chiark
/
gitweb
/
~mdw
/
zones
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
odin.lisp: Retreat to glueless delegation due to loss of glue records.
[zones]
/
distorted.lisp
diff --git
a/distorted.lisp
b/distorted.lisp
index 604e93d8d4dadcf7376194e561b65ca4b4c3ca8e..2f247781b35f9066cb0783a0d21012e573c29b0d 100644
(file)
--- a/
distorted.lisp
+++ b/
distorted.lisp
@@
-71,6
+71,7
@@
(defzone distorted.org.uk
(precision.ns :ip precision)
(telecaster.ns :ip telecaster)
(national.ns :ip national)
(precision.ns :ip precision)
(telecaster.ns :ip telecaster)
(national.ns :ip national)
+ (eggle.ns :ip eggle)
#-view/inside (mythic-beasts-1.ns :ip mythic-ns1)
#-view/inside (mythic-beasts-2.ns :ip mythic-ns2)
#-view/inside (mythic-beasts-3.ns :ip mythic-ns3)
#-view/inside (mythic-beasts-1.ns :ip mythic-ns1)
#-view/inside (mythic-beasts-2.ns :ip mythic-ns2)
#-view/inside (mythic-beasts-3.ns :ip mythic-ns3)
@@
-82,10
+83,19
@@
(defzone distorted.org.uk
;; Mail servers.
((@ mail blackhole) :mx mail :srv ((:smtp mail)))
;; Mail servers.
((@ mail blackhole) :mx mail :srv ((:smtp mail)))
- ((bugs) :ttl 300 :mx lists :srv ((:smtp bugs)))
- ((lists) :ttl 300 :mx lists :srv ((:smtp lists)))
+ (bugs :mx lists :srv ((:smtp bugs)))
+ (lists :mx lists :srv ((:smtp lists)))
+ (_dmarc :dmarc (:v "DMARC1"
+ :p "quarantine" :sp "quarantine"
+ :adkim "s" :aspf "s"))
((_domainkey _domainkey.mail) :dname stratocaster.dkim)
((_domainkey _domainkey.mail) :dname stratocaster.dkim)
+ ((stratocaster @ mail) :spf ((:version "spf1")
+ (:pass :ip stratocaster.dmz)
+ (:soft :all)))
((_domainkey.bugs _domainkey.lists) :dname telecaster.dkim)
((_domainkey.bugs _domainkey.lists) :dname telecaster.dkim)
+ ((telecaster bugs lists) :spf ((:version "spf1")
+ (:pass :ip telecaster.dmz)
+ (:soft :all)))
;; Anycast services.
(dns0 :anycast ((any dns0.any) (dmz radius.dmz)
;; Anycast services.
(dns0 :anycast ((any dns0.any) (dmz radius.dmz)
@@
-193,7
+203,9
@@
(defzone distorted.org.uk
(dmz :alias strat.dmz :abbrev sd))
(stratocaster (unsafe :addr stratocaster.unsafe :sshfp "stratocaster")
(dmz :addr stratocaster.dmz :sshfp "stratocaster"))
(dmz :alias strat.dmz :abbrev sd))
(stratocaster (unsafe :addr stratocaster.unsafe :sshfp "stratocaster")
(dmz :addr stratocaster.dmz :sshfp "stratocaster"))
- (jazz :abbrev z (unsafe :abbrev zu) (dmz :abbrev zd) (vpn :abbrev :zv))
+ (jazz :abbrev z
+ (unsafe :abbrev zu) (dmz :abbrev zd)
+ (vpn :abbrev :zv) (iodine :abbrev z53) (hippo :abbrev zh))
(jazz (unsafe :addr jazz.unsafe :sshfp "jazz")
(dmz :addr jazz.dmz :sshfp "jazz")
(vpn :addr jazz.vpn :sshfp "jazz")
(jazz (unsafe :addr jazz.unsafe :sshfp "jazz")
(dmz :addr jazz.dmz :sshfp "jazz")
(vpn :addr jazz.vpn :sshfp "jazz")
@@
-202,8
+214,11
@@
(defzone distorted.org.uk
;; Virtual hosts.
(national :abbrev n (linode :abbrev nl) (upn :abbrev ny))
;; Virtual hosts.
