keys/, distorted.lisp: Add SSHFP recortds for virtual servers.

[zones] / hosts.lisp

diff --git a/hosts.lisp b/hosts.lisp
index f48195ac1b9edfe554770c427892aa62ac3494e7..ceb3ae77e100a832ec78641f7c71a0de3a4dfbe8 100644 (file)
--- a/hosts.lisp
+++ b/hosts.lisp
@@ -6,11 +6,11 @@
 ;;; External hosts.
 
 (defhost boyle.nsict.org ((:ipv4 "85.158.42.162")))
 ;;; External hosts.
 
 (defhost boyle.nsict.org ((:ipv4 "85.158.42.162")))

-(defhost chiark.greenend.org.uk ((:ipv4 "212.13.197.229")
-                                #+chiark-dns-ipv6 (:ipv6 "2001:ba8:1e3::")))
+(defhost chiark.greenend.org.uk ((:ipv4 "93.93.131.173")
+                                (:ipv6 "2a00:1098:86:130::1")))

 (defhost mccoy.flatline.org.uk "80.74.241.31")
 (defhost mythic-ns1 ((:ipv4 "45.33.127.156")
 (defhost mccoy.flatline.org.uk "80.74.241.31")
 (defhost mythic-ns1 ((:ipv4 "45.33.127.156")

-                    (:ipv6 "2600:3c00::f03c:91ff:fe96:beac")))
+                    (:ipv6 "2600:3c00:e000:19::1")))

 (defhost mythic-ns2 ((:ipv4 "93.93.128.67")
                     (:ipv6 "2a00:1098:0:80:1000::10")))
 (defhost mythic-ns3 ((:ipv4 "185.24.221.32")
 (defhost mythic-ns2 ((:ipv4 "93.93.128.67")
                     (:ipv6 "2a00:1098:0:80:1000::10")))
 (defhost mythic-ns3 ((:ipv4 "185.24.221.32")


@@ -28,34 +28,36 @@ (defnet distorted.org.uk "172.29.198/23"
     (hippo "144/28")
     (upn "160/27"))
   (trusted "199.0/24"
     (hippo "144/28")
     (upn "160/27"))
   (trusted "199.0/24"

-    (wired "0/25"
-      (unsafe "0/27")
-      (dhcp "32/27"))
+    (unsafe "0/25"
+      (unsafe-static00 "0/27")
+      (unsafe-dhcp01 "32/27")
+      (unsafe-dhcp1x "64/26"))

     (vpn "128/27")
     (its "160/30")
     (vpn "128/27")
     (its "160/30")

-    (colo "176/28")
-    (safe "192/27")
+    (safe "192/27"
+      (safe-static00x "192/29")
+      (safe-static010 "200/30")
+      (safe-dhcp011 "204/30")
+      (safe-dhcp1xx "208/28"))

     (any "224/27")))
 
 ;; Externally routable DMZ from Andrews and Arnold.
 (defnet gw "81.2.113.195")
 (defnet dmz "81.187.238.128/28")
     (any "224/27")))
 
 ;; Externally routable DMZ from Andrews and Arnold.
 (defnet gw "81.2.113.195")
 (defnet dmz "81.187.238.128/28")

+(defnet dmz1 "217.169.12.64/28")

 (defnet distorted.org.uk-aaisp "2001:8b0:c92/48"
   (unsafe "1/64"
 (defnet distorted.org.uk-aaisp "2001:8b0:c92/48"
   (unsafe "1/64"

-    (dhcp "6468:6370/96"))
-  (dmz "fff/64")
-  (safe "4001/64")
-  (untrusted "8001/64"))
-
-;; Externally routed colo range.
-(defnet jump "212.13.198.66/28")
-(defnet jump "2001:ba8:0:1d9/64")
-(defnet distorted.org.uk-jump "2001:ba8:1d9/48"
-  (colo "2/64")
+    (unsafe-dhcp "6468:6370/96"))

   (any "0/64")
   (any "0/64")

