chankillo dyndns setup

diff --git a/named.conf.chankillo b/named.conf.chankillo
index eb9e510cb8ebf98bb66519e396bf7db4bd2eb1c2..0786a25e76406405f64cab10d9649464afdaa115 100644 (file)
--- a/named.conf.chankillo
+++ b/named.conf.chankillo
@@ -1,8 +1,20 @@
+include "/etc/bind/pri/dynamic.keys";
+
 zone "dynamic.dehnerts.com" IN {
-       // secondary is equivalent, starting in bind-9.15.8
-       // https://github.com/isc-projects/bind9/commit/79c2400d91b818e66a45494784cea17f46e807f2
-       type secondary;
+       type master;
        file "/var/lib/bind/dynamic.dehnerts.zone";
-       masters { "primary-ns"; };
+       update-policy {
+            grant * selfsub * A TXT;
+            grant xidi.dynamic.dehnerts.com name _acme-challenge.duck-dacha.dynamic.dehnerts.com TXT;
+            grant xidi.dynamic.dehnerts.com name _acme-challenge.homeassistant.dynamic.dehnerts.com TXT;
+            grant xidi.dynamic.dehnerts.com name _acme-challenge.pihole.dynamic.dehnerts.com TXT;
+            grant xidi.dynamic.dehnerts.com name _acme-challenge.unifi.dynamic.dehnerts.com TXT;
+            grant chankillo.dynamic.dehnerts.com name _acme-challenge.mail.dynamic.dehnerts.com TXT;
+            grant chankillo.dynamic.dehnerts.com name _acme-challenge.smtp.dynamic.dehnerts.com TXT;
+            grant chankillo.dynamic.dehnerts.com name _acme-challenge.imap.dynamic.dehnerts.com TXT;
+            grant chankillo.dynamic.dehnerts.com name _acme-challenge.pop.dynamic.dehnerts.com TXT;
+        };
+       allow-transfer { "transfer-allowed"; };
        allow-query { any; };
+       also-notify { "secondary-ns"; };
 };

diff --git a/pri/combined-dehnerts.zone b/pri/combined-dehnerts.zone
index e1b986ead3336eea27818c7f484627f7fb8acf85..d97530e1c1af26be1cec27ff7d8f080ec2720feb 100644 (file)
--- a/pri/combined-dehnerts.zone
+++ b/pri/combined-dehnerts.zone
@@ -1,6 +1,6 @@
 $TTL 300
 @       IN      SOA     ns root (
-                                    2023072502 ; Serial
+                                    2023072702 ; Serial
                                     4h         ; slave refresh
                                     15m        ; slave retry time in case of a problem
                                     4w         ; slave expiration time
@@ -9,7 +9,6 @@ $TTL 300
        IN      NS      ns1.dehnerts.com.
        IN      NS      ns3.dehnerts.com.
        IN      NS      ns1.sipb.org.
-       IN      NS      chankillo.mit.edu.
        IN      NS      ns1.linode.com.
        IN      NS      ns2.linode.com.
        IN      NS      ns3.linode.com.
@@ -70,13 +69,17 @@ tikal       IN      A       192.168.1.27
 
 ; Most services
 mail   IN      A       18.18.208.12
+_acme-challenge.mail    IN  CNAME _acme-challenge.mail.dynamic
 mail2  IN      CNAME   adehnert3.xvm.mit.edu.
 mail-pi        IN      CNAME   duck-dacha
 imap    IN      CNAME   olinda
 *.imap  IN      CNAME   olinda
+_acme-challenge.imap    IN  CNAME _acme-challenge.imap.dynamic
 pop     IN      CNAME   olinda
 *.pop   IN      CNAME   olinda
+_acme-challenge.pop    IN  CNAME _acme-challenge.pop.dynamic
 smtp   IN      A       18.18.208.12
+_acme-challenge.smtp    IN  CNAME _acme-challenge.smtp.dynamic
 ns     IN      A       18.18.208.22
 ns1     IN      A       18.18.208.22
 ns3    IN      A       18.18.208.12
@@ -125,8 +128,7 @@ _gitlab-pages-verification-code.gametex TXT gitlab-pages-verification-code=400a2
 wind.squares CNAME tech-squares.gitlab.io.
 _gitlab-pages-verification-code.wind.squares TXT gitlab-pages-verification-code=be2402e968b6d7125f60994be82f2653
 
-dynamic IN     NS      ns3.dehnerts.com.
-dynamic IN     NS      olinda.mit.edu.
+dynamic IN     NS      ns1.dehnerts.com.
 about.dynamic IN  TXT "static zone updates for dehnerts.com"
 
 ; Miscellaneous extra services