Monty Taylor d500651367 Rename cgit_file to git_file

In sphinx, we have a :cgit_file: directive that makes links to files.
Thing is - we're not using cgit anymore. So just rename it to git_file.

Change-Id: I80aca5fb3cc84281e29843944fea33e6f4d9fe6f

2019-04-22 11:47:11 +00:00

1.1 KiB

Raw Blame History

title: DNS

DNS

The project runs authoritative DNS servers for any constituent projects that wish to use them. The servers run Bind on a hidden master which handles automatic DNSSEC zone signing while the public authoritative servers run NSD.

At a Glance

Hosts

ns1.opendev.org
ns2.opendev.org

Ansible

:git_file:`playbooks/group_vars/dns.yaml`

Projects

Adding a Zone

To add a new zone, identify an existing git repository or create a new one to hold the contents of the zone, then update :git_file:`playbooks/group_vars/dns.yaml`.

Run:

dnssec-keygen -a RSASHA256 -b 2048 -3 example.net
dnssec-keygen -a RSASHA256 -b 2048 -3 -fk example.net

And add the resulting files to the dnssec_keys key in the group/adns.yaml private hostvars file on puppetmaster.

If you need to generate DS records for the registrar, identify which of the just-created key files is the key-signing key by examining the contents of the files and reading the comments therein, then run:

dnssec-dsfromkey -2 $KEYFILE

1.1 KiB Raw Blame History

DNS

At a Glance

Adding a Zone

1.1 KiB

Raw Blame History