(national :abbrev n (linode :abbrev nl) (upn :abbrev ny))
- (national (linode :addr national.linode)
- (upn :addr national.upn))
+ (national (linode :addr national.linode :sshfp "national")
+ (upn :addr national.upn :sshfp "national"))
+ (eggle :abbrev e (jump :abbrev ej) (upn :abbrev ey))
+ (eggle (jump :addr eggle.jump :sshfp "eggle")
+ (upn :addr eggle.upn :sshfp "eggle"))
(mdwdev (upn :addr mdwdev.upn))
;; Nicko's servers.
(mdwdev (upn :addr mdwdev.upn))
;; Nicko's servers.
@@
-212,7
+227,7
@@
(defzone distorted.org.uk
;; Entry is via little router box.
(dmz :net dmz)
;; Entry is via little router box.
(dmz :net dmz)
- (guvnor (dmz :addr guvnor.dmz))
+ (guvnor (dmz :addr guvnor.dmz
:sshfp "radius"
))
(nat (dmz :addr nat.dmz))
;; Wireless access points.
(nat (dmz :addr nat.dmz))
;; Wireless access points.
@@
-224,9
+239,11
@@
(defzone distorted.org.uk
(lunch :alias ap1)
(lunch (safe :addr lunch.safe))
(lunch :alias ap1)
(lunch (safe :addr lunch.safe))
- ;; Printer.
+ ;; Printer
and scanner
.
(burntaxe :alias lp0)
(burntaxe (safe :addr burntaxe.safe))
(burntaxe :alias lp0)
(burntaxe (safe :addr burntaxe.safe))
+ (unicorn :alias scan0)
+ (unicorn (safe :addr unicorn.safe))
;; Switches.
(grigsby :alias tp0)
;; Switches.
(grigsby :alias tp0)
@@
-273,8
+290,7
@@
(defzone distorted.org.uk
(artist (unsafe :addr artist.unsafe :sshfp "artist")
(dmz :addr artist.dmz :sshfp "artist")
(untrusted :addr artist.untrusted :sshfp "artist"))
(artist (unsafe :addr artist.unsafe :sshfp "artist")
(dmz :addr artist.dmz :sshfp "artist")
(untrusted :addr artist.untrusted :sshfp "artist"))
- (groove :abbrev gr
- (vpn :abbrev grv) (unsafe :abbrev gru))
+ (groove :abbrev gr (vpn :abbrev grv) (unsafe :abbrev gru))
(groove (vpn :addr groove.vpn :sshfp "groove")
(unsafe :addr groove.unsafe :sshfp "groove"))
(groove (vpn :addr groove.vpn :sshfp "groove")
(unsafe :addr groove.unsafe :sshfp "groove"))
@@
-288,9
+304,10
@@
(defzone distorted.org.uk
;; Virtual network.
(vpn :net vpn)
;; Virtual network.
(vpn :net vpn)
- (crybaby :abbrev cb)
+ (crybaby :abbrev cb
(vpn :abbrev cbv) (hippo :abbrev cbh)
)
(crybaby (vpn :addr crybaby.vpn :sshfp "crybaby")
(hippo :addr crybaby.hippo :sshfp "crybaby"))
(crybaby (vpn :addr crybaby.vpn :sshfp "crybaby")
(hippo :addr crybaby.hippo :sshfp "crybaby"))
+ (spirit :abbrev sp (vpn :abbrev spv) (hippo :abbrev sph))
(spirit (vpn :addr spirit.vpn :sshfp "spirit")
(hippo :addr spirit.hippo :sshfp "spirit"))
(terror (vpn :addr terror.vpn :sshfp "terror"))
(spirit (vpn :addr spirit.vpn :sshfp "spirit")
(hippo :addr spirit.hippo :sshfp "spirit"))
(terror (vpn :addr terror.vpn :sshfp "terror"))
@@
-313,7
+330,8
@@
(defzone distorted.org.uk
(dhcp :ns ((radius.ns.dhcp :ip radius)
(precision.ns.dhcp :ip precision)
(telecaster.ns.dhcp :ip telecaster)
(dhcp :ns ((radius.ns.dhcp :ip radius)
(precision.ns.dhcp :ip precision)
(telecaster.ns.dhcp :ip telecaster)
- (national.ns.dhcp :ip national))
+ (national.ns.dhcp :ip national)
+ (eggle.ns.dhcp :ip eggle))
:ds ((55966 :rsasha256 :sha1
"95b05c1f4e84f950f29630004bac447f8a87ca33")
(55966 :rsasha256 :sha256
:ds ((55966 :rsasha256 :sha1
"95b05c1f4e84f950f29630004bac447f8a87ca33")
(55966 :rsasha256 :sha256
@@
-322,7
+340,8
@@
(defzone distorted.org.uk
(dyn :ns ((radius.ns.dyn :ip radius)
(precision.ns.dyn :ip precision)
(telecaster.ns.dyn :ip telecaster)
(dyn :ns ((radius.ns.dyn :ip radius)
