chiark / gitweb /
~mdw / zones / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
*.lisp: Deploy `eggle' as a nameserver.
[zones] / distorted.lisp
CommitLineData
e80b4c2d
MW		 1;;; Zone file for distorted.org.uk
2
b4d4c18b 3(load "hosts.lisp" :verbose nil)
e80b4c2d 4
aef7892b
MW		 5;;;--------------------------------------------------------------------------
6;;; Anycast services.
7
8(defvar *anycast-routable-families* (list :ipv6))
9
10(defzoneparse :anycast (name data rec :prefix prefix :zname zname)
11 (destructuring-bind (any-provider default-provider &rest other-providers)
12 data
13
14 ;; First, the default address. If the anycast network is preferred then
15 ;; this is easy; otherwise we have something complicated to do because
16 ;; IPv6 anycast addresses are globally routable, while IPv4 ones aren't.
17 (if (zone-preferred-subnet-p (car any-provider))
18 (zone-set-address #'rec (cdr any-provider) :make-ptr-p t)
6baf2de2 19 (do-host (addr (cdr any-provider))
aef7892b
MW		 20 (let ((family (ipaddr-family addr)))
21 (if (member family *anycast-routable-families*)
22 (zone-set-address #'rec addr
23 :family family :make-ptr-p t)
24 (zone-set-address #'rec (cdr default-provider)
25 :family family :make-ptr-p nil)))))
26
27 ;; Now for all of the others.
28 (dolist (provider (list* any-provider default-provider other-providers))
29 (zone-set-address #'rec (cdr provider)
30 :make-ptr-p (eq provider any-provider)
c9f96590
MW		 31 :name (domain-name-concat prefix
32 (zone-parse-host
33 (car provider)
34 zname))))))
aef7892b 35
07fe1e43
MW		 36;;;--------------------------------------------------------------------------
37;;; Hostname abbreviations.
38
39(defvar *abbrev-subdomain*
40 (make-domain-name :labels '("abbrev") :absolutep nil))
41(defparameter *abbrev-used* (make-hash-table :test #'equal))
42
43(defzoneparse :abbrev (name data rec :zname zname)
44 (let* ((domain (zone-parse-host data
45 (domain-name-concat *abbrev-subdomain*
46 zname)))
47 (key (princ-to-string domain))
48 (existing (gethash key *abbrev-used*)))
49 (when existing
50 (error "Abbrev collision for ~A between ~A and ~A."
51 domain existing name))
52 (setf (gethash key *abbrev-used*) name)
53 (rec :name domain
54 :type :cname
55 :data name)))
56
b1d5c6c2
MW		 57;;;--------------------------------------------------------------------------
58;;; Other definitions.
e80b4c2d
MW		 59
60(setf *default-zone-admin* "hostmaster@distorted.org.uk")
2bc217e8 61
ff6c53ad 62(setf *default-zone-source* 'radius.distorted.org.uk.)
e80b4c2d 63
b1d5c6c2
MW		 64;;;--------------------------------------------------------------------------
65;;; Main zone definition.
66
e80b4c2d 67(defzone distorted.org.uk
ec4898f9 68
6ef39f28 69 ;; Nameservers.
981c9c20
MW		 70 :ns ((radius.ns :ip radius)
71 (precision.ns :ip precision)
72 (telecaster.ns :ip telecaster)
1a8dfbe2 73 (national.ns :ip national)
b884d371 74 (eggle.ns :ip eggle)
981c9c20
MW		 75 #-view/inside (mythic-beasts-1.ns :ip mythic-ns1)
76 #-view/inside (mythic-beasts-2.ns :ip mythic-ns2)
fdcd43da 77 #-view/inside (mythic-beasts-3.ns :ip mythic-ns3)
981c9c20 78 #-view/inside (chiark.ns :ip chiark.greenend.org.uk))
ec4898f9 79
2e7d3852
MW		 80 ;; Certification.
81 :caa ((:issue "letsencrypt.org")
82 (:issue "distorted.org.uk"))
83
6ef39f28 84 ;; Mail servers.
