Commit | Line | Data |
---|---|---|
e80b4c2d MW |
1 | ;;; Zone file for distorted.org.uk |
2 | ||
b4d4c18b | 3 | (load "hosts.lisp" :verbose nil) |
e80b4c2d | 4 | |
aef7892b MW |
5 | ;;;-------------------------------------------------------------------------- |
6 | ;;; Anycast services. | |
7 | ||
8 | (defvar *anycast-routable-families* (list :ipv6)) | |
9 | ||
10 | (defzoneparse :anycast (name data rec :prefix prefix :zname zname) | |
11 | (destructuring-bind (any-provider default-provider &rest other-providers) | |
12 | data | |
13 | ||
14 | ;; First, the default address. If the anycast network is preferred then | |
15 | ;; this is easy; otherwise we have something complicated to do because | |
16 | ;; IPv6 anycast addresses are globally routable, while IPv4 ones aren't. | |
17 | (if (zone-preferred-subnet-p (car any-provider)) | |
18 | (zone-set-address #'rec (cdr any-provider) :make-ptr-p t) | |
6baf2de2 | 19 | (do-host (addr (cdr any-provider)) |
aef7892b MW |
20 | (let ((family (ipaddr-family addr))) |
21 | (if (member family *anycast-routable-families*) | |
22 | (zone-set-address #'rec addr | |
23 | :family family :make-ptr-p t) | |
24 | (zone-set-address #'rec (cdr default-provider) | |
25 | :family family :make-ptr-p nil))))) | |
26 | ||
27 | ;; Now for all of the others. | |
28 | (dolist (provider (list* any-provider default-provider other-providers)) | |
29 | (zone-set-address #'rec (cdr provider) | |
30 | :make-ptr-p (eq provider any-provider) | |
c9f96590 MW |
31 | :name (domain-name-concat prefix |
32 | (zone-parse-host | |
33 | (car provider) | |
34 | zname)))))) | |
aef7892b | 35 | |
07fe1e43 MW |
36 | ;;;-------------------------------------------------------------------------- |
37 | ;;; Hostname abbreviations. | |
38 | ||
39 | (defvar *abbrev-subdomain* | |
40 | (make-domain-name :labels '("abbrev") :absolutep nil)) | |
41 | (defparameter *abbrev-used* (make-hash-table :test #'equal)) | |
42 | ||
43 | (defzoneparse :abbrev (name data rec :zname zname) | |
44 | (let* ((domain (zone-parse-host data | |
45 | (domain-name-concat *abbrev-subdomain* | |
46 | zname))) | |
47 | (key (princ-to-string domain)) | |
48 | (existing (gethash key *abbrev-used*))) | |
49 | (when existing | |
50 | (error "Abbrev collision for ~A between ~A and ~A." | |
51 | domain existing name)) | |
52 | (setf (gethash key *abbrev-used*) name) | |
53 | (rec :name domain | |
54 | :type :cname | |
55 | :data name))) | |
56 | ||
b1d5c6c2 MW |
57 | ;;;-------------------------------------------------------------------------- |
58 | ;;; Other definitions. | |
e80b4c2d MW |
59 | |
60 | (setf *default-zone-admin* "hostmaster@distorted.org.uk") | |
2bc217e8 | 61 | |
ff6c53ad | 62 | (setf *default-zone-source* 'radius.distorted.org.uk.) |
e80b4c2d | 63 | |
b1d5c6c2 MW |
64 | ;;;-------------------------------------------------------------------------- |
65 | ;;; Main zone definition. | |
66 | ||
e80b4c2d | 67 | (defzone distorted.org.uk |
