There is now a new globally routable /28, used as a DMZ, and the
servers live on that as well as on the existing unsafe network (though
they've been renumbered). This also means that all of the old NAT
cruft must be swept away.
Life is hard, unfortunately: guvnor is too stupid to have the same
address on multiple network interfaces, so we must assign it two
addresses in the DMZ.
DOMAIN([distorted], [inet, fretwank],
[distorted.org.uk, io.distorted.org.uk, dhcp.distorted.org.uk,
DOMAIN([distorted], [inet, fretwank],
[distorted.org.uk, io.distorted.org.uk, dhcp.distorted.org.uk,
- 198.29.172.in-addr.arpa,
+ 204.49.62.in-addr.arpa, 198.29.172.in-addr.arpa,
199.29.172.in-addr.arpa, dhcp.199.29.172.in-addr.arpa])
DOMAIN([harlequin], [inet, fretwank], [harlequin.org.uk])
199.29.172.in-addr.arpa, dhcp.199.29.172.in-addr.arpa])
DOMAIN([harlequin], [inet, fretwank], [harlequin.org.uk])
;;; Network allocations
;;; (RFC1918 addresses are allocated from Cambridge G-RIN.)
;;; Network allocations
;;; (RFC1918 addresses are allocated from Cambridge G-RIN.)
+(defnet inet 62.49.204.144/28)
+
(defnet distorted.org.uk 172.29.198.0/23
(untrusted 256
(wireless 128)
(defnet distorted.org.uk 172.29.198.0/23
(untrusted 256
(wireless 128)
;;; Host allocations
;; External addresses.
;;; Host allocations
;; External addresses.
-(defhost guvnor.demon 80.177.3.76)
+(defhost guvnor.inet (inet 1))
+(defhost radius.inet (inet 2))
+(defhost roadstar.inet (inet 3))
+(defhost jem.inet (inet 4))
+(defhost artist.inet (inet 5))
+(defhost vampire.inet (inet 6))
+(defhost ibanez.inet (inet 9))
+(defhost gate.inet (inet 13))
+(defhost nat.inet (inet 14))
-(defhost guvnor (unsafe 1))
-(defhost metalzone (unsafe 2))
-(defhost radius (unsafe 3))
-(defhost vampire (unsafe 4))
-(defhost roadstar (unsafe 5))
-(defhost jem (unsafe 6))
-(defhost artist (unsafe 7))
+(defhost radius (unsafe 1))
+(defhost roadstar (unsafe 2))
+(defhost jem (unsafe 3))
+(defhost artist (unsafe 4))
+(defhost vampire (unsafe 5))
(defhost ibanez (unsafe 14))
;; Safe network.
(defhost ibanez (unsafe 14))
;; Safe network.
(defhost obsidian (safe 2))
;; Wireless network.
(defhost obsidian (safe 2))
;; Wireless network.
-(defhost vampire.untrusted (untrusted 1))
+(defhost radius.untrusted (untrusted 1))
(defhost evolution (untrusted 2))
(defhost evolution (untrusted 2))
-(defhost radius.untrusted (untrusted 3))
+(defhost vampire.untrusted (untrusted 3))
;; Virtual private network.
(defhost crybaby (virtual 1))
;; Virtual private network.
(defhost crybaby (virtual 1))
(setf *default-zone-admin* "hostmaster@distorted.org.uk")
(setf *default-zone-admin* "hostmaster@distorted.org.uk")
+(setf *default-zone-source* 'vampire.distorted.org.uk.)
(preferred-subnet-case
(fretwank
(preferred-subnet-case
(fretwank
- (setf *default-zone-source* 'vampire.distorted.org.uk.)
- (defhost www-frontend metalzone)
+ (defhost www-frontend vampire)
(defhost dns-frontend vampire))
(t
(defhost dns-frontend vampire))
(t
- (setf *default-zone-source* 'guvnor.distorted.org.uk.)
- (defhost www-frontend guvnor.demon)
- (defhost dns-frontend guvnor.demon)))
+ (defhost www-frontend vampire.inet)
+ (defhost dns-frontend vampire.inet)))
;;;--------------------------------------------------------------------------
;;; Main zone definition.
