Commit | Line | Data |
---|---|---|
e80b4c2d MW |
1 | ;;; Zone file for distorted.org.uk |
2 | ||
b4d4c18b | 3 | (load "hosts.lisp" :verbose nil) |
e80b4c2d | 4 | |
aef7892b MW |
5 | ;;;-------------------------------------------------------------------------- |
6 | ;;; Anycast services. | |
7 | ||
8 | (defvar *anycast-routable-families* (list :ipv6)) | |
9 | ||
10 | (defzoneparse :anycast (name data rec :prefix prefix :zname zname) | |
11 | (destructuring-bind (any-provider default-provider &rest other-providers) | |
12 | data | |
13 | ||
14 | ;; First, the default address. If the anycast network is preferred then | |
15 | ;; this is easy; otherwise we have something complicated to do because | |
16 | ;; IPv6 anycast addresses are globally routable, while IPv4 ones aren't. | |
17 | (if (zone-preferred-subnet-p (car any-provider)) | |
18 | (zone-set-address #'rec (cdr any-provider) :make-ptr-p t) | |
6baf2de2 | 19 | (do-host (addr (cdr any-provider)) |
aef7892b MW |
20 | (let ((family (ipaddr-family addr))) |
21 | (if (member family *anycast-routable-families*) | |
22 | (zone-set-address #'rec addr | |
23 | :family family :make-ptr-p t) | |
24 | (zone-set-address #'rec (cdr default-provider) | |
25 | :family family :make-ptr-p nil))))) | |
26 | ||
27 | ;; Now for all of the others. | |
28 | (dolist (provider (list* any-provider default-provider other-providers)) | |
29 | (zone-set-address #'rec (cdr provider) | |
30 | :make-ptr-p (eq provider any-provider) | |
c9f96590 MW |
31 | :name (domain-name-concat prefix |
32 | (zone-parse-host | |
33 | (car provider) | |
34 | zname)))))) | |
aef7892b | 35 | |
07fe1e43 MW |
36 | ;;;-------------------------------------------------------------------------- |
37 | ;;; Hostname abbreviations. | |
38 | ||
39 | (defvar *abbrev-subdomain* | |
40 | (make-domain-name :labels '("abbrev") :absolutep nil)) | |
41 | (defparameter *abbrev-used* (make-hash-table :test #'equal)) | |
42 | ||
43 | (defzoneparse :abbrev (name data rec :zname zname) | |
44 | (let* ((domain (zone-parse-host data | |
45 | (domain-name-concat *abbrev-subdomain* | |
46 | zname))) | |
47 | (key (princ-to-string domain)) | |
48 | (existing (gethash key *abbrev-used*))) | |
49 | (when existing | |
50 | (error "Abbrev collision for ~A between ~A and ~A." | |
51 | domain existing name)) | |
52 | (setf (gethash key *abbrev-used*) name) | |
53 | (rec :name domain | |
54 | :type :cname | |
55 | :data name))) | |
56 | ||
b1d5c6c2 MW |
57 | ;;;-------------------------------------------------------------------------- |
58 | ;;; Other definitions. | |
e80b4c2d MW |
59 | |
60 | (setf *default-zone-admin* "hostmaster@distorted.org.uk") | |
2bc217e8 | 61 | |
ff6c53ad | 62 | (setf *default-zone-source* 'radius.distorted.org.uk.) |
e80b4c2d | 63 | |
b1d5c6c2 MW |
64 | ;;;-------------------------------------------------------------------------- |
65 | ;;; Main zone definition. | |
66 | ||
e80b4c2d | 67 | (defzone distorted.org.uk |