ec4898f9 | 68 | |
6ef39f28 | 69 | ;; Nameservers. |
981c9c20 MW |
70 | :ns ((radius.ns :ip radius) |
71 | (precision.ns :ip precision) | |
72 | (telecaster.ns :ip telecaster) | |
1a8dfbe2 | 73 | (national.ns :ip national) |
981c9c20 MW |
74 | #-view/inside (mythic-beasts-1.ns :ip mythic-ns1) |
75 | #-view/inside (mythic-beasts-2.ns :ip mythic-ns2) | |
fdcd43da | 76 | #-view/inside (mythic-beasts-3.ns :ip mythic-ns3) |
981c9c20 | 77 | #-view/inside (chiark.ns :ip chiark.greenend.org.uk)) |
ec4898f9 | 78 | |
2e7d3852 MW |
79 | ;; Certification. |
80 | :caa ((:issue "letsencrypt.org") | |
81 | (:issue "distorted.org.uk")) | |
82 | ||
6ef39f28 | 83 | ;; Mail servers. |
68db42b5 | 84 | ((@ mail blackhole) :mx mail :srv ((:smtp mail))) |
11178c6e MW |
85 | (bugs :mx lists :srv ((:smtp bugs))) |
86 | (lists :mx lists :srv ((:smtp lists))) | |
8ddb3b7d MW |
87 | (_dmarc :dmarc (:v "DMARC1" |
88 | :p "quarantine" :sp "quarantine" | |
89 | :adkim "s" :aspf "s")) | |
aa420955 | 90 | ((_domainkey _domainkey.mail) :dname stratocaster.dkim) |
37a0e278 MW |
91 | ((stratocaster @ mail) :spf ((:version "spf1") |
92 | (:pass :ip stratocaster.dmz) | |
8ddb3b7d | 93 | (:soft :all))) |
aa420955 | 94 | ((_domainkey.bugs _domainkey.lists) :dname telecaster.dkim) |
37a0e278 MW |
95 | ((telecaster bugs lists) :spf ((:version "spf1") |
96 | (:pass :ip telecaster.dmz) | |
8ddb3b7d | 97 | (:soft :all))) |
69bbb181 | 98 | |
06f1bb3f | 99 | ;; Anycast services. |
be5a78bf | 100 | (dns0 :anycast ((any dns0.any) (dmz radius.dmz) |
aef7892b | 101 | (unsafe radius.unsafe))) |
be5a78bf MW |
102 | (dns1 :anycast ((any dns1.any) (dmz precision.dmz) |
103 | (unsafe precision.unsafe))) | |
cfecfa5c MW |
104 | (dns :cname dns0) |
105 | ||
be5a78bf MW |
106 | (ntp0 :anycast ((any ntp0.any) (dmz ibanez.dmz) |
107 | (unsafe ibanez.unsafe))) | |
108 | (ntp1 :anycast ((any ntp1.any) (dmz fender.dmz) | |
109 | (unsafe fender.unsafe))) | |
cfecfa5c MW |
110 | (ntp :cname ntp0) |
111 | ||
be5a78bf MW |
112 | (www-cache :anycast ((any www-cache.any) (dmz telecaster.dmz) |
113 | (unsafe telecaster.unsafe))) | |
345c0f69 MW |
114 | (wpad :cname www-cache) |
115 | ||
cfecfa5c | 116 | (_kerberos :txt "DISTORTED.ORG.UK") |
be5a78bf MW |
117 | (krb0 :anycast ((any krb0.any) (dmz radius.dmz) |
118 | (unsafe radius.unsafe))) | |
119 | (krb1 :anycast ((any krb1.any) (dmz precision.dmz) | |
120 | (unsafe precision.unsafe))) | |
cfecfa5c MW |
121 | (krb-master (unsafe :svc radius.unsafe) |
122 | (dmz :svc radius.dmz)) | |
123 | :srv (((:kerberos :protocol :udp) | |
124 | krb0 | |
125 | (krb1 :prio 100)) | |
126 | ((:kerberos-master :protocol :udp :port 88) krb-master) | |
127 | (:kerberos-adm krb-master) | |
128 | ((:kpasswd :protocol :udp) krb-master)) | |
129 | (krb :cname krb0) | |
130 | ||
6ef39f28 | 131 | ;; Other services. |
96c2a692 MW |
132 | :srv ((:http www) |
133 | (:ftp ftp)) | |
ec4898f9 | 134 | |
be5a78bf MW |
135 | ;; Formerly colocated services. |