68db42b5 85 ((@ mail blackhole) :mx mail :srv ((:smtp mail)))
11178c6e
MW		 86 (bugs :mx lists :srv ((:smtp bugs)))
87 (lists :mx lists :srv ((:smtp lists)))
8ddb3b7d
MW		 88 (_dmarc :dmarc (:v "DMARC1"
89 :p "quarantine" :sp "quarantine"
90 :adkim "s" :aspf "s"))
aa420955 91 ((_domainkey _domainkey.mail) :dname stratocaster.dkim)
37a0e278
MW		 92 ((stratocaster @ mail) :spf ((:version "spf1")
93 (:pass :ip stratocaster.dmz)
8ddb3b7d 94 (:soft :all)))
aa420955 95 ((_domainkey.bugs _domainkey.lists) :dname telecaster.dkim)
37a0e278
MW		 96 ((telecaster bugs lists) :spf ((:version "spf1")
97 (:pass :ip telecaster.dmz)
8ddb3b7d 98 (:soft :all)))
69bbb181 99
06f1bb3f 100 ;; Anycast services.
be5a78bf 101 (dns0 :anycast ((any dns0.any) (dmz radius.dmz)
aef7892b 102 (unsafe radius.unsafe)))
be5a78bf
MW		 103 (dns1 :anycast ((any dns1.any) (dmz precision.dmz)
104 (unsafe precision.unsafe)))
cfecfa5c
MW		 105 (dns :cname dns0)
106
be5a78bf
MW		 107 (ntp0 :anycast ((any ntp0.any) (dmz ibanez.dmz)
108 (unsafe ibanez.unsafe)))
109 (ntp1 :anycast ((any ntp1.any) (dmz fender.dmz)
110 (unsafe fender.unsafe)))
cfecfa5c
MW		 111 (ntp :cname ntp0)
112
be5a78bf
MW		 113 (www-cache :anycast ((any www-cache.any) (dmz telecaster.dmz)
114 (unsafe telecaster.unsafe)))
345c0f69
MW		 115 (wpad :cname www-cache)
116
cfecfa5c 117 (_kerberos :txt "DISTORTED.ORG.UK")
be5a78bf
MW		 118 (krb0 :anycast ((any krb0.any) (dmz radius.dmz)
119 (unsafe radius.unsafe)))
120 (krb1 :anycast ((any krb1.any) (dmz precision.dmz)
121 (unsafe precision.unsafe)))
cfecfa5c
MW		 122 (krb-master (unsafe :svc radius.unsafe)
123 (dmz :svc radius.dmz))
124 :srv (((:kerberos :protocol :udp)
125 krb0
126 (krb1 :prio 100))
127 ((:kerberos-master :protocol :udp :port 88) krb-master)
128 (:kerberos-adm krb-master)
129 ((:kpasswd :protocol :udp) krb-master))
130 (krb :cname krb0)
131
6ef39f28 132 ;; Other services.
96c2a692
MW		 133 :srv ((:http www)
134 (:ftp ftp))
ec4898f9 135
be5a78bf
MW		 136 ;; Formerly colocated services.
