From 1a8dfbe2f3ee79f020e765f7c41aef9ee0074604 Mon Sep 17 00:00:00 2001 Message-Id: <1a8dfbe2f3ee79f020e765f7c41aef9ee0074604.1714089173.git.mdw@distorted.org.uk> From: Mark Wooding Date: Fri, 1 Jul 2016 22:31:05 +0100 Subject: [PATCH] *.lisp: Arrange better authoritative nameservers. Organization: Straylight/Edgeware From: Mark Wooding * Don't try to use `ns6.gandi.net': it doesn't seem to work properly. Specifically, it's rejecting all client requests with `REFUSED'. * Add `national' as a new nameserver for most of the zones. It's a reasonably reliable machine, geographically separate from the existing nameservers, and in a very different AS. I use DNSSEC, so its less trustworthy status isn't a big problem. * Add `secondary-dns.co.uk' as a secondary for the A&A reverse zones. I'm not convinced I can use that with glueful delegation, and it doesn't currently seem worth trying. --- binswood.lisp | 1 + distorted.lisp | 49 ++++++++++++++++++++++++++++++++++--------------- escorted.lisp | 1 + hosts.lisp | 6 ++++-- odin.lisp | 2 +- 5 files changed, 41 insertions(+), 18 deletions(-) diff --git a/binswood.lisp b/binswood.lisp index 5356168..18943dc 100644 --- a/binswood.lisp +++ b/binswood.lisp @@ -16,6 +16,7 @@ (defzone binswood.org.uk :ns ((radius.ns :ip radius) (precision.ns :ip precision) (telecaster.ns :ip telecaster) + (national.ns :ip national) (mythic-beasts-1.ns :ip mythic-ns1) (mythic-beasts-2.ns :ip mythic-ns2)) diff --git a/distorted.lisp b/distorted.lisp index 695c952..9ce7fa8 100644 --- a/distorted.lisp +++ b/distorted.lisp @@ -70,6 +70,7 @@ (defzone distorted.org.uk :ns ((radius.ns :ip radius) (precision.ns :ip precision) (telecaster.ns :ip telecaster) + (national.ns :ip national) #+view/inside (vampire.ns :ip vampire) #-view/inside (mythic-beasts-1.ns :ip mythic-ns1) #-view/inside (mythic-beasts-2.ns :ip mythic-ns2) @@ -306,7 +307,8 @@ (defzone distorted.org.uk (dhcp :ns ((radius.ns.dhcp :ip radius) (vampire.ns.dhcp :ip vampire) (precision.ns.dhcp :ip precision) - (telecaster.ns.dhcp :ip telecaster)) + (telecaster.ns.dhcp :ip telecaster) + (national.ns.dhcp :ip national)) :ds ((55966 :rsasha256 :sha1 "95b05c1f4e84f950f29630004bac447f8a87ca33") (55966 :rsasha256 :sha256 @@ -315,7 +317,8 @@ (defzone distorted.org.uk (dyn :ns ((radius.ns.dyn :ip radius) (vampire.ns.dyn :ip vampire) (precision.ns.dyn :ip precision) - (telecaster.ns.dyn :ip telecaster)) + (telecaster.ns.dyn :ip telecaster) + (national.ns.dyn :ip national)) :ds ((11335 :rsasha256 :sha1 "7ed2b843b0bfb38ceca68617dfacbeafab1d1ea9") (11335 :rsasha256 :sha256 @@ -324,7 +327,8 @@ (defzone distorted.org.uk (dnserr :ns ((radius.ns.dnserr :ip radius.dmz) (vampire.ns.dnserr :ip vampire.dmz) (precision.ns.dnserr :ip precision.jump) - (telecaster.ns.dnserr :ip telecaster)) + (telecaster.ns.dnserr :ip telecaster) + (national.ns.dnserr :ip national)) :ds ((40945 :rsasha256 :sha1 "f35b5d0b877b940e63ad1b3afc21d6ba83cd1b3b") (40945 :rsasha256 :sha256 @@ -339,7 +343,8 @@ (defzone dhcp.distorted.org.uk :ns ((radius.ns :ip radius.dmz) (vampire.ns :ip vampire.dmz) (precision.ns :ip precision.jump) - (telecaster.ns :ip telecaster.jump)) + (telecaster.ns :ip telecaster.jump) + (national.ns :ip national.linode)) (gibson :addr gibson.unsafe) (crybaby :addr crybaby.unsafe) (lespaul :addr lespaul.unsafe) @@ -355,7 +360,8 @@ (defrevzone trusted :ns (radius.distorted.org.uk. vampire.distorted.org.uk. precision.distorted.org.uk. - telecaster.distorted.org.uk.) + telecaster.distorted.org.uk. + national.distorted.org.uk.) :reverse unsafe :reverse vpn :reverse colo @@ -364,68 +370,81 @@ (defrevzone trusted (dhcp :ns (radius.distorted.org.uk. vampire.distorted.org.uk. precision.distorted.org.uk. - telecaster.distorted.org.uk.)) + telecaster.distorted.org.uk. + national.distorted.org.uk.)) :multi (((dhcp safe) :family :ipv4 :suffix "199.29.172.dhcp") :cname *)) (defzone dhcp.199.29.172.in-addr.arpa :ns (radius.distorted.org.uk. vampire.distorted.org.uk. precision.distorted.org.uk. - telecaster.distorted.org.uk.)) + telecaster.distorted.org.uk. + national.distorted.org.uk.)) (defrevzone untrusted :ns (radius.distorted.org.uk. vampire.distorted.org.uk. precision.distorted.org.uk. - telecaster.distorted.org.uk.)) + telecaster.distorted.org.uk. + national.distorted.org.uk.)) (defzone 128-143.238.187.81.in-addr.arpa :ns (radius.distorted.org.uk. vampire.distorted.org.uk. precision.distorted.org.uk. - telecaster.distorted.org.uk.) + telecaster.distorted.org.uk. + national.distorted.org.uk. + secondary-dns.co.uk.) :reverse ((((:ipv4 dmz))))) (defzone 195.113.2.81.in-addr.arpa :ns (radius.distorted.org.uk. vampire.distorted.org.uk. precision.distorted.org.uk. - telecaster.distorted.org.uk.) + telecaster.distorted.org.uk. + national.distorted.org.uk. + secondary-dns.co.uk.) :reverse ((((:ipv4 gw))))) (defrevzone (jump :family :ipv6) :ns (radius.distorted.org.uk. vampire.distorted.org.uk. precision.distorted.org.uk. - telecaster.distorted.org.uk.) + telecaster.distorted.org.uk. + national.distorted.org.uk.) :reverse jump) (defrevzone (jump :family :ipv4) (64-79 :ns (radius.distorted.org.uk. vampire.distorted.org.uk. precision.distorted.org.uk. - telecaster.distorted.org.uk.)) + telecaster.distorted.org.uk. + national.distorted.org.uk.)) :multi ((jump :suffix "64-79") :cname *)) (defzone 64-79.198.13.212.in-addr.arpa :ns (radius.distorted.org.uk. vampire.distorted.org.uk. precision.distorted.org.uk. - telecaster.distorted.org.uk.) + telecaster.distorted.org.uk. + national.distorted.org.uk.) :reverse ((((:ipv4 jump))))) (defrevzone (distorted.org.uk-aaisp :family :ipv6) :ns (radius.distorted.org.uk. vampire.distorted.org.uk. precision.distorted.org.uk. - telecaster.distorted.org.uk.) + telecaster.distorted.org.uk. + national.distorted.org.uk. + secondary-dns.co.uk.) :reverse ((((:ipv6 distorted.org.uk-aaisp))))) (defrevzone distorted.org.uk-jump :ns (radius.distorted.org.uk. vampire.distorted.org.uk. precision.distorted.org.uk. - telecaster.distorted.org.uk.) + telecaster.distorted.org.uk. + national.distorted.org.uk.) :reverse distorted.org.uk-jump) (defzone io.distorted.org.uk diff --git a/escorted.lisp b/escorted.lisp index 72a7c51..be60ae3 100644 --- a/escorted.lisp +++ b/escorted.lisp @@ -12,6 +12,7 @@ (defzone escorted.org.uk :ns ((radius.ns :ip radius) (precision.ns :ip precision) (telecaster.ns :ip telecaster) + (national.ns :ip national) (mythic-beasts-1.ns :ip mythic-ns1) (mythic-beasts-2.ns :ip mythic-ns2)) diff --git a/hosts.lisp b/hosts.lisp index 34c3a88..7afcd28 100644 --- a/hosts.lisp +++ b/hosts.lisp @@ -161,13 +161,15 @@ (defhost radius radius.unsafe) (defhost vampire vampire.unsafe) (defhost precision precision.colo) (defhost telecaster telecaster.colo) - (defhost stratocaster stratocaster.colo)) + (defhost stratocaster stratocaster.colo) + (defhost national national.upn)) (t (defhost radius radius.dmz) (defhost vampire vampire.dmz) (defhost precision precision.jump) (defhost telecaster telecaster.jump) - (defhost stratocaster stratocaster.jump))) + (defhost stratocaster stratocaster.jump) + (defhost national national.linode))) (defhost jaguar jaguar.jump) diff --git a/odin.lisp b/odin.lisp index 7625322..3ef3a87 100644 --- a/odin.lisp +++ b/odin.lisp @@ -12,7 +12,7 @@ (defzone odin.gg :ns ((radius-ns :ip radius) (precision-ns :ip precision) (telecaster-ns :ip telecaster) - (gandi6-ns :ip gandi-ns6)) + (national-ns :ip national)) ;; Web service. ((@ www) :svc stratocaster -- [mdw]