ec4898f9 | 68 | |
6ef39f28 | 69 | ;; Nameservers. |
981c9c20 MW |
70 | :ns ((radius.ns :ip radius) |
71 | (precision.ns :ip precision) | |
72 | (telecaster.ns :ip telecaster) | |
1a8dfbe2 | 73 | (national.ns :ip national) |
981c9c20 MW |
74 | #-view/inside (mythic-beasts-1.ns :ip mythic-ns1) |
75 | #-view/inside (mythic-beasts-2.ns :ip mythic-ns2) | |
fdcd43da | 76 | #-view/inside (mythic-beasts-3.ns :ip mythic-ns3) |
981c9c20 | 77 | #-view/inside (chiark.ns :ip chiark.greenend.org.uk)) |
ec4898f9 | 78 | |
2e7d3852 MW |
79 | ;; Certification. |
80 | :caa ((:issue "letsencrypt.org") | |
81 | (:issue "distorted.org.uk")) | |
82 | ||
6ef39f28 | 83 | ;; Mail servers. |
68db42b5 | 84 | ((@ mail blackhole) :mx mail :srv ((:smtp mail))) |
11178c6e MW |
85 | (bugs :mx lists :srv ((:smtp bugs))) |
86 | (lists :mx lists :srv ((:smtp lists))) | |
5c61967c | 87 | (_dmarc :dmarc (:v "DMARC1" :p "none" :sp "none" :adkim "s" :aspf "s")) |
aa420955 | 88 | ((_domainkey _domainkey.mail) :dname stratocaster.dkim) |
37a0e278 MW |
89 | ((stratocaster @ mail) :spf ((:version "spf1") |
90 | (:pass :ip stratocaster.dmz) | |
91 | (:shrug :all))) | |
aa420955 | 92 | ((_domainkey.bugs _domainkey.lists) :dname telecaster.dkim) |
37a0e278 MW |
93 | ((telecaster bugs lists) :spf ((:version "spf1") |
94 | (:pass :ip telecaster.dmz) | |
95 | (:shrug :all))) | |
69bbb181 | 96 | |
06f1bb3f | 97 | ;; Anycast services. |
be5a78bf | 98 | (dns0 :anycast ((any dns0.any) (dmz radius.dmz) |
aef7892b | 99 | (unsafe radius.unsafe))) |
be5a78bf MW |
100 | (dns1 :anycast ((any dns1.any) (dmz precision.dmz) |
101 | (unsafe precision.unsafe))) | |
cfecfa5c MW |
102 | (dns :cname dns0) |
103 | ||
be5a78bf MW |
104 | (ntp0 :anycast ((any ntp0.any) (dmz ibanez.dmz) |
105 | (unsafe ibanez.unsafe))) | |
106 | (ntp1 :anycast ((any ntp1.any) (dmz fender.dmz) | |
107 | (unsafe fender.unsafe))) | |
cfecfa5c MW |
108 | (ntp :cname ntp0) |
109 | ||
be5a78bf MW |
110 | (www-cache :anycast ((any www-cache.any) (dmz telecaster.dmz) |
111 | (unsafe telecaster.unsafe))) | |
345c0f69 MW |
112 | (wpad :cname www-cache) |
113 | ||
cfecfa5c | 114 | (_kerberos :txt "DISTORTED.ORG.UK") |
be5a78bf MW |
115 | (krb0 :anycast ((any krb0.any) (dmz radius.dmz) |
116 | (unsafe radius.unsafe))) | |
117 | (krb1 :anycast ((any krb1.any) (dmz precision.dmz) | |
118 | (unsafe precision.unsafe))) | |
cfecfa5c MW |
119 | (krb-master (unsafe :svc radius.unsafe) |
120 | (dmz :svc radius.dmz)) | |
121 | :srv (((:kerberos :protocol :udp) | |
122 | krb0 | |
123 | (krb1 :prio 100)) | |
124 | ((:kerberos-master :protocol :udp :port 88) krb-master) | |
125 | (:kerberos-adm krb-master) | |
126 | ((:kpasswd :protocol :udp) krb-master)) | |
127 | (krb :cname krb0) | |
128 | ||
6ef39f28 | 129 | ;; Other services. |
96c2a692 MW |
130 | :srv ((:http www) |
131 | (:ftp ftp)) | |
ec4898f9 | 132 | |
be5a78bf MW |
133 | ;; Formerly colocated services. |
