Studenten Net Twente making the net wiki work

Hornet

The hornet committee is responsible for the maintaining of the hornet platform.

Procedure for creation of new account

  • Optional: Some associations may instead request a package through M&C
  • Hornet account is requested here https://hornet.snt.utwente.nl/nl/sign-up
  • Details are checked by the board member responsible for hornet
  • Secretary will create the appropriate contracts and billing agreements
  • Board member responsible for hornet will create the account in hornet
  • Requester has to send an email/ticket to servicedesk-ict@utwente.nl asking for a new domain with the nameservers to be set to:
  • ns4.snt.utwente.nl ns5.snt.utwente.nl ns6.snt.utwente.nl
  • LISA will point the domain, and the website should be usable through hornet. It is a good idea to verify that everything went correctly and the requester knows how to continue. M&C mentions the need for LISA to talk to us about DNSSEC, but that does not seem to be necessary anymore.

DNS zones

We run quite an interesting DNS setup. DNS. The most important part here is that cpanel-prod runs a hidden DNS master. And ns4,5,6 are separate machines that replicate from there using AFXR. This is not the quickest, or the most reliable. But it usually works.

DNSSEC

The UT, and SNT, really want DNSSEC enabled for all domains registered at the UT. Creating a new site in hornet automatically runs a script `/opt/hornet-scripts/cpanel/snt-configure-zone.py`, which creates a DNSSEC combined signing key.

IMPORTANT: Secondary domains

Adding new domains in cpanel is possible, but the script does not automatically trigger.

DO NOT MAKE YOUR OWN DNSSEC KEYS. THIS WILL NOT SYNC CORRECTLY. This is due to issues with nsec3_narrow combined with AFXR.

Instead, run

/opt/hornet-scripts/cpanel/snt-configure-zone.py <<< '{"data": {"user": "cpanelusernam", "domain": "associationdomainname.nl"}}'

with the current domain and username to setup the DNSSEC records in a way that they automatically sync to the other nameservers.

This script will automatically email the DNSSEC records to dnsmaster @ snt, which forwards to some syscommers and board. You can forward this mail nicely to servicedesk, where it usually ends up at Frederik.

commissies/hornet/start.txt · Last modified: 2025/06/24 11:20 by haaijer