bitcoin-seeder icon indicating copy to clipboard operation
bitcoin-seeder copied to clipboard

Published 20 hours ago verified publisher icon sipa

DNSSEC setup for dnsseed

Open Emzy opened this issue 4 years ago • 11 comments

Documentation to run a bind9 with DNSSEC in front of the bitcoin-seeder

Emzy avatar Oct 07 '20 14:10 Emzy

@ysangkok thank you for the review. Very appreciated. I'm still learning to use Github. So I hope I did it all right.

Emzy avatar Oct 30 '20 11:10 Emzy

@Emzy just noticed this PR :-) Can you rebase the PR on top of master, and also squash the commits with duplicate names?

Sjors avatar Mar 10 '23 12:03 Sjors

Just did that. Looks like it was already rebased to master.

Emzy avatar Mar 10 '23 13:03 Emzy

@Emzy after a rebase there shouldn't be a commit [Merge branch 'sipa:master' into master] left though.

Sjors avatar Mar 10 '23 14:03 Sjors

Sorry, I'm still try to master git. I think I got it now into the right state.

Emzy avatar Mar 10 '23 15:03 Emzy

That worked. But to further improve your mastery, try git rebase -i HEAD~5, and then replace pick with fixup for the second line (it should run hourly). That'll squash it into the first commit. You can also try Github Desktop which just lets you drag one commit into another.

Sjors avatar Mar 10 '23 16:03 Sjors

Did exactly that. As a console user I prefer the git command line.

Emzy avatar Mar 10 '23 16:03 Emzy

Ok, might as well also squash 2bf3b632db6f0a63e81f158c2b1699766be59179 in it, because:

  1. it touch a file that is new in this PR
  2. having it as a separate commit doesn't aid review, nor does it help later in debugging

b7b80ac4159f2285d0f0d346fafab39d8d00e064 makes (slightly) more sense as it's own commit, because the commit message explains the purpose of that line (which shows up in git blame)

I would squash 2d6a09c069810c9aa5459379ac56477215644cf9 into the first commit, because the end result is more readable than the initial thing. So if I review a PR one commit at a time, I have to study the grep stuff, only to see it disappear a few commits later.

(I'd probably just squash this entire PR into one commit, but the above illustrates my thinking on commits)

Sjors avatar Mar 10 '23 19:03 Sjors

I agree, it makes sense to have it as just one commit. Your guidance is very appreciated.

Emzy avatar Mar 10 '23 21:03 Emzy

I also noticed that compared to the tutorial you're not adding a Zone Signing Key(ZSK). (nvm, you are, but not using the terminology)

Update: I think it works now, I had to use the hostname in one place - see above.

Sjors avatar Aug 21 '23 15:08 Sjors

It was a bit of a struggle to get all the key files in the right place. Not sure if I did it correctly, but at least this looks good: Scherm­afbeelding 2023-08-21 om 19 36 47

I ended up putting all the keys in /etc/bind and also set key-directory "/etc/bind"; to that. All files there are owned by root:bind. Otherwise I kept getting errors that it wasn't finding this or that (private) key.

I used some cron-hack to make it update every 15 seconds, which is hopefully good enough for now.

Sjors avatar Aug 21 '23 17:08 Sjors