(precision.ns.dyn :ip precision)
(telecaster.ns.dyn :ip telecaster)
- (national.ns.dyn :ip national))
+ (national.ns.dyn :ip national)
+ (eggle.ns.dyn :ip eggle))
:ds ((11335 :rsasha256 :sha1
"7ed2b843b0bfb38ceca68617dfacbeafab1d1ea9")
(11335 :rsasha256 :sha256
:ds ((11335 :rsasha256 :sha1
"7ed2b843b0bfb38ceca68617dfacbeafab1d1ea9")
(11335 :rsasha256 :sha256
@@
-331,7
+350,8
@@
(defzone distorted.org.uk
(dnserr :ns ((radius.ns.dnserr :ip radius.dmz)
(precision.ns.dnserr :ip precision.dmz)
(telecaster.ns.dnserr :ip telecaster.dmz)
(dnserr :ns ((radius.ns.dnserr :ip radius.dmz)
(precision.ns.dnserr :ip precision.dmz)
(telecaster.ns.dnserr :ip telecaster.dmz)
- (national.ns.dnserr :ip national.linode))
+ (national.ns.dnserr :ip national.linode)
+ (eggle.ns.dnserr :ip eggle.jump))
:ds ((40945 :rsasha256 :sha1
"f35b5d0b877b940e63ad1b3afc21d6ba83cd1b3b")
(40945 :rsasha256 :sha256
:ds ((40945 :rsasha256 :sha1
"f35b5d0b877b940e63ad1b3afc21d6ba83cd1b3b")
(40945 :rsasha256 :sha256
@@
-342,9
+362,10
@@
(defzone distorted.org.uk
(precision.ns.stratocaster.dkim :ip precision.dmz)
(telecaster.ns.stratocaster.dkim :ip telecaster.dmz)
(national.ns.stratocaster.dkim :ip national.linode)
(precision.ns.stratocaster.dkim :ip precision.dmz)
(telecaster.ns.stratocaster.dkim :ip telecaster.dmz)
(national.ns.stratocaster.dkim :ip national.linode)
- #+later (mythic-beasts-1.ns.stratocaster.dkim :ip mythic-ns1)
- #+later (mythic-beasts-2.ns.stratocaster.dkim :ip mythic-ns2)
- #+later (mythic-beasts-3.ns.stratocaster.dkim :ip mythic-ns3))
+ (eggle.ns.stratocaster.dkim :ip eggle.jump)
+ (mythic-beasts-1.ns.stratocaster.dkim :ip mythic-ns1)
+ (mythic-beasts-2.ns.stratocaster.dkim :ip mythic-ns2)
+ (mythic-beasts-3.ns.stratocaster.dkim :ip mythic-ns3))
:ds ((24577 :rsasha256 :sha1
"d06847c01e19098509a8d07a9aafaceff532c9c7")
(24577 :rsasha256 :sha256
:ds ((24577 :rsasha256 :sha1
"d06847c01e19098509a8d07a9aafaceff532c9c7")
(24577 :rsasha256 :sha256
@@
-355,26
+376,28
@@
(defzone distorted.org.uk
(precision.ns.telecaster.dkim :ip precision.dmz)
(telecaster.ns.telecaster.dkim :ip telecaster.dmz)
(national.ns.telecaster.dkim :ip national.linode)
(precision.ns.telecaster.dkim :ip precision.dmz)
(telecaster.ns.telecaster.dkim :ip telecaster.dmz)
(national.ns.telecaster.dkim :ip national.linode)
- #+later (mythic-beasts-1.ns.telecaster.dkim :ip mythic-ns1)
- #+later (mythic-beasts-2.ns.telecaster.dkim :ip mythic-ns2)
- #+later (mythic-beasts-3.ns.telecaster.dkim :ip mythic-ns3))
+ (eggle.ns.telecaster.dkim :ip eggle.jump)
+ (mythic-beasts-1.ns.telecaster.dkim :ip mythic-ns1)
+ (mythic-beasts-2.ns.telecaster.dkim :ip mythic-ns2)
+ (mythic-beasts-3.ns.telecaster.dkim :ip mythic-ns3))
:ds ((38896 :rsasha256 :sha1
"2c2daea658784e22c46bf9e86da67def1e34cf40")
(38896 :rsasha256 :sha256
#.(concatenate 'string "66997571c7d47f912caa65f2154ecd37"
"5b9d391e3ed44d79ac35eef59264e521"))))
(io :ns ((ns.io :ip jazz.dmz)))
:ds ((38896 :rsasha256 :sha1
"2c2daea658784e22c46bf9e86da67def1e34cf40")
(38896 :rsasha256 :sha256
#.(concatenate 'string "66997571c7d47f912caa65f2154ecd37"
"5b9d391e3ed44d79ac35eef59264e521"))))
(io :ns ((ns.io :ip jazz.dmz)))
- (play :ns (radius.ns precision.ns telecaster.ns national.ns)))
+ (play :ns (radius.ns precision.ns telecaster.ns national.ns
eggle.jump
)))
;;;--------------------------------------------------------------------------
;;; Other subsidiary zones.