136 | ((irc vox keys wiki) (unsafe :svc jazz.unsafe :sshfp "jazz") | |
137 | (dmz :svc jazz.dmz :sshfp "jazz")) | |
270fa799 | 138 | ((irc vox keys wiki) :tlsa (:https (:service-certificate-constraint |
15cca8c6 | 139 | :public-key :sha-256 #p"https-jazz"))) |
be5a78bf MW |
140 | ((bugs lists db ftp) (unsafe :svc telecaster.unsafe :sshfp "telecaster") |
141 | (dmz :svc telecaster.dmz :sshfp "telecaster")) | |
40832d80 MW |
142 | ((bugs lists ftp) :tlsa (:https #3=(:service-certificate-constraint |
143 | :public-key :sha-256 | |
144 | #p"https-telecaster"))) | |
be5a78bf MW |
145 | (dyndns :svc telecaster.dmz :sshfp "telecaster") |
146 | ((git www mail) (unsafe :svc stratocaster.unsafe :sshfp "stratocaster") | |
147 | (dmz :svc stratocaster.dmz :sshfp "stratocaster")) | |
40832d80 MW |
148 | ((www git mail @) :tlsa (:https #2=(:service-certificate-constraint |
149 | :public-key :sha-256 | |
150 | #p"https-stratocaster"))) | |
5a8c792f MW |
151 | (www-cache :tlsa (3127 #1=(:trust-anchor-assertion |
152 | :certificate :sha-256 #p"distorted-ca"))) | |
e30dcd9f | 153 | (mail :tlsa ((:submission :imap :imaps) #1#)) |
b868d3f4 MW |
154 | (mail :tlsa (:smtp |
155 | #+view/inside #1# | |
156 | #-view/inside (:domain-issued-certificate | |
157 | :public-key :sha-256 | |
158 | #p"smtps-stratocaster"))) | |
159 | ((bugs lists) :tlsa (:smtp | |
160 | #+view/inside #1# | |
161 | #-view/inside (:domain-issued-certificate | |
162 | :public-key :sha-256 | |
163 | #p"smtps-telecaster"))) | |
be5a78bf MW |
164 | :svc #+view/inside stratocaster.unsafe |
165 | #-view/inside stratocaster.dmz | |
166 | (cabal :svc stratocaster.dmz :sshfp "stratocaster") | |
4c25329e | 167 | |
6ef39f28 | 168 | ;; Local services. |
77fbb917 | 169 | (rawk (unsafe :svc artist.unsafe) (dmz :svc artist.dmz)) |
c0e64dd8 MW |
170 | (rawk :tlsa (:https (:service-certificate-constraint |
171 | :public-key :sha-256 | |
172 | #p"https-artist"))) | |
f5c3343e | 173 | (mirror (dmz :svc roadstar.dmz :sshfp "roadstar") |
8d261a89 | 174 | (unsafe :svc roadstar.unsafe :sshfp "roadstar")) |
ec4898f9 | 175 | |
6ef39f28 | 176 | ;; Internal services. |
ccc6ea89 | 177 | ((news lpr) :svc roadstar.unsafe :sshfp "roadstar") |
ec4898f9 | 178 | |
04db9729 | 179 | ;; Anonymity services. |
be5a78bf MW |
180 | (anon (dmz :svc anon.dmz) |
181 | (unsafe :svc jazz.unsafe)) | |
04db9729 | 182 | |
85a3496c | 183 | ;; Fancy connectivity. |
be5a78bf MW |
184 | (iodine (dmz :svc jazz.dmz)) |
185 | (hippotat (dmz :svc jazz.dmz)) | |
186 | ||
187 | ;; Formerly colocated hosts. | |
188 | (fender :abbrev f (unsafe :abbrev fu) (dmz :abbrev fd)) | |
189 | (fender (unsafe :addr fender.unsafe :sshfp "fender") | |
190 | (dmz :addr fender.dmz :sshfp "fender")) | |
191 | (precision :abbrev p (unsafe :abbrev pu) (dmz :abbrev pd) (vpn :abbrev pv)) | |
192 | (precision (unsafe :addr precision.unsafe :sshfp "precision") | |
193 | (dmz :addr precision.dmz :sshfp "precision") | |
194 | (vpn :addr precision.vpn :sshfp "precision")) | |