137 ((irc vox keys wiki) (unsafe :svc jazz.unsafe :sshfp "jazz")
138 (dmz :svc jazz.dmz :sshfp "jazz"))
270fa799 139 ((irc vox keys wiki) :tlsa (:https (:service-certificate-constraint
15cca8c6 140 :public-key :sha-256 #p"https-jazz")))
be5a78bf
MW		 141 ((bugs lists db ftp) (unsafe :svc telecaster.unsafe :sshfp "telecaster")
142 (dmz :svc telecaster.dmz :sshfp "telecaster"))
40832d80
MW		 143 ((bugs lists ftp) :tlsa (:https #3=(:service-certificate-constraint
144 :public-key :sha-256
145 #p"https-telecaster")))
be5a78bf
MW		 146 (dyndns :svc telecaster.dmz :sshfp "telecaster")
147 ((git www mail) (unsafe :svc stratocaster.unsafe :sshfp "stratocaster")
148 (dmz :svc stratocaster.dmz :sshfp "stratocaster"))
40832d80
MW		 149 ((www git mail @) :tlsa (:https #2=(:service-certificate-constraint
150 :public-key :sha-256
151 #p"https-stratocaster")))
5a8c792f
MW		 152 (www-cache :tlsa (3127 #1=(:trust-anchor-assertion
153 :certificate :sha-256 #p"distorted-ca")))
e30dcd9f 154 (mail :tlsa ((:submission :imap :imaps) #1#))
b868d3f4
MW		 155 (mail :tlsa (:smtp
156 #+view/inside #1#
157 #-view/inside (:domain-issued-certificate
158 :public-key :sha-256
159 #p"smtps-stratocaster")))
160 ((bugs lists) :tlsa (:smtp
161 #+view/inside #1#
162 #-view/inside (:domain-issued-certificate
163 :public-key :sha-256
164 #p"smtps-telecaster")))
be5a78bf
MW		 165 :svc #+view/inside stratocaster.unsafe
166 #-view/inside stratocaster.dmz
167 (cabal :svc stratocaster.dmz :sshfp "stratocaster")
4c25329e 168
6ef39f28 169 ;; Local services.
77fbb917 170 (rawk (unsafe :svc artist.unsafe) (dmz :svc artist.dmz))
c0e64dd8
MW		 171 (rawk :tlsa (:https (:service-certificate-constraint
172 :public-key :sha-256
173 #p"https-artist")))
f5c3343e 174 (mirror (dmz :svc roadstar.dmz :sshfp "roadstar")
8d261a89 175 (unsafe :svc roadstar.unsafe :sshfp "roadstar"))
ec4898f9 176
6ef39f28 177 ;; Internal services.
ccc6ea89 178 ((news lpr) :svc roadstar.unsafe :sshfp "roadstar")
ec4898f9 179
04db9729 180 ;; Anonymity services.
be5a78bf
MW		 181 (anon (dmz :svc anon.dmz)
182 (unsafe :svc jazz.unsafe))
04db9729 183
85a3496c 184 ;; Fancy connectivity.
be5a78bf
MW		 185 (iodine (dmz :svc jazz.dmz))
186 (hippotat (dmz :svc jazz.dmz))
187
188 ;; Formerly colocated hosts.
189 (fender :abbrev f (unsafe :abbrev fu) (dmz :abbrev fd))
190 (fender (unsafe :addr fender.unsafe :sshfp "fender")
191 (dmz :addr fender.dmz :sshfp "fender"))
192 (precision :abbrev p (unsafe :abbrev pu) (dmz :abbrev pd) (vpn :abbrev pv))
193 (precision (unsafe :addr precision.unsafe :sshfp "precision")
194 (dmz :addr precision.dmz :sshfp "precision")
195 (vpn :addr precision.vpn :sshfp "precision"))
07fe1e43 196 (telecaster :alias tele :abbrev t
be5a78bf
MW		 197 (unsafe :alias tele.unsafe :abbrev tu)
198 (dmz :alias tele.dmz :abbrev td))
199 (telecaster (unsafe :addr telecaster.unsafe :sshfp "telecaster")
200 (dmz :addr telecaster.dmz :sshfp "telecaster"))
07fe1e43 201 (stratocaster :alias strat :abbrev s
be5a78bf
MW		 202 (unsafe :alias strat.unsafe :abbrev su)
203 (dmz :alias strat.dmz :abbrev sd))
204 (stratocaster (unsafe :addr stratocaster.unsafe :sshfp "stratocaster")
205 (dmz :addr stratocaster.dmz :sshfp "stratocaster"))
206 (jazz :abbrev z (unsafe :abbrev zu) (dmz :abbrev zd) (vpn :abbrev :zv))
207 (jazz (unsafe :addr jazz.unsafe :sshfp "jazz")
208 (dmz :addr jazz.dmz :sshfp "jazz")
aa779726 209 (vpn :addr jazz.vpn :sshfp "jazz")
df1d9fe1
MW		 210 (iodine :addr jazz.iodine :sshfp "jazz")
211 (hippo :addr jazz.hippo :sshfp "jazz"))
38c2de7c 212
b577b999 213 ;; Virtual hosts.
