From 767f031898e8eefc13adb55084f88eae6e0660ef Mon Sep 17 00:00:00 2001 From: Serge Bazanski Date: Wed, 8 Dec 2021 14:07:39 +0000 Subject: [PATCH] bgpwtf: fix edge01 DNS blackholing The grapevine says that people were being fined for not supporting a punycode domain. This was broken in rsh-unbound, so I had to fix it. I then also realized we never were reloading unbound, so some changes might've been slow to propagate. Change-Id: Ie461a2ba27b5f447654a70f56bd73d3732b256ee Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1180 Reviewed-by: q3k --- bgpwtf/machines/edge01.waw.bgp.wtf.nix | 6 ++++++ bgpwtf/machines/modules/rsh-unbound.nix | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/bgpwtf/machines/edge01.waw.bgp.wtf.nix b/bgpwtf/machines/edge01.waw.bgp.wtf.nix index e9d88e58..bdb55e31 100644 --- a/bgpwtf/machines/edge01.waw.bgp.wtf.nix +++ b/bgpwtf/machines/edge01.waw.bgp.wtf.nix @@ -51,8 +51,14 @@ in rec { # Rejestr Stron Hazardowych. # Populated by the rsh-unbound daemon. include: "/var/lib/unbound/rsh.conf" + + remote-control: + control-enable: yes + control-interface: /var/run/unbound.ctl ''; }; + # Fix `systemctl reload unbound`. + systemd.services.unbound.reload = "${pkgs.unbound}/bin/unbound-control -c /var/lib/unbound/unbound.conf reload"; hscloud.rsh = { enable = true; out = "/var/lib/unbound/rsh.conf"; diff --git a/bgpwtf/machines/modules/rsh-unbound.nix b/bgpwtf/machines/modules/rsh-unbound.nix index 20442fc7..f4ec13af 100644 --- a/bgpwtf/machines/modules/rsh-unbound.nix +++ b/bgpwtf/machines/modules/rsh-unbound.nix @@ -36,11 +36,11 @@ let src = pkgs.fetchFromGitHub { owner = "q3k"; repo = "rsh-unbound"; - rev = "3d98c754adadddfae59387d033aef531f47dee5d"; - sha256 = "1ia33893m1dknw36vss97limlb1d28z5nkrkw6b4mp1igdgqsfcz"; + rev = "31f8975d30a301fdf6f1d445826ebcd671ae07a3"; + sha256 = "sha256-twI9VzPLBgztdccDgB29lJG7ekwpjr1eh27nR5F/TMA="; }; - vendorSha256 = "1w94g2dwhf47jmds95frb26ypjmis5zhyy85rmd124v0nz3axzhf"; + vendorSha256 = "sha256-A8yHaqSWHhvNmGrk6C6XOVYfVaFbiPmKqglg6gImwWM="; }; cfg = config.hscloud.rsh;