#+view/outside
(defzone dhcp.distorted.org.uk
;;;--------------------------------------------------------------------------
;;; Other subsidiary zones.
#+view/outside
(defzone dhcp.distorted.org.uk
- :ns ((radius.ns :ip radius.dmz)
- (precision.ns :ip precision.dmz)
- (telecaster.ns :ip telecaster.dmz)
- (national.ns :ip national.linode))
+ :ns ((radius.ns :ip radius)
+ (precision.ns :ip precision)
+ (telecaster.ns :ip telecaster)
+ (national.ns :ip national)
+ (eggle.ns :ip eggle))
(gibson :addr gibson.unsafe)
(crybaby :addr crybaby.unsafe)
(lespaul :addr lespaul.unsafe)
(gibson :addr gibson.unsafe)
(crybaby :addr crybaby.unsafe)
(lespaul :addr lespaul.unsafe)
@@
-389,37
+412,42
@@
(defzone (dyn.distorted.org.uk :source telecaster.distorted.org.uk.)
:ns ((radius.ns :ip radius)
(precision.ns :ip precision)
(telecaster.ns :ip telecaster)
:ns ((radius.ns :ip radius)
(precision.ns :ip precision)
(telecaster.ns :ip telecaster)
- (national.ns :ip national)))
+ (national.ns :ip national)
+ (eggle.ns :ip eggle)))
-#+view/outside
(defzone nicko.org
(defzone nicko.org
- (richmond :addr richmond.dmz))
+ (richmond :addr richmond.dmz)
+ (marshall :addr marshall.dmz))
#+view/outside
(defzone stratocaster.dkim.distorted.org.uk
#+view/outside
(defzone stratocaster.dkim.distorted.org.uk
- :ns ((radius.ns :ip radius.dmz)
- (precision.ns :ip precision.dmz)
- (telecaster.ns :ip telecaster.dmz)
- (national.ns :ip national.linode)
- #+later (mythic-beasts-1.ns :ip mythic-ns1)
- #+later (mythic-beasts-2.ns :ip mythic-ns2)
- #+later (mythic-beasts-3.ns :ip mythic-ns3)))
+ :ns ((radius.ns :ip radius)
+ (precision.ns :ip precision)
+ (telecaster.ns :ip telecaster)
+ (national.ns :ip national)
+ (eggle.ns :ip eggle)
+ (mythic-beasts-1.ns :ip mythic-ns1)
+ (mythic-beasts-2.ns :ip mythic-ns2)
+ (mythic-beasts-3.ns :ip mythic-ns3)))
#+view/outside
(defzone telecaster.dkim.distorted.org.uk
#+view/outside
(defzone telecaster.dkim.distorted.org.uk
- :ns ((radius.ns :ip radius.dmz)
- (precision.ns :ip precision.dmz)
- (telecaster.ns :ip telecaster.dmz)
- (national.ns :ip national.linode)
- #+later (mythic-beasts-1.ns :ip mythic-ns1)
- #+later (mythic-beasts-2.ns :ip mythic-ns2)
- #+later (mythic-beasts-3.ns :ip mythic-ns3)))
+ :ns ((radius.ns :ip radius)
+ (precision.ns :ip precision)
+ (telecaster.ns :ip telecaster)
+ (national.ns :ip national)
+ (eggle.ns :ip eggle)
+ (mythic-beasts-1.ns :ip mythic-ns1)
+ (mythic-beasts-2.ns :ip mythic-ns2)
+ (mythic-beasts-3.ns :ip mythic-ns3)))
(defrevzone trusted
:ns (radius.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
(defrevzone trusted
:ns (radius.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
- national.distorted.org.uk.)