be5a78bf 214 (national :abbrev n (linode :abbrev nl) (upn :abbrev ny))
4ac8501e 215 (national (linode :addr national.linode) (upn :addr national.upn))
eec350e2
MW		 216 (eggle :abbrev e (jump :abbrev ej) (upn :abbrev ey))
217 (eggle (jump :addr eggle.jump) (upn :addr eggle.upn))
be5a78bf 218 (mdwdev (upn :addr mdwdev.upn))
b577b999 219
e8ba93bc 220 ;; Nicko's servers.
be5a78bf
MW		 221 (richmond (dmz :svc richmond.dmz))
222 (marshall (dmz :svc marshall.dmz))
a20ec58c 223
76e1e45a
MW		 224 ;; Entry is via little router box.
225 (dmz :net dmz)
f5c3343e
MW		 226 (guvnor (dmz :addr guvnor.dmz))
227 (nat (dmz :addr nat.dmz))
76e1e45a 228
327c80f3 229 ;; Wireless access points.
76e1e45a
MW		 230 (wireless :net wireless)
231 (evolution (safe :addr evolution.safe))
232 (evolution :alias evo)
25679b6d 233 (kitkat :alias ap0)
327c80f3 234 (kitkat (safe :addr kitkat.safe))
25679b6d 235 (lunch :alias ap1)
327c80f3 236 (lunch (safe :addr lunch.safe))
f233386b
MW		 237
238 ;; Printer.
af319f47 239 (burntaxe :alias lp0)
32926f3b 240 (burntaxe (safe :addr burntaxe.safe))
76e1e45a 241
f8f3b283 242 ;; Switches.
c32d96fa
MW		 243 (grigsby :alias tp0)
244 (grigsby (safe :addr grigsby.safe))
245 (carling :alias tp1)
246 (carling (safe :addr carling.safe))
247 (tritan :alias tp2)
248 (tritan (safe :addr tritan.safe))
f8f3b283 249
6ef39f28 250 ;; Wired ethernet.
04d65182
MW		 251 (unsafe :net unsafe)
252 (safe :net safe)
253 (untrusted :net untrusted)
07fe1e43 254 (vampire :abbrev v
be5a78bf 255 (unsafe :abbrev vu) (dmz :abbrev vd) (vpn :abbrev vv)
f5c3343e 256 (safe :abbrev vs) (untrusted :abbrev vx))
c3997955
MW		 257 (vampire (unsafe :addr vampire.unsafe :sshfp "vampire")
258 (dmz :addr vampire.dmz :sshfp "vampire")
aa779726 259 (vpn :addr vampire.vpn :sshfp "vampire")
c3997955
MW		 260 (safe :addr vampire.safe :sshfp "vampire")
261 (untrusted :addr vampire.untrusted :sshfp "vampire"))
f5c3343e 262 (ibanez :abbrev i (unsafe :abbrev iu) (dmz :abbrev id))
c3997955
MW		 263 (ibanez (unsafe :addr ibanez.unsafe :sshfp "ibanez")
264 (dmz :addr ibanez.dmz :sshfp "ibanez"))
07fe1e43 265 (radius :abbrev r
be5a78bf 266 (unsafe :abbrev ru) (dmz :abbrev rd) (vpn :abbrev rv)
f5c3343e 267 (safe :abbrev rs) (untrusted :abbrev rx))
c3997955
MW		 268 (radius (unsafe :addr radius.unsafe :sshfp "radius")
269 (dmz :addr radius.dmz :sshfp "radius")
aa779726 270 (vpn :addr radius.vpn :sshfp "radius")