;;;--------------------------------------------------------------------------
;;; Main zone definition.
(defzone distorted.org.uk
;;
;; Nameservers.
(defzone distorted.org.uk
;;
;; Nameservers.
- :ns #+subnet/fretwank ((metalzone.ns :ip metalzone)
- (vampire.ns :ip vampire))
+ :ns #+subnet/fretwank ((vampire.ns :ip vampire))
#-subnet/fretwank ((mythic-beasts-1.ns :ip mythic-ns1)
(mythic-beasts-2.ns :ip mythic-ns2)
(chiark.ns :ip chiark.greenend.org.uk)
#-subnet/fretwank ((mythic-beasts-1.ns :ip mythic-ns1)
(mythic-beasts-2.ns :ip mythic-ns2)
(chiark.ns :ip chiark.greenend.org.uk)
- (guvnor.ns :ip guvnor.demon))
+ (radius.ns :ip radius.inet)
+ (vampire.ns :ip vampire.inet))
;;
;; Mail servers.
((@ mail lists bugs cryptomail)
;;
;; Mail servers.
((@ mail lists bugs cryptomail)
:srv ((:http www)
(:ftp ftp))
;;
:srv ((:http www)
(:ftp ftp))
;;
- ;; Colocated services.
- ;;((www ftp git) (inet :svc boyle.nsict.org) (fretwank :svc metalzone))
- ;;
- ;; Entry is via little port-forwarding box.
- (guvnor (inet :a guvnor.demon) (fretwank :a guvnor))
+ ;; Entry is via little router box.
+ (inet :net inet)
+ (guvnor (inet :a guvnor.inet) (fretwank :svc gate.inet))
+ (gate (inet :a gate.inet))
+ (nat (inet :a nat.inet))
;;
;; Wireless gateway.
(untrusted :net untrusted)
;;
;; Wireless gateway.
(untrusted :net untrusted)
;; Local services.
(@ :svc www-frontend)
((www ftp wiki git bugs mail db tor i2p rawk vox www-cache)
;; Local services.
(@ :svc www-frontend)
((www ftp wiki git bugs mail db tor i2p rawk vox www-cache)
- (inet :svc guvnor.demon)
+ (inet :svc vampire.inet)
(fretwank :svc vampire))
;;
;; Internal services.
(fretwank :svc vampire))
;;
;; Internal services.
;;
;; Wired ethernet.
(fretwank :net fretwank)
;;
;; Wired ethernet.
(fretwank :net fretwank)
- (metalzone (inet :a guvnor.demon)
- (fretwank :a metalzone))
(vampire (fretwank :a vampire)
(vampire (fretwank :a vampire)
(untrusted :a vampire.untrusted)
(iodine :a vampire.iodine))
(obsidian (fretwank :a obsidian))
(untrusted :a vampire.untrusted)
(iodine :a vampire.iodine))
(obsidian (fretwank :a obsidian))
- (ibanez (fretwank :a ibanez))
+ (ibanez (fretwank :a ibanez)
+ (inet :a ibanez.inet))
(radius (fretwank :a radius)
(radius (fretwank :a radius)
(untrusted :a radius.untrusted))
(untrusted :a radius.untrusted))
- (roadstar (fretwank :a roadstar))
- (jem (fretwank :a jem))
- (artist (fretwank :a artist))
+ (roadstar (fretwank :a roadstar)
+ (inet :a roadstar.inet))
+ (jem (fretwank :a jem)
+ (inet :a jem.inet))
+ (artist (fretwank :a artist)
+ (inet :a artist.inet))
(gibson :cname gibson.dhcp)
(lespaul :cname lespaul.dhcp)
(firebird :cname firebird.dhcp)
(gibson :cname gibson.dhcp)
(lespaul :cname lespaul.dhcp)
(firebird :cname firebird.dhcp)
(mz (its :a mz))
;;
;; Delegations.
(mz (its :a mz))
;;
;; Delegations.
- #+subnet/fretwank (dhcp :ns (metalzone.ns vampire.ns))
+ #+subnet/fretwank (dhcp :ns (vampire.ns))
(io :ns ((ns.io :ip dns-frontend))))
;;;--------------------------------------------------------------------------
;;; Other subsidiary zones.