+ national.distorted.org.uk.
+ eggle.distorted.org.uk.)
:reverse unsafe
:reverse unsafe
+ :reverse safe
:reverse vpn
:reverse its
:reverse any
:reverse vpn
:reverse its
:reverse any
@@
-427,26
+455,30
@@
(defrevzone trusted
precision.distorted.org.uk.
telecaster.distorted.org.uk.
national.distorted.org.uk.))
precision.distorted.org.uk.
telecaster.distorted.org.uk.
national.distorted.org.uk.))
- :multi (((dhcp safe) :family :ipv4 :suffix "199.29.172.dhcp") :cname *))
+ :multi (((unsafe-dhcp01 unsafe-dhcp1x safe-dhcp011 safe-dhcp1xx)
+ :family :ipv4 :suffix "199.29.172.dhcp") :cname *))
#+view/outside
(defzone dhcp.199.29.172.in-addr.arpa
:ns (radius.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
#+view/outside
(defzone dhcp.199.29.172.in-addr.arpa
:ns (radius.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
- national.distorted.org.uk.))
+ national.distorted.org.uk.
+ eggle.distorted.org.uk.))
(defrevzone untrusted
:ns (radius.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
(defrevzone untrusted
:ns (radius.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
- national.distorted.org.uk.))
+ national.distorted.org.uk.
+ eggle.distorted.org.uk.))
(defzone 128-143.238.187.81.in-addr.arpa
:ns (radius.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
national.distorted.org.uk.
(defzone 128-143.238.187.81.in-addr.arpa
:ns (radius.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
national.distorted.org.uk.
+ eggle.distorted.org.uk.
secondary-dns.co.uk.)
:reverse ((((:ipv4 dmz)))))
secondary-dns.co.uk.)
:reverse ((((:ipv4 dmz)))))
@@
-455,6
+487,7
@@
(defzone 64-79.12.169.217.in-addr.arpa
precision.distorted.org.uk.
telecaster.distorted.org.uk.
national.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
national.distorted.org.uk.
+ eggle.distorted.org.uk.
secondary-dns.co.uk.)
:reverse ((((:ipv4 dmz1)))))
secondary-dns.co.uk.)
:reverse ((((:ipv4 dmz1)))))
@@
-463,6
+496,7
@@
(defzone 195.113.2.81.in-addr.arpa
precision.distorted.org.uk.
telecaster.distorted.org.uk.
national.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
national.distorted.org.uk.
+ eggle.distorted.org.uk.
secondary-dns.co.uk.)
:reverse ((((:ipv4 gw)))))
secondary-dns.co.uk.)
:reverse ((((:ipv4 gw)))))
@@
-471,18
+505,36
@@
(defrevzone (distorted.org.uk-aaisp :family :ipv6)
precision.distorted.org.uk.
telecaster.distorted.org.uk.
national.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
national.distorted.org.uk.
+ eggle.distorted.org.uk.
secondary-dns.co.uk.)
(0.7.3.6.8.6.4.6.1.0.0.0 :ns (radius.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
secondary-dns.co.uk.)
(0.7.3.6.8.6.4.6.1.0.0.0 :ns (radius.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
- national.distorted.org.uk.))
+ national.distorted.org.uk.
+ eggle.distorted.org.uk.))
:reverse ((((:ipv6 distorted.org.uk-aaisp)))))
:reverse ((((:ipv6 distorted.org.uk-aaisp)))))
-(defrevzone (dhcp :family :ipv6)
+(defrevzone jump-ipv6
+ :ns (radius.distorted.org.uk.
+ precision.distorted.org.uk.
+ telecaster.distorted.org.uk.
+ national.distorted.org.uk.
+ eggle.distorted.org.uk.)
+ :reverse ((((:ipv6 jump-ipv6)))))
+
+(defrevzone (unsafe-dhcp :family :ipv6)
:ns (radius.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
:ns (radius.distorted.org.uk.
precision.distorted.org.uk.
telecaster.distorted.org.uk.
- national.distorted.org.uk.))
+ national.distorted.org.uk.
+ eggle.distorted.org.uk.))
+
+(defrevzone (safe-dhcp :family :ipv6)
+ :ns (radius.distorted.org.uk.
+ precision.distorted.org.uk.
+ telecaster.distorted.org.uk.
+ national.distorted.org.uk.
+ eggle.distorted.org.uk.))
#+view/outside
(defzone io.distorted.org.uk
#+view/outside
(defzone io.distorted.org.uk
~mdw / zones / blobdiff