c3997955
MW		 271 (safe :addr radius.safe :sshfp "radius")
272 (untrusted :addr radius.untrusted :sshfp "radius"))
f5c3343e 273 (roadstar :abbrev rg (unsafe :abbrev rgu) (dmz :abbrev rgd))
c3997955
MW		 274 (roadstar (unsafe :addr roadstar.unsafe :sshfp "roadstar")
275 (dmz :addr roadstar.dmz :sshfp "roadstar"))
f5c3343e 276 (jem :abbrev j (unsafe :abbrev ju) (dmz :abbrev jd))
c3997955
MW		 277 (jem (unsafe :addr jem.unsafe :sshfp "jem")
278 (dmz :addr jem.dmz :sshfp "jem"))
f5c3343e 279 (universe :abbrev u (unsafe :abbrev uu) (dmz :abbrev ud))
664e6cf9
MW		 280 (universe (unsafe :addr universe.unsafe :sshfp "universe")
281 (dmz :addr universe.dmz :sshfp "universe"))
07fe1e43 282 (artist :abbrev a
f5c3343e 283 (unsafe :abbrev au) (dmz :abbrev ad) (untrusted :abbrev ax))
c3997955
MW		 284 (artist (unsafe :addr artist.unsafe :sshfp "artist")
285 (dmz :addr artist.dmz :sshfp "artist")
286 (untrusted :addr artist.untrusted :sshfp "artist"))
25d23a91 287 (groove :abbrev gr
be5a78bf 288 (vpn :abbrev grv) (unsafe :abbrev gru))
bda4d30e 289 (groove (vpn :addr groove.vpn :sshfp "groove")
bda4d30e 290 (unsafe :addr groove.unsafe :sshfp "groove"))
ec4898f9 291
ff6c53ad 292 ;; DHCP hosts.
07fe1e43 293 (gibson :cname gibson.dhcp :abbrev g)
4b5e05ad
MW		 294 (lespaul :cname lespaul.dhcp)
295 (firebird :cname firebird.dhcp)
aa4d55b1
MW		 296 (marauder :cname marauder.dhcp)
297 (invader :cname invader.dhcp)
098020ad 298 (gretsch :cname gretsch.dhcp)
ec4898f9 299
6ef39f28 300 ;; Virtual network.
be5a78bf 301 (vpn :net vpn)
07fe1e43 302 (crybaby :abbrev cb)
df1d9fe1
MW		 303 (crybaby (vpn :addr crybaby.vpn :sshfp "crybaby")
304 (hippo :addr crybaby.hippo :sshfp "crybaby"))
e8d49c40
MW		 305 (spirit (vpn :addr spirit.vpn :sshfp "spirit")
306 (hippo :addr spirit.hippo :sshfp "spirit"))
c3997955 307 (terror (vpn :addr terror.vpn :sshfp "terror"))
07fe1e43 308 (orange :abbrev o)
be5a78bf 309 (orange (vpn :addr orange.vpn :sshfp "orange"))
07fe1e43 310 (haze :abbrev h)
be5a78bf 311 (haze (vpn :addr haze.vpn :sshfp "haze"))
fc0ce2ed 312 (iodine :net iodine)
df1d9fe1 313 (hippo :net hippo)
ec4898f9 314
6ef39f28 315 ;; ITS.
b1d5c6c2 316 (its :net its)
c3997955
MW		 317 (gw (its :addr gw.its))
318 (mz (its :addr mz.its))
ec4898f9 319
c2118713 320 ;; Strange things.
be5a78bf 321 (blackhole (dmz :addr blackhole.dmz))
c2118713 322
6ef39f28 323 ;; Delegations.
