From 885afc244b0519fd30e528216c2af81244dc8013 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20Rosenkr=C3=A4nzer?= <bero@federated.computer>
Date: Sat, 25 Jan 2025 00:19:41 +0100
Subject: [PATCH] [pdns] Allow AXFR to dns.fedcom.net

---
 lib/pdns.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/pdns.sh b/lib/pdns.sh
index 4a8b5ca..09f266b 100644
--- a/lib/pdns.sh
+++ b/lib/pdns.sh
@@ -57,7 +57,9 @@ PDNS_webserver_password=$PDNS_WEBSERVER_PASSWORD
 PDNS_version_string=anonymous
 PDNS_default_ttl=1500
 PDNS_allow_notify_from=0.0.0.0
-PDNS_allow_axfr_ips=127.0.0.1
+PDNS_allow_axfr_ips=5.161.216.170/32
+PDNS_also_notify=5.161.216.170
+PDNS_disable_axfr=no
 PDNS_default_soa_content=ns1.@ hostmaster.@ 0 10800 3600 604800 3600
 PDNS_allow_dnsupdate_from=127.0.0.0/8,::1,192.168.0.0/16
 PDNS_dnsupdate=yes
@@ -90,6 +92,9 @@ curl -X PATCH --data '{"rrsets": [ {"name": "*.$DOMAIN.", "type": "CNAME", "ttl"
 pdnsutil add-record $DOMAIN @ NS ns1.$DOMAIN
 pdnsutil add-record $DOMAIN @ NS ns2.$DOMAIN
 pdnsutil add-record $DOMAIN @ A 86400 $EXTERNALIP
+
+pdnsutil import-tsig-key fedcomdns hmac-sha512 2BJrbNNmy5Hl+uFO1QcvQBpXx+Kbv9IdbyrHpwK7lYWDKmgTOmJu7eR0srfRNSVpTOnK6bQWOm4BxkrrQxd6Gw==
+pdnsutil activate-tsig-key $DOMAIN fedcomdns primary
 EOF
 chmod +x /federated/apps/pdns/data/root/createrecords.sh