07fe1e43 | 195 | (telecaster :alias tele :abbrev t |
be5a78bf MW |
196 | (unsafe :alias tele.unsafe :abbrev tu) |
197 | (dmz :alias tele.dmz :abbrev td)) | |
198 | (telecaster (unsafe :addr telecaster.unsafe :sshfp "telecaster") | |
199 | (dmz :addr telecaster.dmz :sshfp "telecaster")) | |
07fe1e43 | 200 | (stratocaster :alias strat :abbrev s |
be5a78bf MW |
201 | (unsafe :alias strat.unsafe :abbrev su) |
202 | (dmz :alias strat.dmz :abbrev sd)) | |
203 | (stratocaster (unsafe :addr stratocaster.unsafe :sshfp "stratocaster") | |
204 | (dmz :addr stratocaster.dmz :sshfp "stratocaster")) | |
205 | (jazz :abbrev z (unsafe :abbrev zu) (dmz :abbrev zd) (vpn :abbrev :zv)) | |
206 | (jazz (unsafe :addr jazz.unsafe :sshfp "jazz") | |
207 | (dmz :addr jazz.dmz :sshfp "jazz") | |
aa779726 | 208 | (vpn :addr jazz.vpn :sshfp "jazz") |
df1d9fe1 MW |
209 | (iodine :addr jazz.iodine :sshfp "jazz") |
210 | (hippo :addr jazz.hippo :sshfp "jazz")) | |
38c2de7c | 211 | |
b577b999 | 212 | ;; Virtual hosts. |
be5a78bf | 213 | (national :abbrev n (linode :abbrev nl) (upn :abbrev ny)) |
4ac8501e | 214 | (national (linode :addr national.linode) (upn :addr national.upn)) |
eec350e2 MW |
215 | (eggle :abbrev e (jump :abbrev ej) (upn :abbrev ey)) |
216 | (eggle (jump :addr eggle.jump) (upn :addr eggle.upn)) | |
be5a78bf | 217 | (mdwdev (upn :addr mdwdev.upn)) |
b577b999 | 218 | |
e8ba93bc | 219 | ;; Nicko's servers. |
be5a78bf MW |
220 | (richmond (dmz :svc richmond.dmz)) |
221 | (marshall (dmz :svc marshall.dmz)) | |
a20ec58c | 222 | |
76e1e45a MW |
223 | ;; Entry is via little router box. |
224 | (dmz :net dmz) | |
f5c3343e MW |
225 | (guvnor (dmz :addr guvnor.dmz)) |
226 | (nat (dmz :addr nat.dmz)) | |
76e1e45a | 227 | |
327c80f3 | 228 | ;; Wireless access points. |
76e1e45a MW |
229 | (wireless :net wireless) |
230 | (evolution (safe :addr evolution.safe)) | |
231 | (evolution :alias evo) | |
25679b6d | 232 | (kitkat :alias ap0) |
327c80f3 | 233 | (kitkat (safe :addr kitkat.safe)) |
25679b6d | 234 | (lunch :alias ap1) |
327c80f3 | 235 | (lunch (safe :addr lunch.safe)) |
f233386b MW |
236 | |
237 | ;; Printer. | |
af319f47 | 238 | (burntaxe :alias lp0) |
32926f3b | 239 | (burntaxe (safe :addr burntaxe.safe)) |
76e1e45a | 240 | |
f8f3b283 | 241 | ;; Switches. |
c32d96fa MW |
242 | (grigsby :alias tp0) |
243 | (grigsby (safe :addr grigsby.safe)) | |
244 | (carling :alias tp1) | |
245 | (carling (safe :addr carling.safe)) | |
246 | (tritan :alias tp2) | |
247 | (tritan (safe :addr tritan.safe)) | |
f8f3b283 | 248 | |
6ef39f28 | 249 | ;; Wired ethernet. |
04d65182 MW |
250 | (unsafe :net unsafe) |
251 | (safe :net safe) | |
252 | (untrusted :net untrusted) | |
07fe1e43 | 253 | (vampire :abbrev v |
be5a78bf | 254 | (unsafe :abbrev vu) (dmz :abbrev vd) (vpn :abbrev vv) |
f5c3343e | 255 | (safe :abbrev vs) (untrusted :abbrev vx)) |
c3997955 MW |
256 | (vampire (unsafe :addr vampire.unsafe :sshfp "vampire") |