f0209b9c
MW		 324 (dhcp :ns ((radius.ns.dhcp :ip radius)
325 (precision.ns.dhcp :ip precision)
1a8dfbe2 326 (telecaster.ns.dhcp :ip telecaster)
f48e3083 327 (national.ns.dhcp :ip national)
b884d371 328 (eggle.ns.dhcp :ip eggle))
3f954bac
MW		 329 :ds ((55966 :rsasha256 :sha1
330 "95b05c1f4e84f950f29630004bac447f8a87ca33")
331 (55966 :rsasha256 :sha256
332 #.(concatenate 'string "31696bf54b577362b2eb75793adeb9ec"
333 "2e8440ec671371b35d8d978cd9ca3007"))))
49c5f8ff
MW		 334 (dyn :ns ((radius.ns.dyn :ip radius)
335 (precision.ns.dyn :ip precision)
1a8dfbe2 336 (telecaster.ns.dyn :ip telecaster)
f48e3083 337 (national.ns.dyn :ip national)
b884d371 338 (eggle.ns.dyn :ip eggle))
3f954bac
MW		 339 :ds ((11335 :rsasha256 :sha1
340 "7ed2b843b0bfb38ceca68617dfacbeafab1d1ea9")
341 (11335 :rsasha256 :sha256
342 #.(concatenate 'string "6eb15eb587c48f5b84ca128a656a4cce"
343 "0a41cf040d3d0f15a44dffd6476b2b55"))))
0262908f 344 (dnserr :ns ((radius.ns.dnserr :ip radius.dmz)
be5a78bf
MW		 345 (precision.ns.dnserr :ip precision.dmz)
346 (telecaster.ns.dnserr :ip telecaster.dmz)
f48e3083 347 (national.ns.dnserr :ip national.linode)
b884d371 348 (eggle.ns.dnserr :ip eggle.jump))
3f954bac
MW		 349 :ds ((40945 :rsasha256 :sha1
350 "f35b5d0b877b940e63ad1b3afc21d6ba83cd1b3b")
351 (40945 :rsasha256 :sha256
352 #.(concatenate 'string "fb171d206d4d64c5a7a6c290ce6e20df"
353 "44f1db7f41e2260f1fe8d7c55d524c11"))))
aa420955
MW		 354 (stratocaster.dkim
355 :ns ((radius.ns.stratocaster.dkim :ip radius.dmz)
356 (precision.ns.stratocaster.dkim :ip precision.dmz)
357 (telecaster.ns.stratocaster.dkim :ip telecaster.dmz)
358 (national.ns.stratocaster.dkim :ip national.linode)
b884d371 359 (eggle.ns :ip eggle.jump)
6d5194ac
MW		 360 (mythic-beasts-1.ns.stratocaster.dkim :ip mythic-ns1)
361 (mythic-beasts-2.ns.stratocaster.dkim :ip mythic-ns2)
362 (mythic-beasts-3.ns.stratocaster.dkim :ip mythic-ns3))
aa420955
MW		 363 :ds ((24577 :rsasha256 :sha1
364 "d06847c01e19098509a8d07a9aafaceff532c9c7")
365 (24577 :rsasha256 :sha256
366 #.(concatenate 'string "a40cdb1c633041cfbc1b80a400cff527"
367 "2cad051915fc0cd40296a2d4590b9d2b"))))
368 (telecaster.dkim
369 :ns ((radius.ns.telecaster.dkim :ip radius.dmz)
370 (precision.ns.telecaster.dkim :ip precision.dmz)
371 (telecaster.ns.telecaster.dkim :ip telecaster.dmz)
372 (national.ns.telecaster.dkim :ip national.linode)
b884d371 373 (eggle.ns :ip eggle.jump)
6d5194ac
MW		 374 (mythic-beasts-1.ns.telecaster.dkim :ip mythic-ns1)
375 (mythic-beasts-2.ns.telecaster.dkim :ip mythic-ns2)
376 (mythic-beasts-3.ns.telecaster.dkim :ip mythic-ns3))
aa420955
MW		 377 :ds ((38896 :rsasha256 :sha1
378 "2c2daea658784e22c46bf9e86da67def1e34cf40")
379 (38896 :rsasha256 :sha256
380 #.(concatenate 'string "66997571c7d47f912caa65f2154ecd37"
381 "5b9d391e3ed44d79ac35eef59264e521"))))
5b39cda9 382 (io :ns ((ns.io :ip jazz.dmz)))
b884d371 383 (play :ns (radius.ns precision.ns telecaster.ns national.ns eggle.jump)))
b1d5c6c2
MW		 384
385;;;--------------------------------------------------------------------------
386;;; Other subsidiary zones.
