d500651367
In sphinx, we have a :cgit_file: directive that makes links to files. Thing is - we're not using cgit anymore. So just rename it to git_file. Change-Id: I80aca5fb3cc84281e29843944fea33e6f4d9fe6f
45 lines
1.1 KiB
ReStructuredText
45 lines
1.1 KiB
ReStructuredText
:title: DNS
|
|
|
|
.. _dns:
|
|
|
|
DNS
|
|
###
|
|
|
|
The project runs authoritative DNS servers for any constituent
|
|
projects that wish to use them. The servers run Bind on a hidden
|
|
master which handles automatic DNSSEC zone signing while the public
|
|
authoritative servers run NSD.
|
|
|
|
At a Glance
|
|
===========
|
|
|
|
:Hosts:
|
|
* ns1.opendev.org
|
|
* ns2.opendev.org
|
|
:Ansible:
|
|
* :git_file:`playbooks/group_vars/dns.yaml`
|
|
:Projects:
|
|
* https://www.nlnetlabs.nl/projects/nsd/
|
|
* https://www.isc.org/downloads/bind/doc/
|
|
|
|
Adding a Zone
|
|
=============
|
|
|
|
To add a new zone, identify an existing git repository or create a new
|
|
one to hold the contents of the zone, then update
|
|
:git_file:`playbooks/group_vars/dns.yaml`.
|
|
|
|
Run::
|
|
|
|
dnssec-keygen -a RSASHA256 -b 2048 -3 example.net
|
|
dnssec-keygen -a RSASHA256 -b 2048 -3 -fk example.net
|
|
|
|
And add the resulting files to the `dnssec_keys` key in the
|
|
`group/adns.yaml` private hostvars file on puppetmaster.
|
|
|
|
If you need to generate DS records for the registrar, identify which
|
|
of the just-created key files is the key-signing key by examining the
|
|
contents of the files and reading the comments therein, then run::
|
|
|
|
dnssec-dsfromkey -2 $KEYFILE
|