From 5aa739bc125dab6a3c03e0c1bcee1fbe9bc8998a Mon Sep 17 00:00:00 2001
From: Saibot21 <92251573+Saibot21@users.noreply.github.com>
Date: Mon, 25 Mar 2024 22:21:25 +0100
Subject: [PATCH 1/2] provide secondary for freifunk.net

---
 dns-server/auth/named.conf.local | 13 +++++++++++++
 dnsdist/dnsdist.conf.j2          |  2 ++
 2 files changed, 15 insertions(+)

diff --git a/dns-server/auth/named.conf.local b/dns-server/auth/named.conf.local
index 50d1a2a..0fe37ea 100644
--- a/dns-server/auth/named.conf.local
+++ b/dns-server/auth/named.conf.local
@@ -8,6 +8,7 @@
 {%- set update_keys = salt['pillar.get']('netbox:config_context:dns_zones:update_keys') %}
 {%- set zones = salt['pillar.get']('netbox:config_context:dns_zones:zones') %}
 {%- set freifunk_net_zones = salt['pillar.get']('netbox:config_context:dns_zones:freifunk_net_zones') %}
+{%- set freifunk_net_axfr = salt['pillar.get']('netbox:config_context:dns_zones:freifunk_net_axfr_key') %}
 
 
 {%- for zone_key in update_keys | sort %}
@@ -17,6 +18,18 @@ key "{{ zone_key }}" {
 };
 {%- endfor %}
 
+key "freifunk-net-axfr" {
+  algorithm hmac-sha512;
+  secret "{{ freifunk_net_axfr['key'] }}";
+};
+
+zone „freifunk.net“ {
+	type slave;
+	file „/etc/bind/zones/db.freifunk.net“;
+	allow-notify { 127.0.0.1; ::1; };
+	notify primary-only;
+	masters		{ 213.160.72.212 key freifunk-net-axfr; };
+};
 
 {%- for zone in zones %}
 zone "{{ zone }}" {
diff --git a/dnsdist/dnsdist.conf.j2 b/dnsdist/dnsdist.conf.j2
index 18e885d..a04a4be 100644
--- a/dnsdist/dnsdist.conf.j2
+++ b/dnsdist/dnsdist.conf.j2
@@ -107,6 +107,8 @@ newServer({address="1.1.1.1", name="anycastCF", pool="auth"})
 {%- endif %}{# authoritative #}
 
 addAction({'in.ffmuc.net', 'ov.ffmuc.net', 'ffmuc.net', 'ffmuc.bayern', 'fnmuc.net', 'freewifi.bayern', 'freifunk-muenchen.de', 'xn--freifunk-mnchen-8vb.de.', 'freifunk-muenchen.net', 'muenchen.freifunk.net', 'xn--mnchen-3ya.freifunk.net', 'augsburg.freifunk.net', 'wertingen.freifunk.net', 'donau-ries.freifunk.net'}, PoolAction("auth"), {name="Redirect-Auth"})
+addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("213.160.72.212"))}), RCodeAction(DNSRCode.REFUSED))
+addAction({'freifunk.net'}, PoolAction("auth"), {name="Redirect-Auth-freifunk.net"})
 
 {#- some stats #}
 addAction({'in-addr.arpa', 'ip6.arpa'}, NoneAction(), {name="RDNS"})

From ccd26bfbd0d948facde325b0f030d7000c22c7db Mon Sep 17 00:00:00 2001
From: Saibot21 <92251573+Saibot21@users.noreply.github.com>
Date: Thu, 4 Apr 2024 20:38:12 +0200
Subject: [PATCH 2/2] send notify to secondaries

---
 dns-server/auth/named.conf.local | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dns-server/auth/named.conf.local b/dns-server/auth/named.conf.local
index 0fe37ea..67d18ec 100644
--- a/dns-server/auth/named.conf.local
+++ b/dns-server/auth/named.conf.local
@@ -27,7 +27,8 @@ zone „freifunk.net“ {
 	type slave;
 	file „/etc/bind/zones/db.freifunk.net“;
 	allow-notify { 127.0.0.1; ::1; };
-	notify primary-only;
+	notify explicit;
+	also-notify port 553 { 10.8.0.39; 10.8.0.40; 10.8.0.38; 10.8.0.13; };
 	masters		{ 213.160.72.212 key freifunk-net-axfr; };
 };