3 files changed, 22 insertions, 3 deletions

diff --git a/sys/ns/ns.nix b/sys/ns/ns.nix
index 30a98d4..56460c1 100644
--- a/sys/ns/ns.nix
+++ b/sys/ns/ns.nix
@@ -15,8 +15,22 @@ with lib; {
         };
 
         config = mkIf cfg.enable {
+          # https://docs.gandi.net/en/domain_names/advanced_users/secondary_nameserver.html
+          nsdConfig =
+            let
+              gandiSecondary = [
+                "17.70.177.40 NOKEY"
+                "2001:4b98:d:1::40 NOKEY"
+              ];
+            in
+            {
+              notify = gandiSecondary;
+              provideXFR = gandiSecondary;
+            };
+
           ns = [
             { name = "@"; host = cfg.primary; }
+            { name = "@"; host = "ns6.gandi.net."; }
           ];
 
           a = [
diff --git a/sys/ns/nsd.nix b/sys/ns/nsd.nix
index 46ec1e6..29dd665 100644
--- a/sys/ns/nsd.nix
+++ b/sys/ns/nsd.nix
@@ -29,9 +29,7 @@ in
       tcpTimeout = 30;
       tcpQueryCount = 128;
 
-      zones = mapAttrs
-        (_: zone: { data = zone.content; })
-        config.local.ns.zones;
+      zones = mapAttrs (_: zone: zone.nsdConfig) config.local.ns.zones;
     };
   };
 }
diff --git a/sys/ns/rr.nix b/sys/ns/rr.nix
index 3ccbd55..11e1aa6 100644
--- a/sys/ns/rr.nix
+++ b/sys/ns/rr.nix
@@ -54,6 +54,11 @@ in
             default = 3600;
           };
 
+          nsdConfig = mkOption {
+            type = attrsOf unspecified;
+            default = { };
+          };
+
           content = mkOption {
             type = lines;
             readOnly = true;
@@ -202,6 +207,8 @@ in
         };
 
         config = {
+          nsdConfig.data = config.content;
+
           content =
             let
               rrLine = rr: concatMapStringsSep " " toString ([ rr.name rr.ttl rr.class rr.type ] ++ rr.data);