+  (dmz "fff/64")
+  (safe "4001/64"
+    (safe-dhcp "6468:6370/96"))

   (vpn "6000/64")
   (vpn "6000/64")

+  (untrusted "8001/64")

   (upn "a000/64"))
 
   (upn "a000/64"))
 

+(defnet jump-ipv6 "2001:ba8:1d9/48")
+

 ;;;--------------------------------------------------------------------------
 ;;; Host allocations
 
 ;;;--------------------------------------------------------------------------
 ;;; Host allocations
 


@@ -71,17 +73,19 @@ (defhost ibanez.dmz (dmz 9))
 (defhost anon.dmz (dmz 12))
 (defhost nat.dmz ((:ipv4 dmz 14)))
 
 (defhost anon.dmz (dmz 12))
 (defhost nat.dmz ((:ipv4 dmz 14)))
 

-;; Colocated addresses.
-(defhost gate.jump ((:ipv6 jump 2)))
-(defhost fender.jump (jump 5))
-(defhost precision.jump (jump 6))
-(defhost telecaster.jump (jump 7))
-(defhost stratocaster.jump (jump 8))
-(defhost jazz.jump (jump 9))
-(defhost marshall.jump ((:ipv4 jump 11) (:ipv6 jump "::2:1")))
-(defhost richmond.jump ((:ipv4 jump 12) (:ipv6 jump "::1:1")))
-(defhost anon.jump (jump 13))
-(defhost blackhole.jump ((:ipv4 jump 14) (:ipv6 jump "::ffff")))
+;; Formerly colocated addresses.
+(defhost precision.dmz ((:ipv4 dmz1 1) (:ipv6 dmz 33)))
+(defhost telecaster.dmz ((:ipv4 dmz1 2) (:ipv6 dmz 34)))
+(defhost stratocaster.dmz ((:ipv4 dmz1 3) (:ipv6 dmz 35)))
+(defhost jazz.dmz ((:ipv4 dmz1 4) (:ipv6 dmz 36)))
+(defhost fender.dmz ((:ipv4 dmz1 9) (:ipv6 dmz 41)))
+(defhost marshall.dmz ((:ipv4 dmz1 11) (:ipv6 dmz "::2:1")))
+(defhost richmond.dmz ((:ipv4 dmz1 12) (:ipv6 dmz "::1:1")))
+(defhost blackhole.dmz ((:ipv4 dmz1 14) (:ipv6 dmz "::ffff")))
+
+;; Jump virtual hosts.
+(defhost eggle.jump ((:ipv4 "185.73.44.143")
+                    (:ipv6 jump-ipv6 "8002::1")))

 
 ;; Linode virtual hosts.
 (defhost national.linode ((:ipv4 "45.33.118.239")
 
 ;; Linode virtual hosts.
 (defhost national.linode ((:ipv4 "45.33.118.239")


@@ -94,7 +98,12 @@ (defhost jem.unsafe (unsafe 3))
 (defhost artist.unsafe (unsafe 4))
 (defhost vampire.unsafe (unsafe 5))
 (defhost universe.unsafe (unsafe 6))
 (defhost artist.unsafe (unsafe 4))
 (defhost vampire.unsafe (unsafe 5))
 (defhost universe.unsafe (unsafe 6))

+(defhost precision.unsafe (unsafe 7))
+(defhost telecaster.unsafe (unsafe 8))
+(defhost stratocaster.unsafe (unsafe 9))
+(defhost jazz.unsafe (unsafe 10))

 (defhost ibanez.unsafe (unsafe 14))
 (defhost ibanez.unsafe (unsafe 14))

+(defhost fender.unsafe (unsafe 15))

 (defhost groove.unsafe (unsafe 17))
 
 ;; Client hosts, with IPv6 addresses.
 (defhost groove.unsafe (unsafe 17))
 
 ;; Client hosts, with IPv6 addresses.


