Generate a minimal zone file consisting only of an $ORIGIN
and a $TTL
directive, a SOA record and a number of $INCLUDE
directives.
When any of the included files change, the serial number is incremented and the DNS server reloaded.
This is useful if you want to have a zone file with some static parts (e.g. autogenerated or hand-written) and dynamic parts (e.g. dynamic DNS). Use dyndnsd with zonegen if you want DNS names for dynamic IP addresses.
Take a look at nix/tests/NixOS-integration-test.nix
for an example. You need to import the module and overlay provided by this flake.
I use this service only on NixOS but it should just work on other Linux distributions as well.
- Install a rust compiler
- Compile the program from source with
cargo build
- Copy the binary into a sensible location like
/usr/local/bin
- Copy the systemd unit from
systemd/zonewatch.service
to/etc/systemd/system/zonewatch.service
and adapt it to your needs - Copy the example configuration file to
/etc/zonewatch/config.toml
- Modify or add zones and includes in the configuration file
- Enable and start the systemd unit
- Set up a DNS server like BIND to read the generated zone file
zonewatch
does not parse the existing zone file before overwriting it.
Since reading zone files would require more effort and not provide the same consistency guarantees, all state is stored in an SQLite database and the files are recreated from scratch every time.
Important
This is one of my first Rust projects so the code will not look very idiomatic. If you have any suggestions for improvements, please do not hesitate to create an issue or even a PR! 🖤
If you would like to see any of the following TODO items implemented, please file an issue so I know that it is important to someone.
- Add code to revert database migrations if the application is downgraded (e.g. after a NixOS rollback). The reversible migrations of SQLx seem to not work at all for this use-case
- Set Read-Only file permissions for created zone files
- Handle huge zone files by not reading each file into RAM to then pass it into the hash function but instead stream the file to the hash function
- Test with DNS servers other than BIND
- Log warning when a zone file
$INCLUDE
s another zone file as that file will not be monitored for changes - Log warning when a zone file is a symbolic link as that file will not be monitored for changes
The license is the GNU GPLv3 (GPL-3.0-only).