134 | ((irc vox keys wiki) (unsafe :svc jazz.unsafe :sshfp "jazz") | |
135 | (dmz :svc jazz.dmz :sshfp "jazz")) | |
270fa799 | 136 | ((irc vox keys wiki) :tlsa (:https (:service-certificate-constraint |
15cca8c6 | 137 | :public-key :sha-256 #p"https-jazz"))) |
be5a78bf MW |
138 | ((bugs lists db ftp) (unsafe :svc telecaster.unsafe :sshfp "telecaster") |
139 | (dmz :svc telecaster.dmz :sshfp "telecaster")) | |
40832d80 MW |
140 | ((bugs lists ftp) :tlsa (:https #3=(:service-certificate-constraint |
141 | :public-key :sha-256 | |
142 | #p"https-telecaster"))) | |
be5a78bf MW |
143 | (dyndns :svc telecaster.dmz :sshfp "telecaster") |
144 | ((git www mail) (unsafe :svc stratocaster.unsafe :sshfp "stratocaster") | |
145 | (dmz :svc stratocaster.dmz :sshfp "stratocaster")) | |
40832d80 MW |
146 | ((www git mail @) :tlsa (:https #2=(:service-certificate-constraint |
147 | :public-key :sha-256 | |
148 | #p"https-stratocaster"))) | |
5a8c792f MW |
149 | (www-cache :tlsa (3127 #1=(:trust-anchor-assertion |
150 | :certificate :sha-256 #p"distorted-ca"))) | |
e30dcd9f | 151 | (mail :tlsa ((:submission :imap :imaps) #1#)) |
b868d3f4 MW |
152 | (mail :tlsa (:smtp |
153 | #+view/inside #1# | |
154 | #-view/inside (:domain-issued-certificate | |
155 | :public-key :sha-256 | |
156 | #p"smtps-stratocaster"))) | |
157 | ((bugs lists) :tlsa (:smtp | |
158 | #+view/inside #1# | |
159 | #-view/inside (:domain-issued-certificate | |
160 | :public-key :sha-256 | |
161 | #p"smtps-telecaster"))) | |
be5a78bf MW |
162 | :svc #+view/inside stratocaster.unsafe |
163 | #-view/inside stratocaster.dmz | |
164 | (cabal :svc stratocaster.dmz :sshfp "stratocaster") | |
4c25329e | 165 | |
6ef39f28 | 166 | ;; Local services. |
77fbb917 | 167 | (rawk (unsafe :svc artist.unsafe) (dmz :svc artist.dmz)) |
c0e64dd8 MW |
168 | (rawk :tlsa (:https (:service-certificate-constraint |
169 | :public-key :sha-256 | |
170 | #p"https-artist"))) | |
f5c3343e | 171 | (mirror (dmz :svc roadstar.dmz :sshfp "roadstar") |
8d261a89 | 172 | (unsafe :svc roadstar.unsafe :sshfp "roadstar")) |
ec4898f9 | 173 | |
6ef39f28 | 174 | ;; Internal services. |
ccc6ea89 | 175 | ((news lpr) :svc roadstar.unsafe :sshfp "roadstar") |
ec4898f9 | 176 | |
04db9729 | 177 | ;; Anonymity services. |
be5a78bf MW |
178 | (anon (dmz :svc anon.dmz) |
179 | (unsafe :svc jazz.unsafe)) | |
04db9729 | 180 | |
85a3496c | 181 | ;; Fancy connectivity. |
be5a78bf MW |
182 | (iodine (dmz :svc jazz.dmz)) |
183 | (hippotat (dmz :svc jazz.dmz)) | |
184 | ||
185 | ;; Formerly colocated hosts. | |
186 | (fender :abbrev f (unsafe :abbrev fu) (dmz :abbrev fd)) | |
187 | (fender (unsafe :addr fender.unsafe :sshfp "fender") | |
188 | (dmz :addr fender.dmz :sshfp "fender")) | |
189 | (precision :abbrev p (unsafe :abbrev pu) (dmz :abbrev pd) (vpn :abbrev pv)) | |
190 | (precision (unsafe :addr precision.unsafe :sshfp "precision") | |
191 | (dmz :addr precision.dmz :sshfp "precision") | |
192 | (vpn :addr precision.vpn :sshfp "precision")) | |
