From 8a1892eba22fd101043f999e27d90a2d4917aae4 Mon Sep 17 00:00:00 2001
From: Alex Dehnert <alex@dehnerts.com>
Date: Thu, 27 Jul 2023 16:56:48 +0000
Subject: [PATCH] chankillo dyndns setup

---
 named.conf.chankillo       | 20 ++++++++++++++++----
 pri/combined-dehnerts.zone | 10 ++++++----
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/named.conf.chankillo b/named.conf.chankillo
index eb9e510..0786a25 100644
--- a/named.conf.chankillo
+++ b/named.conf.chankillo
@@ -1,8 +1,20 @@
+include "/etc/bind/pri/dynamic.keys";
+
 zone "dynamic.dehnerts.com" IN {
-	// secondary is equivalent, starting in bind-9.15.8
-	// https://github.com/isc-projects/bind9/commit/79c2400d91b818e66a45494784cea17f46e807f2
-	type secondary;
+	type master;
 	file "/var/lib/bind/dynamic.dehnerts.zone";
-	masters { "primary-ns"; };
+	update-policy {
+            grant * selfsub * A TXT;
+            grant xidi.dynamic.dehnerts.com name _acme-challenge.duck-dacha.dynamic.dehnerts.com TXT;
+            grant xidi.dynamic.dehnerts.com name _acme-challenge.homeassistant.dynamic.dehnerts.com TXT;
+            grant xidi.dynamic.dehnerts.com name _acme-challenge.pihole.dynamic.dehnerts.com TXT;
+            grant xidi.dynamic.dehnerts.com name _acme-challenge.unifi.dynamic.dehnerts.com TXT;
+            grant chankillo.dynamic.dehnerts.com name _acme-challenge.mail.dynamic.dehnerts.com TXT;
+            grant chankillo.dynamic.dehnerts.com name _acme-challenge.smtp.dynamic.dehnerts.com TXT;
+            grant chankillo.dynamic.dehnerts.com name _acme-challenge.imap.dynamic.dehnerts.com TXT;
+            grant chankillo.dynamic.dehnerts.com name _acme-challenge.pop.dynamic.dehnerts.com TXT;
+        };
+	allow-transfer { "transfer-allowed"; };
 	allow-query { any; };
+	also-notify { "secondary-ns"; };
 };
diff --git a/pri/combined-dehnerts.zone b/pri/combined-dehnerts.zone
index e1b986e..d97530e 100644
--- a/pri/combined-dehnerts.zone
+++ b/pri/combined-dehnerts.zone
@@ -1,6 +1,6 @@
 $TTL 300
 @       IN      SOA     ns root (
-                                    2023072502 ; Serial
+                                    2023072702 ; Serial
                                     4h         ; slave refresh
                                     15m        ; slave retry time in case of a problem
                                     4w         ; slave expiration time
@@ -9,7 +9,6 @@ $TTL 300
 	IN	NS	ns1.dehnerts.com.
 	IN	NS	ns3.dehnerts.com.
 	IN	NS	ns1.sipb.org.
-	IN	NS	chankillo.mit.edu.
 	IN	NS	ns1.linode.com.
 	IN	NS	ns2.linode.com.
 	IN	NS	ns3.linode.com.
@@ -70,13 +69,17 @@ tikal	IN	A	192.168.1.27
 
 ; Most services
 mail	IN	A	18.18.208.12
+_acme-challenge.mail    IN  CNAME _acme-challenge.mail.dynamic
 mail2	IN	CNAME   adehnert3.xvm.mit.edu.
 mail-pi	IN	CNAME   duck-dacha
 imap    IN      CNAME   olinda
 *.imap  IN      CNAME   olinda
+_acme-challenge.imap    IN  CNAME _acme-challenge.imap.dynamic
 pop     IN      CNAME   olinda
 *.pop   IN      CNAME   olinda
+_acme-challenge.pop    IN  CNAME _acme-challenge.pop.dynamic
 smtp	IN	A	18.18.208.12
+_acme-challenge.smtp    IN  CNAME _acme-challenge.smtp.dynamic
 ns	IN	A	18.18.208.22
 ns1     IN      A       18.18.208.22
 ns3	IN	A	18.18.208.12
@@ -125,8 +128,7 @@ _gitlab-pages-verification-code.gametex TXT gitlab-pages-verification-code=400a2
 wind.squares CNAME tech-squares.gitlab.io.
 _gitlab-pages-verification-code.wind.squares TXT gitlab-pages-verification-code=be2402e968b6d7125f60994be82f2653
 
-dynamic IN	NS	ns3.dehnerts.com.
-dynamic IN	NS	olinda.mit.edu.
+dynamic IN	NS	ns1.dehnerts.com.
 about.dynamic IN  TXT "static zone updates for dehnerts.com"
 
 ; Miscellaneous extra services
-- 
2.34.1