Loading howto/dns.md +16 −3 Original line number Diff line number Diff line Loading @@ -13,16 +13,29 @@ Tor's DNS support is fully authenticated with DNSSEC, both to the outside world but also internally, where all TPO hosts use DNSSEC in their resolvers. ## Adding and editing a zone ## Editing a zone A new zone or zone records can be added or modified to a zone in the `domains` git and a push. DNSSEC records are managed automatically by Zone records can be added or modified to a zone in the `domains` git and a push. DNSSEC records are managed automatically by `manage-dnssec-keys` in the `dns/dns-helpers` git repository. through a cron job in the `dnsadm` user on the master DNS server (currently nevii). Serial numbers are managed automatically by the git repository hooks. ## Adding a zone 1. add zone in `dns/domains.git` repository 2. add zone in `modules/bind/templates/named.conf.torproject-zones.erb` Puppet template 3. run puppet on DNS servers? how do slaves follow? 4. add zone to `modules/postfix/files/virtual`, unless reverse zonefile 5. add zone to nagios TODO: expand zone addition routine ## Removing a zone * git grep the domain in the `tor-nagios` git repository Loading Loading
howto/dns.md +16 −3 Original line number Diff line number Diff line Loading @@ -13,16 +13,29 @@ Tor's DNS support is fully authenticated with DNSSEC, both to the outside world but also internally, where all TPO hosts use DNSSEC in their resolvers. ## Adding and editing a zone ## Editing a zone A new zone or zone records can be added or modified to a zone in the `domains` git and a push. DNSSEC records are managed automatically by Zone records can be added or modified to a zone in the `domains` git and a push. DNSSEC records are managed automatically by `manage-dnssec-keys` in the `dns/dns-helpers` git repository. through a cron job in the `dnsadm` user on the master DNS server (currently nevii). Serial numbers are managed automatically by the git repository hooks. ## Adding a zone 1. add zone in `dns/domains.git` repository 2. add zone in `modules/bind/templates/named.conf.torproject-zones.erb` Puppet template 3. run puppet on DNS servers? how do slaves follow? 4. add zone to `modules/postfix/files/virtual`, unless reverse zonefile 5. add zone to nagios TODO: expand zone addition routine ## Removing a zone * git grep the domain in the `tor-nagios` git repository Loading
