coredns

Go to file

Ryan Malloy 618e9504e7 secondary: scaffold public CoreDNS secondary on ns.supported.systems

Adds a second non-HE public secondary that pulls AXFR from dell01 (the
hidden primary at 154.27.180.210) and answers public queries on
ns.supported.systems (64.177.113.227, 2001:19f0:5c00:4daa:5400:6ff:fe2d:38fa).

  secondary/
    Corefile                            generated, 84 zones + REFUSED catch-all
    docker-compose.yml                  CoreDNS in host-net mode
    Makefile                            up/down/logs/regen/test/axfr-test
    .env / .env.example                 image pin + bind IPs
    scripts/generate-secondary-corefile.sh  reads ../zones/*.zone

  scripts/notify-he.py → notify-secondaries.py
                                        adds 64.177.113.227 as a second
                                        NOTIFY target alongside HE's
                                        216.218.130.2

Uses CoreDNS's `bind` plugin to avoid colliding with systemd-resolved
on loopback :53. Authoritative-only — non-listed zones get REFUSED, no
recursion. AXFR pull requires opening TCP/53 on dell01's FortiWiFi for
the secondary's IP (manual step, separate from this commit).

2026-05-20 18:40:11 -06:00

caddy

coredns: production Let's Encrypt cert via Caddy sidecar (DNS-01 + Vultr)

2026-05-14 01:34:57 -06:00

coredns

Phase 0 scaffolding: RFC 2136 plugin groundwork (inactive)

2026-05-20 18:20:43 -06:00

scripts

secondary: scaffold public CoreDNS secondary on ns.supported.systems

2026-05-20 18:40:11 -06:00

secondary

secondary: scaffold public CoreDNS secondary on ns.supported.systems