From 568ca39c64d077275c147b89cf27c23aaee76439 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Mon, 23 Dec 2019 23:20:56 +0100 Subject: [PATCH] . --- Posts/DnsServer | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Posts/DnsServer b/Posts/DnsServer index 7bb05c8..3931d9a 100644 --- a/Posts/DnsServer +++ b/Posts/DnsServer @@ -339,7 +339,7 @@ $ solo5-hvt --net:service=tap2 -- letsencrypt.hvt --keys=... $ ocertify 10.0.42.2 foo.mirage ``` -For actual testing with let's encrypt servers you need to have the primary and secondary deployed on your remote hosts, and your domain needs to be delegated to these servers. Good luck. +For actual testing with let's encrypt servers you need to have the primary and secondary deployed on your remote hosts, and your domain needs to be delegated to these servers. Good luck. And ensure you have backup your git repository. As fine print, while this tutorial was about the `mirage` zone, you can stick any number of zones into the git repository. If you use a `_keys` file (without any domain prefix), you can configure hmac secrets for all zones, i.e. something to use in your let's encrypt unikernel and secondary unikernel. Dynamic addition of zones is supported, just create a new zonefile and notify the primary, the secondary will be notified and pick it up. The primary responds to a signed SOA for the root zone (i.e. requested by the secondary) with the SOA response (not authoritative), and additionally notifications for all domains of the primary.