e80b4c2d 387
d21175f4 388#+view/outside
55f161b6 389(defzone dhcp.distorted.org.uk
cacadc0b
MW		 390 :ns ((radius.ns :ip radius)
391 (precision.ns :ip precision)
392 (telecaster.ns :ip telecaster)
f48e3083 393 (national.ns :ip national)
b884d371 394 (eggle.ns.dhcp :ip eggle))
55f161b6 395 (gibson :addr gibson.unsafe)
812706bd 396 (crybaby :addr crybaby.unsafe)
2d7b9fe6 397 (lespaul :addr lespaul.unsafe)
3e38779f 398 (gretsch :addr gretsch.unsafe)
e8d49c40 399 (spirit :addr spirit.unsafe)
3e38779f 400 (haze :addr haze.unsafe)
55f161b6 401 (invader :addr invader.safe)
3e38779f 402 (marauder :addr marauder.safe))
55f161b6 403
d21175f4 404#+view/outside
8b063560 405(defzone (dyn.distorted.org.uk :source telecaster.distorted.org.uk.)
424ccd8a 406 :ns ((radius.ns :ip radius)
424ccd8a
MW		 407 (precision.ns :ip precision)
408 (telecaster.ns :ip telecaster)
f48e3083 409 (national.ns :ip national)
b884d371 410 (eggle.ns.dhcp :ip eggle)))
424ccd8a 411
d21175f4 412#+view/outside
c1f47051 413(defzone nicko.org
be5a78bf 414 (richmond :addr richmond.dmz))
c1f47051 415
aa420955
MW		 416#+view/outside
417(defzone stratocaster.dkim.distorted.org.uk
cacadc0b
MW		 418 :ns ((radius.ns :ip radius)
419 (precision.ns :ip precision)
420 (telecaster.ns :ip telecaster)
421 (national.ns :ip national)
b884d371 422 (eggle.ns.dhcp :ip eggle)
6d5194ac
MW		 423 (mythic-beasts-1.ns :ip mythic-ns1)
424 (mythic-beasts-2.ns :ip mythic-ns2)
425 (mythic-beasts-3.ns :ip mythic-ns3)))
aa420955
MW		 426#+view/outside
427(defzone telecaster.dkim.distorted.org.uk
cacadc0b
MW		 428 :ns ((radius.ns :ip radius)
429 (precision.ns :ip precision)
430 (telecaster.ns :ip telecaster)
431 (national.ns :ip national)
b884d371 432 (eggle.ns.dhcp :ip eggle)
6d5194ac
MW		 433 (mythic-beasts-1.ns :ip mythic-ns1)
434 (mythic-beasts-2.ns :ip mythic-ns2)
435 (mythic-beasts-3.ns :ip mythic-ns3)))
aa420955 436
e80b4c2d 437(defrevzone trusted
8aa87005
MW		 438 :ns (radius.distorted.org.uk.
439 precision.distorted.org.uk.
1a8dfbe2 440 telecaster.distorted.org.uk.
f48e3083 441 national.distorted.org.uk.
b884d371 442 eggle.distorted.org.uk.)
b59ce50d
MW		 443 :reverse unsafe
444 :reverse vpn
b59ce50d 445 :reverse its
345c0f69 446 :reverse any
8aa87005
MW		 447 (dhcp :ns (radius.distorted.org.uk.
448 precision.distorted.org.uk.
1a8dfbe2
MW		 449 telecaster.distorted.org.uk.
450 national.distorted.org.uk.))
3503589d 451 :multi (((dhcp safe) :family :ipv4 :suffix "199.29.172.dhcp") :cname *))
b3f75214 452
d21175f4 453#+view/outside
f5c3343e 454(defzone dhcp.199.29.172.in-addr.arpa
8aa87005
MW		 455 :ns (radius.distorted.org.uk.
456 precision.distorted.org.uk.
