;; Mail servers.
((@ mail blackhole) :mx mail :srv ((:smtp mail)))
- ((bugs) :ttl 300 :mx lists :srv ((:smtp bugs)))
- ((lists) :ttl 300 :mx lists :srv ((:smtp lists)))
-
- (stratocaster.20140403._domainkey
- :dkim ("stratocaster-20140403"
- :v "DKIM1" :k "rsa" :h "sha256" :s "email"))
+ (bugs :mx lists :srv ((:smtp bugs)))
+ (lists :mx lists :srv ((:smtp lists)))
+ (_dmarc :dmarc (:v "DMARC1"
+ :p "quarantine" :sp "quarantine"
+ :adkim "s" :aspf "s"))
+ ((_domainkey _domainkey.mail) :dname stratocaster.dkim)
+ ((stratocaster @ mail) :spf ((:version "spf1")
+ (:pass :ip stratocaster.dmz)
+ (:soft :all)))
+ ((_domainkey.bugs _domainkey.lists) :dname telecaster.dkim)
+ ((telecaster bugs lists) :spf ((:version "spf1")
+ (:pass :ip telecaster.dmz)
+ (:soft :all)))
;; Anycast services.
(dns0 :anycast ((any dns0.any) (dmz radius.dmz)
;; Virtual hosts.
(national :abbrev n (linode :abbrev nl) (upn :abbrev ny))
- (national (linode :addr national.linode)
- (upn :addr national.upn))
+ (national (linode :addr national.linode) (upn :addr national.upn))
+ (eggle :abbrev e (jump :abbrev ej) (upn :abbrev ey))
+ (eggle (jump :addr eggle.jump) (upn :addr eggle.upn))
(mdwdev (upn :addr mdwdev.upn))
;; Nicko's servers.
(40945 :rsasha256 :sha256
#.(concatenate 'string "fb171d206d4d64c5a7a6c290ce6e20df"
"44f1db7f41e2260f1fe8d7c55d524c11"))))
- (io :ns ((ns.io :ip jazz.dmz))))
+ (stratocaster.dkim
+ :ns ((radius.ns.stratocaster.dkim :ip radius.dmz)
+ (precision.ns.stratocaster.dkim :ip precision.dmz)
+ (telecaster.ns.stratocaster.dkim :ip telecaster.dmz)
+ (national.ns.stratocaster.dkim :ip national.linode)
+ (mythic-beasts-1.ns.stratocaster.dkim :ip mythic-ns1)
+ (mythic-beasts-2.ns.stratocaster.dkim :ip mythic-ns2)
+ (mythic-beasts-3.ns.stratocaster.dkim :ip mythic-ns3))
+ :ds ((24577 :rsasha256 :sha1
+ "d06847c01e19098509a8d07a9aafaceff532c9c7")
+ (24577 :rsasha256 :sha256
+ #.(concatenate 'string "a40cdb1c633041cfbc1b80a400cff527"
+ "2cad051915fc0cd40296a2d4590b9d2b"))))
+ (telecaster.dkim
+ :ns ((radius.ns.telecaster.dkim :ip radius.dmz)
+ (precision.ns.telecaster.dkim :ip precision.dmz)
+ (telecaster.ns.telecaster.dkim :ip telecaster.dmz)
+ (national.ns.telecaster.dkim :ip national.linode)
+ (mythic-beasts-1.ns.telecaster.dkim :ip mythic-ns1)
+ (mythic-beasts-2.ns.telecaster.dkim :ip mythic-ns2)
+ (mythic-beasts-3.ns.telecaster.dkim :ip mythic-ns3))
+ :ds ((38896 :rsasha256 :sha1
+ "2c2daea658784e22c46bf9e86da67def1e34cf40")
+ (38896 :rsasha256 :sha256
+ #.(concatenate 'string "66997571c7d47f912caa65f2154ecd37"
+ "5b9d391e3ed44d79ac35eef59264e521"))))
+ (io :ns ((ns.io :ip jazz.dmz)))
+ (play :ns (radius.ns precision.ns telecaster.ns national.ns)))
;;;--------------------------------------------------------------------------
;;; Other subsidiary zones.
+#+view/outside
(defzone dhcp.distorted.org.uk
- :ns ((radius.ns :ip radius.dmz)
- (precision.ns :ip precision.dmz)
- (telecaster.ns :ip telecaster.dmz)
- (national.ns :ip national.linode))
+ :ns ((radius.ns :ip radius)
+ (precision.ns :ip precision)
+ (telecaster.ns :ip telecaster)
+ (national.ns :ip national))
(gibson :addr gibson.unsafe)
(crybaby :addr crybaby.unsafe)
(lespaul :addr lespaul.unsafe)
(invader :addr invader.safe)
(marauder :addr marauder.safe))
+#+view/outside
(defzone (dyn.distorted.org.uk :source telecaster.distorted.org.uk.)
:ns ((radius.ns :ip radius)
(precision.ns :ip precision)
(telecaster.ns :ip telecaster)
(national.ns :ip national)))
+#+view/outside
(defzone nicko.org
(richmond :addr richmond.dmz))
+#+view/outside
+(defzone stratocaster.dkim.distorted.org.uk
+ :ns ((radius.ns :ip radius)
+ (precision.ns :ip precision)
+ (telecaster.ns :ip telecaster)
+ (national.ns :ip national)
+ (mythic-beasts-1.ns :ip mythic-ns1)
+ (mythic-beasts-2.ns :ip mythic-ns2)
+ (mythic-beasts-3.ns :ip mythic-ns3)))
+#+view/outside
+(defzone telecaster.dkim.distorted.org.uk
+ :ns ((radius.ns :ip radius)
+ (precision.ns :ip precision)
+ (telecaster.ns :ip telecaster)
+ (national.ns :ip national)
+ (mythic-beasts-1.ns :ip mythic-ns1)
+ (mythic-beasts-2.ns :ip mythic-ns2)
+ (mythic-beasts-3.ns :ip mythic-ns3)))
+
(defrevzone trusted
:ns (radius.distorted.org.uk.
precision.distorted.org.uk.
national.distorted.org.uk.))
:multi (((dhcp safe) :family :ipv4 :suffix "199.29.172.dhcp") :cname *))
+#+view/outside
(defzone dhcp.199.29.172.in-addr.arpa
:ns (radius.distorted.org.uk.
precision.distorted.org.uk.
national.distorted.org.uk.))
:reverse ((((:ipv6 distorted.org.uk-aaisp)))))
+(defrevzone jump-ipv6
+ :ns (radius.distorted.org.uk.
+ precision.distorted.org.uk.
+ telecaster.distorted.org.uk.
+ national.distorted.org.uk.)
+ :reverse ((((:ipv6 jump-ipv6)))))
+
(defrevzone (dhcp :family :ipv6)
:ns (radius.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
national.distorted.org.uk.))
+#+view/outside
(defzone io.distorted.org.uk
:ns ((ns :ip jazz.dmz))
(about :txt "Fake zone used for IP-over-DNS tunnelling."))
~mdw / zones / blobdiff