257 | (dmz :addr vampire.dmz :sshfp "vampire") | |
aa779726 | 258 | (vpn :addr vampire.vpn :sshfp "vampire") |
c3997955 MW |
259 | (safe :addr vampire.safe :sshfp "vampire") |
260 | (untrusted :addr vampire.untrusted :sshfp "vampire")) | |
f5c3343e | 261 | (ibanez :abbrev i (unsafe :abbrev iu) (dmz :abbrev id)) |
c3997955 MW |
262 | (ibanez (unsafe :addr ibanez.unsafe :sshfp "ibanez") |
263 | (dmz :addr ibanez.dmz :sshfp "ibanez")) | |
07fe1e43 | 264 | (radius :abbrev r |
be5a78bf | 265 | (unsafe :abbrev ru) (dmz :abbrev rd) (vpn :abbrev rv) |
f5c3343e | 266 | (safe :abbrev rs) (untrusted :abbrev rx)) |
c3997955 MW |
267 | (radius (unsafe :addr radius.unsafe :sshfp "radius") |
268 | (dmz :addr radius.dmz :sshfp "radius") | |
aa779726 | 269 | (vpn :addr radius.vpn :sshfp "radius") |
c3997955 MW |
270 | (safe :addr radius.safe :sshfp "radius") |
271 | (untrusted :addr radius.untrusted :sshfp "radius")) | |
f5c3343e | 272 | (roadstar :abbrev rg (unsafe :abbrev rgu) (dmz :abbrev rgd)) |
c3997955 MW |
273 | (roadstar (unsafe :addr roadstar.unsafe :sshfp "roadstar") |
274 | (dmz :addr roadstar.dmz :sshfp "roadstar")) | |
f5c3343e | 275 | (jem :abbrev j (unsafe :abbrev ju) (dmz :abbrev jd)) |
c3997955 MW |
276 | (jem (unsafe :addr jem.unsafe :sshfp "jem") |
277 | (dmz :addr jem.dmz :sshfp "jem")) | |
f5c3343e | 278 | (universe :abbrev u (unsafe :abbrev uu) (dmz :abbrev ud)) |
664e6cf9 MW |
279 | (universe (unsafe :addr universe.unsafe :sshfp "universe") |
280 | (dmz :addr universe.dmz :sshfp "universe")) | |
07fe1e43 | 281 | (artist :abbrev a |
f5c3343e | 282 | (unsafe :abbrev au) (dmz :abbrev ad) (untrusted :abbrev ax)) |
c3997955 MW |
283 | (artist (unsafe :addr artist.unsafe :sshfp "artist") |
284 | (dmz :addr artist.dmz :sshfp "artist") | |
285 | (untrusted :addr artist.untrusted :sshfp "artist")) | |
25d23a91 | 286 | (groove :abbrev gr |
be5a78bf | 287 | (vpn :abbrev grv) (unsafe :abbrev gru)) |
bda4d30e | 288 | (groove (vpn :addr groove.vpn :sshfp "groove") |
bda4d30e | 289 | (unsafe :addr groove.unsafe :sshfp "groove")) |
ec4898f9 | 290 | |
ff6c53ad | 291 | ;; DHCP hosts. |
07fe1e43 | 292 | (gibson :cname gibson.dhcp :abbrev g) |
4b5e05ad MW |
293 | (lespaul :cname lespaul.dhcp) |
294 | (firebird :cname firebird.dhcp) | |
aa4d55b1 MW |
295 | (marauder :cname marauder.dhcp) |
296 | (invader :cname invader.dhcp) | |
098020ad | 297 | (gretsch :cname gretsch.dhcp) |
ec4898f9 | 298 | |
6ef39f28 | 299 | ;; Virtual network. |
be5a78bf | 300 | (vpn :net vpn) |
07fe1e43 | 301 | (crybaby :abbrev cb) |
df1d9fe1 MW |
302 | (crybaby (vpn :addr crybaby.vpn :sshfp "crybaby") |
303 | (hippo :addr crybaby.hippo :sshfp "crybaby")) | |
e8d49c40 MW |
304 | (spirit (vpn :addr spirit.vpn :sshfp "spirit") |
305 | (hippo :addr spirit.hippo :sshfp "spirit")) | |
c3997955 | 306 | (terror (vpn :addr terror.vpn :sshfp "terror")) |
07fe1e43 | 307 | (orange :abbrev o) |
be5a78bf | 308 | (orange (vpn :addr orange.vpn :sshfp "orange")) |
