
+@   IN  SOA dragon.orbekk.com.   root.orbekk.com. (
+    $serial;          serial
+    601;        refresh
+    900;        retry
+    2419200;    expire
+    3600;
+    )
+    IN  NS  dragon.orbekk.com.
+    IN  NS  kakespade.trygveandre.net.
+    IN  NS  kremkake.trygveandre.net.
+@    IN CAA 0   issue "buypass.com"
+@    IN CAA 0   issue "letsencrypt.org"
+@    IN CAA 0   issuewild ";"
+
+
diff --git a/data/dns/db.orbekk.com.zone b/data/dns/db.orbekk.com.zone
index c1ff22a..59c0bd7 100644
--- a/data/dns/db.orbekk.com.zone
+++ b/data/dns/db.orbekk.com.zone
@@ -10,3 +10,7 @@ $INCLUDE db.orbekk.shared.zone
 @    IN CAA 0   issuewild ";"
 
 _matrix._tcp    IN  SRV 10  0   8448 kj.orbekk.com.
+
+dynamic.orbekk.com IN NS dragon.orbekk.com.
+dynamic.orbekk.com IN NS kremkake.trygveandre.net.
+
diff --git a/data/dns/db.orbekk.shared.zone b/data/dns/db.orbekk.shared.zone
index 3327cca..04d6979 100644
--- a/data/dns/db.orbekk.shared.zone
+++ b/data/dns/db.orbekk.shared.zone
@@ -17,7 +17,6 @@ $TTL 600
 
 smtp    IN  CNAME semeai
 
-dynamic     IN  CNAME   orbekk.duckdns.org.
 home        IN  CNAME   orbekk.duckdns.org.
 terraria    IN  CNAME   orbekk.duckdns.org.
 
-- 
cgit v1.2.3