1a8dfbe2 457 telecaster.distorted.org.uk.
f48e3083 458 national.distorted.org.uk.
b884d371 459 eggle.distorted.org.uk.))
b29264c5 460
f5c3343e 461(defrevzone untrusted
b29264c5
MW		 462 :ns (radius.distorted.org.uk.
463 precision.distorted.org.uk.
1a8dfbe2 464 telecaster.distorted.org.uk.
f48e3083 465 national.distorted.org.uk.
b884d371 466 eggle.distorted.org.uk.))
b29264c5 467
7c0d1761
MW		 468(defzone 128-143.238.187.81.in-addr.arpa
469 :ns (radius.distorted.org.uk.
470 precision.distorted.org.uk.
1a8dfbe2
MW		 471 telecaster.distorted.org.uk.
472 national.distorted.org.uk.
b884d371 473 eggle.distorted.org.uk.
1a8dfbe2 474 secondary-dns.co.uk.)
f5c3343e 475 :reverse ((((:ipv4 dmz)))))
7c0d1761 476
bda4d30e
MW		 477(defzone 64-79.12.169.217.in-addr.arpa
478 :ns (radius.distorted.org.uk.
bda4d30e
MW		 479 precision.distorted.org.uk.
480 telecaster.distorted.org.uk.
481 national.distorted.org.uk.
b884d371 482 eggle.distorted.org.uk.
bda4d30e
MW		 483 secondary-dns.co.uk.)
484 :reverse ((((:ipv4 dmz1)))))
485
7c0d1761
MW		 486(defzone 195.113.2.81.in-addr.arpa
487 :ns (radius.distorted.org.uk.
488 precision.distorted.org.uk.
1a8dfbe2
MW		 489 telecaster.distorted.org.uk.
490 national.distorted.org.uk.
b884d371 491 eggle.distorted.org.uk.
1a8dfbe2 492 secondary-dns.co.uk.)
f5c3343e 493 :reverse ((((:ipv4 gw)))))
7c0d1761 494
f5c3343e 495(defrevzone (distorted.org.uk-aaisp :family :ipv6)
7c0d1761
MW		 496 :ns (radius.distorted.org.uk.
497 precision.distorted.org.uk.
1a8dfbe2
MW		 498 telecaster.distorted.org.uk.
499 national.distorted.org.uk.
b884d371 500 eggle.distorted.org.uk.
1a8dfbe2 501 secondary-dns.co.uk.)
b0eb5b79 502 (0.7.3.6.8.6.4.6.1.0.0.0 :ns (radius.distorted.org.uk.
b0eb5b79
MW		 503 precision.distorted.org.uk.
504 telecaster.distorted.org.uk.
f48e3083 505 national.distorted.org.uk.
b884d371 506 eggle.distorted.org.uk.))
f5c3343e 507 :reverse ((((:ipv6 distorted.org.uk-aaisp)))))
7c0d1761 508
9d1c60e5
MW		 509(defrevzone jump-ipv6
510 :ns (radius.distorted.org.uk.
511 precision.distorted.org.uk.
512 telecaster.distorted.org.uk.
f48e3083 513 national.distorted.org.uk.
b884d371 514 eggle.distorted.org.uk.)
9d1c60e5
MW		 515 :reverse ((((:ipv6 jump-ipv6)))))
516
b0eb5b79
MW		 517(defrevzone (dhcp :family :ipv6)
518 :ns (radius.distorted.org.uk.
b0eb5b79
MW		 519 precision.distorted.org.uk.
520 telecaster.distorted.org.uk.
f48e3083 521 national.distorted.org.uk.
b884d371 522 eggle.distorted.org.uk.))
b0eb5b79 523
d21175f4 524#+view/outside
995d75b4 525(defzone io.distorted.org.uk
be5a78bf 526 :ns ((ns :ip jazz.dmz))
995d75b4
MW		 527 (about :txt "Fake zone used for IP-over-DNS tunnelling."))
528
b1d5c6c2 529;;;----- That's all, folks --------------------------------------------------
Zone files for the DNS zones I administer