fix(dns01): open ports and bind to interface

machines/dns01/_configuration.nix

@@ -13,6 +13,13 @@ lib.extra.mkConfig {
   extraConfig = {
     # TODO : retrieve this address from meta/network.nix
     deployment.targetHost = "45.13.104.26";
+    networking.firewall = {
+      enable = true;
+      logRefusedConnections = lib.mkForce true;
+      logRefusedPackets = lib.mkForce true;
+      allowedTCPPorts = [ 53 ];
+      allowedUDPPorts = [ 53 ];
+    };
   };
 
   root = ./.;

machines/dns01/lab.dgnum.eu.nix

@@ -7,7 +7,7 @@ in
 with dns.lib.combinators;
 {
   SOA = {
-    nameServer = "dns01.lab.dgnum.eu";
+    nameServer = "ns01.lab.dgnum.eu";
     adminEmail = "dns@dgnum.eu";
     serial = 2019030800;
     retry = 3600;
@@ -15,7 +15,7 @@ with dns.lib.combinators;
   };
 
   NS = [
-    "dns01.lab.dgnum.eu."
+    "ns01.lab.dgnum.eu."
   ];
 
   #A = [ "203.0.113.1" ];
@@ -28,7 +28,7 @@ with dns.lib.combinators;
     immich = host "129.199.146.101" null;
 
     # Nameservers
-    dns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26";
+    ns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26";
 
     # *.infra.beta.dgnum.eu
     infra = {

machines/dns01/nsd.nix

@@ -6,6 +6,8 @@ in
 {
   services.nsd = {
     enable = true;
+    verbosity = 1000;
+    interfaces = [ "2a0e:e701:1120:1000:ffff::45.13.104.26" ];
     zones = {
       "lab.dgnum.eu" = {
         # provideXFR = [ ... ];
@@ -14,9 +16,4 @@ in
       };
     };
   };
-  networking = {
-    firewall = {
-      allowedUDPPorts = [ 53 ];
-    };
-  };
 }