:mx mail
:srv ((:smtp mail)))
+ ;; Kerberos.
+ (_kerberos :txt "DISTORTED.ORG.UK")
+ :srv (((:kerberos :protocol :udp) krb)
+ ((:kerberos-master :protocol :udp :port 88) krb)
+ (:kerberos-adm krb)
+ ((:kpasswd :protocol :udp) krb))
+
;; Other services.
:srv ((:http www)
(:ftp ftp))
;; Entry is via little router box.
(dmz :net dmz)
(guvnor (inside :svc gate.dmz) (dmz :a guvnor.dmz))
+ (anon (dmz :a anon.dmz))
(gate (dmz :a gate.dmz))
(nat (dmz :a nat.dmz))
;; Local services.
:svc vampire
- ((www ftp rsync wiki git bugs mail db tor i2p rawk vox www-cache)
+ ((www krb ftp rsync wiki git bugs mail db i2p rawk vox www-cache)
:svc vampire)
;; Internal services.
#+view/inside ((ntp) :svc ibanez.unsafe)
- #+view/inside ((wpad ntp1 news) :svc vampire.unsafe)
+ #+view/inside ((wpad ntp1 news lpr) :svc vampire.unsafe)
+
+ ;; Anonymity services.
+ (tor :svc #+view/inside vampire.unsafe
+ #-view/inside anon.dmz)
+
+ ;; Colocated hosts.
+ (colo :net colo)
+ (jump :net jump)
+ (fender (colo :a fender.colo)
+ (jump :a fender.jump))
+ (precision (colo :a precision.colo)
+ (jump :a precision.jump))
+ (telecaster (colo :a telecaster.colo)
+ (jump :a telecaster.jump))
+ (telecaster :alias tele)
+ (stratocaster (colo :a stratocaster.colo)
+ (jump :a stratocaster.jump))
+ (stratocaster :alias strat)
+ (jazz (colo :a jazz.colo)
+ (jump :a jazz.jump))
;; Wired ethernet.
- (wired :net wired)
+ (unsafe :net unsafe)
+ (safe :net safe)
+ (untrusted :net untrusted)
(vampire (unsafe :a vampire.unsafe)
(dmz :a vampire.dmz)
(untrusted :a vampire.untrusted)
(vampire.ns :ip vampire))
:reverse trusted
(dhcp :ns (radius.ns vampire.ns))
- (@ :cidr-delegation
- (dhcp (dhcp 199.29.172.dhcp.199.29.172.in-addr.arpa))))
+ :cidr-delegation
+ (trusted ((dhcp safe) 199.29.172.dhcp.199.29.172.in-addr.arpa)))
(defrevzone dmz
:ns ((radius.ns :ip radius)
(vampire.ns :ip vampire))
:reverse dmz)
+(defrevzone jump
+ :ns ((radius.ns :ip radius)
+ (vampire.ns :ip vampire))
+ :reverse jump)
+
(defzone io.distorted.org.uk
:ns ((ns :ip vampire))
(about :txt "Fake zone used for IP-over-DNS tunnelling."))