07fe1e43 | 309 | (haze :abbrev h) |
be5a78bf | 310 | (haze (vpn :addr haze.vpn :sshfp "haze")) |
fc0ce2ed | 311 | (iodine :net iodine) |
df1d9fe1 | 312 | (hippo :net hippo) |
ec4898f9 | 313 | |
6ef39f28 | 314 | ;; ITS. |
b1d5c6c2 | 315 | (its :net its) |
c3997955 MW |
316 | (gw (its :addr gw.its)) |
317 | (mz (its :addr mz.its)) | |
ec4898f9 | 318 | |
c2118713 | 319 | ;; Strange things. |
be5a78bf | 320 | (blackhole (dmz :addr blackhole.dmz)) |
c2118713 | 321 | |
6ef39f28 | 322 | ;; Delegations. |
f0209b9c MW |
323 | (dhcp :ns ((radius.ns.dhcp :ip radius) |
324 | (precision.ns.dhcp :ip precision) | |
1a8dfbe2 MW |
325 | (telecaster.ns.dhcp :ip telecaster) |
326 | (national.ns.dhcp :ip national)) | |
3f954bac MW |
327 | :ds ((55966 :rsasha256 :sha1 |
328 | "95b05c1f4e84f950f29630004bac447f8a87ca33") | |
329 | (55966 :rsasha256 :sha256 | |
330 | #.(concatenate 'string "31696bf54b577362b2eb75793adeb9ec" | |
331 | "2e8440ec671371b35d8d978cd9ca3007")))) | |
49c5f8ff MW |
332 | (dyn :ns ((radius.ns.dyn :ip radius) |
333 | (precision.ns.dyn :ip precision) | |
1a8dfbe2 MW |
334 | (telecaster.ns.dyn :ip telecaster) |
335 | (national.ns.dyn :ip national)) | |
3f954bac MW |
336 | :ds ((11335 :rsasha256 :sha1 |
337 | "7ed2b843b0bfb38ceca68617dfacbeafab1d1ea9") | |
338 | (11335 :rsasha256 :sha256 | |
339 | #.(concatenate 'string "6eb15eb587c48f5b84ca128a656a4cce" | |
340 | "0a41cf040d3d0f15a44dffd6476b2b55")))) | |
0262908f | 341 | (dnserr :ns ((radius.ns.dnserr :ip radius.dmz) |
be5a78bf MW |
342 | (precision.ns.dnserr :ip precision.dmz) |
343 | (telecaster.ns.dnserr :ip telecaster.dmz) | |
2831cef5 | 344 | (national.ns.dnserr :ip national.linode)) |
3f954bac MW |
345 | :ds ((40945 :rsasha256 :sha1 |
346 | "f35b5d0b877b940e63ad1b3afc21d6ba83cd1b3b") | |
347 | (40945 :rsasha256 :sha256 | |
348 | #.(concatenate 'string "fb171d206d4d64c5a7a6c290ce6e20df" | |
349 | "44f1db7f41e2260f1fe8d7c55d524c11")))) | |
aa420955 MW |
350 | (stratocaster.dkim |
351 | :ns ((radius.ns.stratocaster.dkim :ip radius.dmz) | |
352 | (precision.ns.stratocaster.dkim :ip precision.dmz) | |
353 | (telecaster.ns.stratocaster.dkim :ip telecaster.dmz) | |
354 | (national.ns.stratocaster.dkim :ip national.linode) | |
6d5194ac MW |
355 | (mythic-beasts-1.ns.stratocaster.dkim :ip mythic-ns1) |
356 | (mythic-beasts-2.ns.stratocaster.dkim :ip mythic-ns2) | |
357 | (mythic-beasts-3.ns.stratocaster.dkim :ip mythic-ns3)) | |
aa420955 MW |
358 | :ds ((24577 :rsasha256 :sha1 |
359 | "d06847c01e19098509a8d07a9aafaceff532c9c7") | |
360 | (24577 :rsasha256 :sha256 | |
361 | #.(concatenate 'string "a40cdb1c633041cfbc1b80a400cff527" | |
362 | "2cad051915fc0cd40296a2d4590b9d2b")))) | |
363 | (telecaster.dkim | |
364 | :ns ((radius.ns.telecaster.dkim :ip radius.dmz) | |
365 | (precision.ns.telecaster.dkim :ip precision.dmz) | |
366 | (telecaster.ns.telecaster.dkim :ip telecaster.dmz) | |
367 | (national.ns.telecaster.dkim :ip national.linode) | |
6d5194ac MW |