07fe1e43 | 193 | (telecaster :alias tele :abbrev t |
be5a78bf MW |
194 | (unsafe :alias tele.unsafe :abbrev tu) |
195 | (dmz :alias tele.dmz :abbrev td)) | |
196 | (telecaster (unsafe :addr telecaster.unsafe :sshfp "telecaster") | |
197 | (dmz :addr telecaster.dmz :sshfp "telecaster")) | |
07fe1e43 | 198 | (stratocaster :alias strat :abbrev s |
be5a78bf MW |
199 | (unsafe :alias strat.unsafe :abbrev su) |
200 | (dmz :alias strat.dmz :abbrev sd)) | |
201 | (stratocaster (unsafe :addr stratocaster.unsafe :sshfp "stratocaster") | |
202 | (dmz :addr stratocaster.dmz :sshfp "stratocaster")) | |
203 | (jazz :abbrev z (unsafe :abbrev zu) (dmz :abbrev zd) (vpn :abbrev :zv)) | |
204 | (jazz (unsafe :addr jazz.unsafe :sshfp "jazz") | |
205 | (dmz :addr jazz.dmz :sshfp "jazz") | |
aa779726 | 206 | (vpn :addr jazz.vpn :sshfp "jazz") |
df1d9fe1 MW |
207 | (iodine :addr jazz.iodine :sshfp "jazz") |
208 | (hippo :addr jazz.hippo :sshfp "jazz")) | |
38c2de7c | 209 | |
b577b999 | 210 | ;; Virtual hosts. |
be5a78bf | 211 | (national :abbrev n (linode :abbrev nl) (upn :abbrev ny)) |
b577b999 | 212 | (national (linode :addr national.linode) |
be5a78bf MW |
213 | (upn :addr national.upn)) |
214 | (mdwdev (upn :addr mdwdev.upn)) | |
b577b999 | 215 | |
e8ba93bc | 216 | ;; Nicko's servers. |
be5a78bf MW |
217 | (richmond (dmz :svc richmond.dmz)) |
218 | (marshall (dmz :svc marshall.dmz)) | |
a20ec58c | 219 | |
76e1e45a MW |
220 | ;; Entry is via little router box. |
221 | (dmz :net dmz) | |
f5c3343e MW |
222 | (guvnor (dmz :addr guvnor.dmz)) |
223 | (nat (dmz :addr nat.dmz)) | |
76e1e45a | 224 | |
327c80f3 | 225 | ;; Wireless access points. |
76e1e45a MW |
226 | (wireless :net wireless) |
227 | (evolution (safe :addr evolution.safe)) | |
228 | (evolution :alias evo) | |
25679b6d | 229 | (kitkat :alias ap0) |
327c80f3 | 230 | (kitkat (safe :addr kitkat.safe)) |
25679b6d | 231 | (lunch :alias ap1) |
327c80f3 | 232 | (lunch (safe :addr lunch.safe)) |
f233386b MW |
233 | |
234 | ;; Printer. | |
af319f47 | 235 | (burntaxe :alias lp0) |
32926f3b | 236 | (burntaxe (safe :addr burntaxe.safe)) |
76e1e45a | 237 | |
f8f3b283 | 238 | ;; Switches. |
c32d96fa MW |
239 | (grigsby :alias tp0) |
240 | (grigsby (safe :addr grigsby.safe)) | |
241 | (carling :alias tp1) | |
242 | (carling (safe :addr carling.safe)) | |
243 | (tritan :alias tp2) | |
244 | (tritan (safe :addr tritan.safe)) | |
f8f3b283 | 245 | |
6ef39f28 | 246 | ;; Wired ethernet. |
04d65182 MW |
247 | (unsafe :net unsafe) |
248 | (safe :net safe) | |
249 | (untrusted :net untrusted) | |
07fe1e43 | 250 | (vampire :abbrev v |
be5a78bf | 251 | (unsafe :abbrev vu) (dmz :abbrev vd) (vpn :abbrev vv) |
f5c3343e | 252 | (safe :abbrev vs) (untrusted :abbrev vx)) |
c3997955 MW |
253 | (vampire (unsafe :addr vampire.unsafe :sshfp "vampire") |
254 | (dmz :addr vampire.dmz :sshfp "vampire") | |
aa779726 | 255 | (vpn :addr vampire.vpn :sshfp "vampire") |
c3997955 MW |
