diff --git a/authoritative-dns.nix b/authoritative-dns.nix index e542c16..f13553a 100644 --- a/authoritative-dns.nix +++ b/authoritative-dns.nix @@ -38,6 +38,12 @@ let "List of subnets for which to generate reverse lookup zones."; default = [ ]; }; + + notify-ips = mkOption { + type = listOf str; + description = "List of IP addresses to notify of changes."; + default = [ ]; + }; }; }; @@ -96,8 +102,8 @@ in { nameValuePair "${domain}." { dnssec = ksk.key-file != null; ksk.keyFile = ksk.key-file; - provideXFR = map (ns: "${ns}/32 NOKEY") zone.nameservers; - notify = map (ns: "${ns} NOKEY") zone.nameservers; + provideXFR = map (ns: "${ns}/32 NOKEY") zone.notify-ips; + notify = map (ns: "${ns} NOKEY") zone.notify-ips; data = zoneToZonefile { inherit domain; inherit (cfg) timestamp; @@ -109,7 +115,7 @@ in { listToAttrs (map (network: reverseZonefile { inherit domain network; - inherit (zone) nameservers; + inherit (zone) nameservers notify-ips; keyFile = ksk.key-file; ipHostMap = cfg.ip-host-map; serial = cfg.timestamp; diff --git a/reverse-zone.nix b/reverse-zone.nix index b198070..31b5496 100644 --- a/reverse-zone.nix +++ b/reverse-zone.nix @@ -1,6 +1,6 @@ { pkgs, ... }: -{ domain, network, nameservers, ipHostMap, serial, keyFile ? null +{ domain, network, nameservers, notify-ips, ipHostMap, serial, keyFile ? null , zoneTTL ? 10800, refresh ? 3600, retry ? 1800, expire ? 604800, minimum ? 3600 }: @@ -54,8 +54,8 @@ let in nameValuePair "${getNetworkZoneName network}" { dnssec = keyFile != null; ksk.keyFile = keyFile; - provideXFR = map (ns: "${ns}/32 NOKEY") nameservers; - notify = map (ns: "${ns} NOKEY") nameservers; + provideXFR = map (ns: "${ns}/32 NOKEY") notify-ips; + notify = map (ns: "${ns} NOKEY") notify-ips; data = '' $ORIGIN ${getNetworkZoneName network} $TTL ${toString zoneTTL}