From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
Subject: Re: DNS delegation
Date: Wed, 13 Mar 2019 16:00:34 +0100
Message-ID: <875zsm6cq5.fsf@gnu.org>
References: <20190304223229.2a239785@lepiller.eu>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
In-Reply-To: <20190304223229.2a239785@lepiller.eu> (Julien Lepiller's message
	of "Mon, 4 Mar 2019 22:32:43 +0100")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Julien Lepiller <julien@lepiller.eu>
Cc: guix-devel@gnu.org, guix-sysadmin@gnu.org

Hi Julien,

Julien Lepiller <julien@lepiller.eu> skribis:

> we've already discussed that multiple times, we'd like to have a DNS
> delegation for guix.gnu.org, so that we can manage the zone ourselves
> without having to rely too much on fsf sysadmins.
>
> Here is a patch (untested) that aims at doing that. I've configured
> bayfront and berlin to be DNS authoritative servers. bayfront is the
> master (it is the one that needs to be updated when a change happens in
> the zone), and berlin is set as slave (it will automatically follow
> changes in bayfront). I've enabled dnssec on bayfront, since it's the
> one that's going to sign the zone, and transfer signatures to its slave.

Cool, thanks for working on it!

> Currently the zone (in modules/sysadmin/dns.scm) is incomplete. What
> needs to be there?

I guess we=E2=80=99d need to have roughly the same entries as we currently =
have
on guix.info, so what you wrote is a good start and we can always adjust
later.

> From 331a85e469579c02a3fc338a6fb0bade3916c666 Mon Sep 17 00:00:00 2001
> From: Julien Lepiller <julien@lepiller.eu>
> Date: Mon, 4 Mar 2019 22:00:22 +0100
> Subject: [PATCH] hydra: Add dns services for guix.gnu.org.
>
> * hydra/bayfront.scm (services): Add knot-service.
> * hydra/berlin.scm (services): Add knot-service.
> * hydra/modules/sysadmin/dns.scm: New file.

So it looks like this does the work on the Guix side.

We now need to get the gnu.org admins to delegate to both bayfront and
berlin, is that correct?  Anything else we need to do?

Thank you!

Ludo=E2=80=99.