256 | (safe :addr vampire.safe :sshfp "vampire") |
257 | (untrusted :addr vampire.untrusted :sshfp "vampire")) | |
f5c3343e | 258 | (ibanez :abbrev i (unsafe :abbrev iu) (dmz :abbrev id)) |
c3997955 MW |
259 | (ibanez (unsafe :addr ibanez.unsafe :sshfp "ibanez") |
260 | (dmz :addr ibanez.dmz :sshfp "ibanez")) | |
07fe1e43 | 261 | (radius :abbrev r |
be5a78bf | 262 | (unsafe :abbrev ru) (dmz :abbrev rd) (vpn :abbrev rv) |
f5c3343e | 263 | (safe :abbrev rs) (untrusted :abbrev rx)) |
c3997955 MW |
264 | (radius (unsafe :addr radius.unsafe :sshfp "radius") |
265 | (dmz :addr radius.dmz :sshfp "radius") | |
aa779726 | 266 | (vpn :addr radius.vpn :sshfp "radius") |
c3997955 MW |
267 | (safe :addr radius.safe :sshfp "radius") |
268 | (untrusted :addr radius.untrusted :sshfp "radius")) | |
f5c3343e | 269 | (roadstar :abbrev rg (unsafe :abbrev rgu) (dmz :abbrev rgd)) |
c3997955 MW |
270 | (roadstar (unsafe :addr roadstar.unsafe :sshfp "roadstar") |
271 | (dmz :addr roadstar.dmz :sshfp "roadstar")) | |
f5c3343e | 272 | (jem :abbrev j (unsafe :abbrev ju) (dmz :abbrev jd)) |
c3997955 MW |
273 | (jem (unsafe :addr jem.unsafe :sshfp "jem") |
274 | (dmz :addr jem.dmz :sshfp "jem")) | |
f5c3343e | 275 | (universe :abbrev u (unsafe :abbrev uu) (dmz :abbrev ud)) |
664e6cf9 MW |
276 | (universe (unsafe :addr universe.unsafe :sshfp "universe") |
277 | (dmz :addr universe.dmz :sshfp "universe")) | |
07fe1e43 | 278 | (artist :abbrev a |
f5c3343e | 279 | (unsafe :abbrev au) (dmz :abbrev ad) (untrusted :abbrev ax)) |
c3997955 MW |
280 | (artist (unsafe :addr artist.unsafe :sshfp "artist") |
281 | (dmz :addr artist.dmz :sshfp "artist") | |
282 | (untrusted :addr artist.untrusted :sshfp "artist")) | |
25d23a91 | 283 | (groove :abbrev gr |
be5a78bf | 284 | (vpn :abbrev grv) (unsafe :abbrev gru)) |
bda4d30e | 285 | (groove (vpn :addr groove.vpn :sshfp "groove") |
bda4d30e | 286 | (unsafe :addr groove.unsafe :sshfp "groove")) |
ec4898f9 | 287 | |
ff6c53ad | 288 | ;; DHCP hosts. |
07fe1e43 | 289 | (gibson :cname gibson.dhcp :abbrev g) |
4b5e05ad MW |
290 | (lespaul :cname lespaul.dhcp) |
291 | (firebird :cname firebird.dhcp) | |
aa4d55b1 MW |
292 | (marauder :cname marauder.dhcp) |
293 | (invader :cname invader.dhcp) | |
098020ad | 294 | (gretsch :cname gretsch.dhcp) |
ec4898f9 | 295 | |
6ef39f28 | 296 | ;; Virtual network. |
be5a78bf | 297 | (vpn :net vpn) |
07fe1e43 | 298 | (crybaby :abbrev cb) |
df1d9fe1 MW |
299 | (crybaby (vpn :addr crybaby.vpn :sshfp "crybaby") |
300 | (hippo :addr crybaby.hippo :sshfp "crybaby")) | |
e8d49c40 MW |
301 | (spirit (vpn :addr spirit.vpn :sshfp "spirit") |
302 | (hippo :addr spirit.hippo :sshfp "spirit")) | |
c3997955 | 303 | (terror (vpn :addr terror.vpn :sshfp "terror")) |
07fe1e43 | 304 | (orange :abbrev o) |
be5a78bf | 305 | (orange (vpn :addr orange.vpn :sshfp "orange")) |
07fe1e43 | 306 | (haze :abbrev h) |
be5a78bf | 307 | (haze (vpn :addr haze.vpn :sshfp "haze")) |