(defrevzone trusted
(io :ns ((ns.io :ip dns-frontend))))
;;;--------------------------------------------------------------------------
;;; Other subsidiary zones.
(defrevzone trusted
- :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire))
+ :ns ((vampire.ns :ip vampire))
:reverse trusted
#+subnet/fretwank (dhcp :ns (metalzone.ns vampire.ns))
#+subnet/fretwank (@ :cidr-delegation
:reverse trusted
#+subnet/fretwank (dhcp :ns (metalzone.ns vampire.ns))
#+subnet/fretwank (@ :cidr-delegation
(dhcp 199.29.172.dhcp.199.29.172.in-addr.arpa))))
(defrevzone untrusted
(dhcp 199.29.172.dhcp.199.29.172.in-addr.arpa))))
(defrevzone untrusted
- :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire))
+ :ns ((vampire.ns :ip vampire))
+(defrevzone inet
+ :reverse inet)
+
(defzone dhcp.distorted.org.uk
(defzone dhcp.distorted.org.uk
- :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire))
+ :ns ((vampire.ns :ip vampire))
:net dhcp)
(defzone io.distorted.org.uk
:net dhcp)
(defzone io.distorted.org.uk
(about :txt "Fake zone used for IP-over-DNS tunnelling."))
(defzone dhcp.199.29.172.in-addr.arpa
(about :txt "Fake zone used for IP-over-DNS tunnelling."))
(defzone dhcp.199.29.172.in-addr.arpa
- :ns ((metalzone.ns :ip metalzone) (vampire.ns :ip vampire)))
+ :ns ((vampire.ns :ip vampire)))
;;;----- That's all, folks --------------------------------------------------
;;;----- That's all, folks --------------------------------------------------
(setf *default-zone-admin* "hostmaster@distorted.org.uk")
(setf *default-zone-admin* "hostmaster@distorted.org.uk")
+(setf *default-zone-source* 'vampire.distorted.org.uk.)
(preferred-subnet-case
(fretwank
(preferred-subnet-case
(fretwank
- (setf *default-zone-source* 'vampire.distorted.org.uk.)
- (defhost mail metalzone)
- (defhost bloghost vampire))
+ (defhost mail vampire.fretwank)
+ (defhost bloghost vampire.fretwank))
- (setf *default-zone-source* 'guvnor.distorted.org.uk.)
- (defhost mail guvnor.distorted.org.uk)
- (defhost bloghost guvnor.distorted.org.uk)))
+ (defhost mail vampire.demon)
+ (defhost bloghost vampire.demon)))
(defzone harlequin.org.uk
;;
;; Nameservers
(defzone harlequin.org.uk
;;
;; Nameservers
- :ns ((mythic-beasts-1.ns :ip mythic-ns1)
- (mythic-beasts-2.ns :ip mythic-ns2)
- (guvnor.ns :ip guvnor.demon))
+ :ns #+subnet/fretwank ((vampire.ns :ip vampire))
+ #-subnet/fretwank ((mythic-beasts-1.ns :ip mythic-ns1)
+ (mythic-beasts-2.ns :ip mythic-ns2)
+ (radius.ns :ip radius.demon)
+ (vampire.ns :ip vampire.demon))
;;
;; Mail servers
:mx ((mail :ip mail))
;;
;; Mail servers
:mx ((mail :ip mail))
;; Static IP addresses for various useful hosts
;; Static IP addresses for various useful hosts
-(defhost guvnor.distorted.org.uk 80.177.3.76)
+(defhost radius.demon 62.49.204.146)
+(defhost vampire.demon 62.49.204.150)
(defhost boyle.nsict.org 85.158.42.162)
(defhost chiark.greenend.org.uk 212.13.197.229)
(defhost mccoy.flatline.org.uk 80.74.241.31)
(defhost boyle.nsict.org 85.158.42.162)
(defhost chiark.greenend.org.uk 212.13.197.229)
(defhost mccoy.flatline.org.uk 80.74.241.31)
~mdw / zones / commitdiff