368 | (mythic-beasts-1.ns.telecaster.dkim :ip mythic-ns1) |
369 | (mythic-beasts-2.ns.telecaster.dkim :ip mythic-ns2) | |
370 | (mythic-beasts-3.ns.telecaster.dkim :ip mythic-ns3)) | |
aa420955 MW |
371 | :ds ((38896 :rsasha256 :sha1 |
372 | "2c2daea658784e22c46bf9e86da67def1e34cf40") | |
373 | (38896 :rsasha256 :sha256 | |
374 | #.(concatenate 'string "66997571c7d47f912caa65f2154ecd37" | |
375 | "5b9d391e3ed44d79ac35eef59264e521")))) | |
5b39cda9 MW |
376 | (io :ns ((ns.io :ip jazz.dmz))) |
377 | (play :ns (radius.ns precision.ns telecaster.ns national.ns))) | |
b1d5c6c2 MW |
378 | |
379 | ;;;-------------------------------------------------------------------------- | |
380 | ;;; Other subsidiary zones. | |
e80b4c2d | 381 | |
d21175f4 | 382 | #+view/outside |
55f161b6 | 383 | (defzone dhcp.distorted.org.uk |
cacadc0b MW |
384 | :ns ((radius.ns :ip radius) |
385 | (precision.ns :ip precision) | |
386 | (telecaster.ns :ip telecaster) | |
387 | (national.ns :ip national)) | |
55f161b6 | 388 | (gibson :addr gibson.unsafe) |
812706bd | 389 | (crybaby :addr crybaby.unsafe) |
2d7b9fe6 | 390 | (lespaul :addr lespaul.unsafe) |
3e38779f | 391 | (gretsch :addr gretsch.unsafe) |
e8d49c40 | 392 | (spirit :addr spirit.unsafe) |
3e38779f | 393 | (haze :addr haze.unsafe) |
55f161b6 | 394 | (invader :addr invader.safe) |
3e38779f | 395 | (marauder :addr marauder.safe)) |
55f161b6 | 396 | |
d21175f4 | 397 | #+view/outside |
8b063560 | 398 | (defzone (dyn.distorted.org.uk :source telecaster.distorted.org.uk.) |
424ccd8a | 399 | :ns ((radius.ns :ip radius) |
424ccd8a MW |
400 | (precision.ns :ip precision) |
401 | (telecaster.ns :ip telecaster) | |
402 | (national.ns :ip national))) | |
403 | ||
d21175f4 | 404 | #+view/outside |
c1f47051 | 405 | (defzone nicko.org |
be5a78bf | 406 | (richmond :addr richmond.dmz)) |
c1f47051 | 407 | |
aa420955 MW |
408 | #+view/outside |
409 | (defzone stratocaster.dkim.distorted.org.uk | |
cacadc0b MW |
410 | :ns ((radius.ns :ip radius) |
411 | (precision.ns :ip precision) | |
412 | (telecaster.ns :ip telecaster) | |
413 | (national.ns :ip national) | |
6d5194ac MW |
414 | (mythic-beasts-1.ns :ip mythic-ns1) |
415 | (mythic-beasts-2.ns :ip mythic-ns2) | |
416 | (mythic-beasts-3.ns :ip mythic-ns3))) | |
aa420955 MW |
417 | #+view/outside |
418 | (defzone telecaster.dkim.distorted.org.uk | |
cacadc0b MW |
419 | :ns ((radius.ns :ip radius) |
420 | (precision.ns :ip precision) | |
421 | (telecaster.ns :ip telecaster) | |
422 | (national.ns :ip national) | |
6d5194ac MW |
423 | (mythic-beasts-1.ns :ip mythic-ns1) |
424 | (mythic-beasts-2.ns :ip mythic-ns2) | |
425 | (mythic-beasts-3.ns :ip mythic-ns3))) | |
aa420955 | 426 | |
e80b4c2d | 427 | (defrevzone trusted |
8aa87005 MW |
428 | :ns (radius.distorted.org.uk. |
429 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
430 | telecaster.distorted.org.uk. |
431 | national.distorted.org.uk.) | |
b59ce50d MW |
432 | :reverse unsafe |
433 | :reverse vpn | |
b59ce50d | 434 | :reverse its |