fc0ce2ed | 308 | (iodine :net iodine) |
df1d9fe1 | 309 | (hippo :net hippo) |
ec4898f9 | 310 | |
6ef39f28 | 311 | ;; ITS. |
b1d5c6c2 | 312 | (its :net its) |
c3997955 MW |
313 | (gw (its :addr gw.its)) |
314 | (mz (its :addr mz.its)) | |
ec4898f9 | 315 | |
c2118713 | 316 | ;; Strange things. |
be5a78bf | 317 | (blackhole (dmz :addr blackhole.dmz)) |
c2118713 | 318 | |
6ef39f28 | 319 | ;; Delegations. |
f0209b9c MW |
320 | (dhcp :ns ((radius.ns.dhcp :ip radius) |
321 | (precision.ns.dhcp :ip precision) | |
1a8dfbe2 MW |
322 | (telecaster.ns.dhcp :ip telecaster) |
323 | (national.ns.dhcp :ip national)) | |
3f954bac MW |
324 | :ds ((55966 :rsasha256 :sha1 |
325 | "95b05c1f4e84f950f29630004bac447f8a87ca33") | |
326 | (55966 :rsasha256 :sha256 | |
327 | #.(concatenate 'string "31696bf54b577362b2eb75793adeb9ec" | |
328 | "2e8440ec671371b35d8d978cd9ca3007")))) | |
49c5f8ff MW |
329 | (dyn :ns ((radius.ns.dyn :ip radius) |
330 | (precision.ns.dyn :ip precision) | |
1a8dfbe2 MW |
331 | (telecaster.ns.dyn :ip telecaster) |
332 | (national.ns.dyn :ip national)) | |
3f954bac MW |
333 | :ds ((11335 :rsasha256 :sha1 |
334 | "7ed2b843b0bfb38ceca68617dfacbeafab1d1ea9") | |
335 | (11335 :rsasha256 :sha256 | |
336 | #.(concatenate 'string "6eb15eb587c48f5b84ca128a656a4cce" | |
337 | "0a41cf040d3d0f15a44dffd6476b2b55")))) | |
0262908f | 338 | (dnserr :ns ((radius.ns.dnserr :ip radius.dmz) |
be5a78bf MW |
339 | (precision.ns.dnserr :ip precision.dmz) |
340 | (telecaster.ns.dnserr :ip telecaster.dmz) | |
2831cef5 | 341 | (national.ns.dnserr :ip national.linode)) |
3f954bac MW |
342 | :ds ((40945 :rsasha256 :sha1 |
343 | "f35b5d0b877b940e63ad1b3afc21d6ba83cd1b3b") | |
344 | (40945 :rsasha256 :sha256 | |
345 | #.(concatenate 'string "fb171d206d4d64c5a7a6c290ce6e20df" | |
346 | "44f1db7f41e2260f1fe8d7c55d524c11")))) | |
aa420955 MW |
347 | (stratocaster.dkim |
348 | :ns ((radius.ns.stratocaster.dkim :ip radius.dmz) | |
349 | (precision.ns.stratocaster.dkim :ip precision.dmz) | |
350 | (telecaster.ns.stratocaster.dkim :ip telecaster.dmz) | |
351 | (national.ns.stratocaster.dkim :ip national.linode) | |
6d5194ac MW |
352 | (mythic-beasts-1.ns.stratocaster.dkim :ip mythic-ns1) |
353 | (mythic-beasts-2.ns.stratocaster.dkim :ip mythic-ns2) | |
354 | (mythic-beasts-3.ns.stratocaster.dkim :ip mythic-ns3)) | |
aa420955 MW |
355 | :ds ((24577 :rsasha256 :sha1 |
356 | "d06847c01e19098509a8d07a9aafaceff532c9c7") | |
357 | (24577 :rsasha256 :sha256 | |
358 | #.(concatenate 'string "a40cdb1c633041cfbc1b80a400cff527" | |
359 | "2cad051915fc0cd40296a2d4590b9d2b")))) | |
360 | (telecaster.dkim | |
361 | :ns ((radius.ns.telecaster.dkim :ip radius.dmz) | |
362 | (precision.ns.telecaster.dkim :ip precision.dmz) | |
363 | (telecaster.ns.telecaster.dkim :ip telecaster.dmz) | |
364 | (national.ns.telecaster.dkim :ip national.linode) | |
6d5194ac MW |
365 | (mythic-beasts-1.ns.telecaster.dkim :ip mythic-ns1) |
366 | (mythic-beasts-2.ns.telecaster.dkim :ip mythic-ns2) | |
