knot-dns
CommunitySelf-host authoritative DNS with ACME TSIG
Software Engineering#fly.io#authoritative dns#knot dns#acme dns-01#rfc 2136#tsig#cloudflare migration
Authorerfianugrah
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Provides an authoritative DNS deployment on Fly.io using Knot DNS while keeping ACME DNS-01 issuance working through a secure TSIG-based RFC 2136 path.
Core Features & Use Cases
- Deploy Knot DNS end-to-end on Fly: run Knot 3.5 with correct Fly networking assumptions (including the TCP PROXY-related constraint) and durable configuration using confdb.
- Secure ACME DNS-01 updates via RFC 2136: configure tightly-scoped TSIG keys and the correct Knot ACL matching behavior for _acme-challenge TXT updates.
- Migrate from Cloudflare to self-hosted authoritative DNS: use outgoing AXFR from Knot/Cloudflare with verification steps, then cut over the registrar NS and migrate Caddy sites from dns cloudflare to dns rfc2136.
Quick Start
Deploy the referenced Knot-on-Fly setup for your zone from the working tree, then update your Caddy site blocks to use dns rfc2136 with the TSIG_CADDY_ACME key and the Knot anycast resolver.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: knot-dns Download link: https://github.com/erfianugrah/dotfiles/archive/main.zip#knot-dns Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.