345c0f69 | 435 | :reverse any |
8aa87005 MW |
436 | (dhcp :ns (radius.distorted.org.uk. |
437 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
438 | telecaster.distorted.org.uk. |
439 | national.distorted.org.uk.)) | |
3503589d | 440 | :multi (((dhcp safe) :family :ipv4 :suffix "199.29.172.dhcp") :cname *)) |
b3f75214 | 441 | |
d21175f4 | 442 | #+view/outside |
f5c3343e | 443 | (defzone dhcp.199.29.172.in-addr.arpa |
8aa87005 MW |
444 | :ns (radius.distorted.org.uk. |
445 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
446 | telecaster.distorted.org.uk. |
447 | national.distorted.org.uk.)) | |
b29264c5 | 448 | |
f5c3343e | 449 | (defrevzone untrusted |
b29264c5 MW |
450 | :ns (radius.distorted.org.uk. |
451 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
452 | telecaster.distorted.org.uk. |
453 | national.distorted.org.uk.)) | |
b29264c5 | 454 | |
7c0d1761 MW |
455 | (defzone 128-143.238.187.81.in-addr.arpa |
456 | :ns (radius.distorted.org.uk. | |
457 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
458 | telecaster.distorted.org.uk. |
459 | national.distorted.org.uk. | |
460 | secondary-dns.co.uk.) | |
f5c3343e | 461 | :reverse ((((:ipv4 dmz))))) |
7c0d1761 | 462 | |
bda4d30e MW |
463 | (defzone 64-79.12.169.217.in-addr.arpa |
464 | :ns (radius.distorted.org.uk. | |
bda4d30e MW |
465 | precision.distorted.org.uk. |
466 | telecaster.distorted.org.uk. | |
467 | national.distorted.org.uk. | |
468 | secondary-dns.co.uk.) | |
469 | :reverse ((((:ipv4 dmz1))))) | |
470 | ||
7c0d1761 MW |
471 | (defzone 195.113.2.81.in-addr.arpa |
472 | :ns (radius.distorted.org.uk. | |
473 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
474 | telecaster.distorted.org.uk. |
475 | national.distorted.org.uk. | |
476 | secondary-dns.co.uk.) | |
f5c3343e | 477 | :reverse ((((:ipv4 gw))))) |
7c0d1761 | 478 | |
f5c3343e | 479 | (defrevzone (distorted.org.uk-aaisp :family :ipv6) |
7c0d1761 MW |
480 | :ns (radius.distorted.org.uk. |
481 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
482 | telecaster.distorted.org.uk. |
483 | national.distorted.org.uk. | |
484 | secondary-dns.co.uk.) | |
b0eb5b79 | 485 | (0.7.3.6.8.6.4.6.1.0.0.0 :ns (radius.distorted.org.uk. |
b0eb5b79 MW |
486 | precision.distorted.org.uk. |
487 | telecaster.distorted.org.uk. | |
488 | national.distorted.org.uk.)) | |
f5c3343e | 489 | :reverse ((((:ipv6 distorted.org.uk-aaisp))))) |
7c0d1761 | 490 | |
b0eb5b79 MW |
491 | (defrevzone (dhcp :family :ipv6) |
492 | :ns (radius.distorted.org.uk. | |
b0eb5b79 MW |
493 | precision.distorted.org.uk. |
494 | telecaster.distorted.org.uk. | |
495 | national.distorted.org.uk.)) | |
496 | ||
d21175f4 | 497 | #+view/outside |
995d75b4 | 498 | (defzone io.distorted.org.uk |
be5a78bf | 499 | :ns ((ns :ip jazz.dmz)) |
995d75b4 MW |
500 | (about :txt "Fake zone used for IP-over-DNS tunnelling.")) |
501 | ||
b1d5c6c2 | 502 | ;;;----- That's all, folks -------------------------------------------------- |