367 | (mythic-beasts-3.ns.telecaster.dkim :ip mythic-ns3)) | |
aa420955 MW |
368 | :ds ((38896 :rsasha256 :sha1 |
369 | "2c2daea658784e22c46bf9e86da67def1e34cf40") | |
370 | (38896 :rsasha256 :sha256 | |
371 | #.(concatenate 'string "66997571c7d47f912caa65f2154ecd37" | |
372 | "5b9d391e3ed44d79ac35eef59264e521")))) | |
5b39cda9 MW |
373 | (io :ns ((ns.io :ip jazz.dmz))) |
374 | (play :ns (radius.ns precision.ns telecaster.ns national.ns))) | |
b1d5c6c2 MW |
375 | |
376 | ;;;-------------------------------------------------------------------------- | |
377 | ;;; Other subsidiary zones. | |
e80b4c2d | 378 | |
d21175f4 | 379 | #+view/outside |
55f161b6 | 380 | (defzone dhcp.distorted.org.uk |
a1ab9d7e | 381 | :ns ((radius.ns :ip radius.dmz) |
be5a78bf MW |
382 | (precision.ns :ip precision.dmz) |
383 | (telecaster.ns :ip telecaster.dmz) | |
1a8dfbe2 | 384 | (national.ns :ip national.linode)) |
55f161b6 | 385 | (gibson :addr gibson.unsafe) |
812706bd | 386 | (crybaby :addr crybaby.unsafe) |
2d7b9fe6 | 387 | (lespaul :addr lespaul.unsafe) |
3e38779f | 388 | (gretsch :addr gretsch.unsafe) |
e8d49c40 | 389 | (spirit :addr spirit.unsafe) |
3e38779f | 390 | (haze :addr haze.unsafe) |
55f161b6 | 391 | (invader :addr invader.safe) |
3e38779f | 392 | (marauder :addr marauder.safe)) |
55f161b6 | 393 | |
d21175f4 | 394 | #+view/outside |
8b063560 | 395 | (defzone (dyn.distorted.org.uk :source telecaster.distorted.org.uk.) |
424ccd8a | 396 | :ns ((radius.ns :ip radius) |
424ccd8a MW |
397 | (precision.ns :ip precision) |
398 | (telecaster.ns :ip telecaster) | |
399 | (national.ns :ip national))) | |
400 | ||
d21175f4 | 401 | #+view/outside |
c1f47051 | 402 | (defzone nicko.org |
be5a78bf | 403 | (richmond :addr richmond.dmz)) |
c1f47051 | 404 | |
aa420955 MW |
405 | #+view/outside |
406 | (defzone stratocaster.dkim.distorted.org.uk | |
407 | :ns ((radius.ns :ip radius.dmz) | |
408 | (precision.ns :ip precision.dmz) | |
409 | (telecaster.ns :ip telecaster.dmz) | |
410 | (national.ns :ip national.linode) | |
6d5194ac MW |
411 | (mythic-beasts-1.ns :ip mythic-ns1) |
412 | (mythic-beasts-2.ns :ip mythic-ns2) | |
413 | (mythic-beasts-3.ns :ip mythic-ns3))) | |
aa420955 MW |
414 | #+view/outside |
415 | (defzone telecaster.dkim.distorted.org.uk | |
416 | :ns ((radius.ns :ip radius.dmz) | |
417 | (precision.ns :ip precision.dmz) | |
418 | (telecaster.ns :ip telecaster.dmz) | |
419 | (national.ns :ip national.linode) | |
6d5194ac MW |
420 | (mythic-beasts-1.ns :ip mythic-ns1) |
421 | (mythic-beasts-2.ns :ip mythic-ns2) | |
422 | (mythic-beasts-3.ns :ip mythic-ns3))) | |
aa420955 | 423 | |
e80b4c2d | 424 | (defrevzone trusted |
8aa87005 MW |
425 | :ns (radius.distorted.org.uk. |
426 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
427 | telecaster.distorted.org.uk. |
428 | national.distorted.org.uk.) | |
b59ce50d MW |
429 | :reverse unsafe |
430 | :reverse vpn | |
b59ce50d | 431 | :reverse its |
345c0f69 | 432 | :reverse any |
8aa87005 MW |
433 | (dhcp :ns (radius.distorted.org.uk. |
434 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
435 | telecaster.distorted.org.uk. |
436 | national.distorted.org.uk.)) | |
3503589d | 437 | :multi (((dhcp safe) :family :ipv4 :suffix "199.29.172.dhcp") :cname *)) |
b3f75214 | 438 | |
d21175f4 | 439 | #+view/outside |
f5c3343e | 440 | (defzone dhcp.199.29.172.in-addr.arpa |
8aa87005 MW |
441 | :ns (radius.distorted.org.uk. |
442 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
443 | telecaster.distorted.org.uk. |
444 | national.distorted.org.uk.)) | |
b29264c5 | 445 | |
f5c3343e | 446 | (defrevzone untrusted |
b29264c5 MW |
447 | :ns (radius.distorted.org.uk. |
448 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
449 | telecaster.distorted.org.uk. |
450 | national.distorted.org.uk.)) | |
b29264c5 | 451 | |
7c0d1761 MW |
452 | (defzone 128-143.238.187.81.in-addr.arpa |
453 | :ns (radius.distorted.org.uk. | |
454 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
455 | telecaster.distorted.org.uk. |
456 | national.distorted.org.uk. | |
457 | secondary-dns.co.uk.) | |
f5c3343e | 458 | :reverse ((((:ipv4 dmz))))) |
7c0d1761 | 459 | |
bda4d30e MW |
460 | (defzone 64-79.12.169.217.in-addr.arpa |
461 | :ns (radius.distorted.org.uk. | |
bda4d30e MW |
462 | precision.distorted.org.uk. |
463 | telecaster.distorted.org.uk. | |
464 | national.distorted.org.uk. | |
465 | secondary-dns.co.uk.) | |
466 | :reverse ((((:ipv4 dmz1))))) | |
467 | ||
7c0d1761 MW |
468 | (defzone 195.113.2.81.in-addr.arpa |
469 | :ns (radius.distorted.org.uk. | |
470 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
471 | telecaster.distorted.org.uk. |
472 | national.distorted.org.uk. | |
473 | secondary-dns.co.uk.) | |
f5c3343e | 474 | :reverse ((((:ipv4 gw))))) |
7c0d1761 | 475 | |
f5c3343e | 476 | (defrevzone (distorted.org.uk-aaisp :family :ipv6) |
7c0d1761 MW |
477 | :ns (radius.distorted.org.uk. |
478 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
479 | telecaster.distorted.org.uk. |
480 | national.distorted.org.uk. | |
481 | secondary-dns.co.uk.) | |
b0eb5b79 | 482 | (0.7.3.6.8.6.4.6.1.0.0.0 :ns (radius.distorted.org.uk. |
b0eb5b79 MW |
483 | precision.distorted.org.uk. |
484 | telecaster.distorted.org.uk. | |
485 | national.distorted.org.uk.)) | |
f5c3343e | 486 | :reverse ((((:ipv6 distorted.org.uk-aaisp))))) |
7c0d1761 | 487 | |
b0eb5b79 MW |
488 | (defrevzone (dhcp :family :ipv6) |
489 | :ns (radius.distorted.org.uk. | |
b0eb5b79 MW |
490 | precision.distorted.org.uk. |
491 | telecaster.distorted.org.uk. | |
492 | national.distorted.org.uk.)) | |
493 | ||
d21175f4 | 494 | #+view/outside |
995d75b4 | 495 | (defzone io.distorted.org.uk |
be5a78bf | 496 | :ns ((ns :ip jazz.dmz)) |
995d75b4 MW |
497 | (about :txt "Fake zone used for IP-over-DNS tunnelling.")) |
498 | ||
b1d5c6c2 | 499 | ;;;----- That's all, folks -------------------------------------------------- |