@@ -103,9 +112,10 @@ (defhost crybaby.unsafe ((:ipv6 unsafe "216:eaff:fec2:4cb8")))
 (defhost lespaul.unsafe ((:ipv6 unsafe "a00:27ff:fef5:aaef")))
 (defhost haze.unsafe ((:ipv6 unsafe "5056:a8ff:fe01:5654")))
 (defhost gretsch.unsafe ((:ipv6 unsafe "3a2c:4aff:fe6d:e768")))
 (defhost lespaul.unsafe ((:ipv6 unsafe "a00:27ff:fef5:aaef")))
 (defhost haze.unsafe ((:ipv6 unsafe "5056:a8ff:fe01:5654")))
 (defhost gretsch.unsafe ((:ipv6 unsafe "3a2c:4aff:fe6d:e768")))

+(defhost spirit.unsafe ((:ipv6 unsafe "568d:5aff:fed9:18b8")))

 (defhost invader.safe ((:ipv6 safe "a00:27ff:fe94:a5d7")))
 (defhost marauder.safe ((:ipv6 safe "a00:27ff:fe6a:7846")))
 (defhost invader.safe ((:ipv6 safe "a00:27ff:fe94:a5d7")))
 (defhost marauder.safe ((:ipv6 safe "a00:27ff:fe6a:7846")))

-(defhost spirit.unsafe ((:ipv6 unsafe "568d:5aff:fed9:18b8")))
+(defhost unicorn.safe ((:ipv6 safe "20e:c6ff:fe90:a926")))

 
 ;; Safe network.
 (defhost radius.safe (safe 1))
 
 ;; Safe network.
 (defhost radius.safe (safe 1))


@@ -117,11 +127,13 @@ (defhost tritan.safe (safe 6))
 (defhost kitkat.safe (safe 7))
 (defhost lunch.safe (safe 8))
 (defhost burntaxe.safe (safe 9))
 (defhost kitkat.safe (safe 7))
 (defhost lunch.safe (safe 8))
 (defhost burntaxe.safe (safe 9))

+(defhost unicorn.safe ((:ipv4 safe 10)))

 
 ;; Wireless network.
 (defhost radius.untrusted (untrusted 1))
 (defhost artist.untrusted (untrusted 2))
 (defhost vampire.untrusted (untrusted 3))
 
 ;; Wireless network.
 (defhost radius.untrusted (untrusted 1))
 (defhost artist.untrusted (untrusted 2))
 (defhost vampire.untrusted (untrusted 3))

+(defhost jazz.untrusted (untrusted 4))

 
 ;; Virtual private network.
 (defhost crybaby.vpn ((:ipv4 vpn 1) (:ipv6 vpn "::1:1")))
 
 ;; Virtual private network.
 (defhost crybaby.vpn ((:ipv4 vpn 1) (:ipv6 vpn "::1:1")))


@@ -133,10 +145,12 @@ (defhost precision.vpn ((:ipv4 vpn 6) (:ipv6 vpn "::6:1")))
 (defhost jazz.vpn ((:ipv4 vpn 7) (:ipv6 vpn "::7:1")))
 (defhost vampire.vpn ((:ipv4 vpn 8) (:ipv6 vpn "::8:1")))
 (defhost spirit.vpn ((:ipv4 vpn 9) (:ipv6 vpn "::9:1")))
 (defhost jazz.vpn ((:ipv4 vpn 7) (:ipv6 vpn "::7:1")))
 (defhost vampire.vpn ((:ipv4 vpn 8) (:ipv6 vpn "::8:1")))
 (defhost spirit.vpn ((:ipv4 vpn 9) (:ipv6 vpn "::9:1")))

+(defhost groove.vpn ((:ipv4 vpn 10) (:ipv6 vpn "::10:1")))

 
 ;; Untrusted private network.
 (defhost national.upn ((:ipv4 upn 1) (:ipv6 upn "::1:1")))
 (defhost mdwdev.upn ((:ipv4 upn 2) (:ipv6 upn "::2:1")))
 
 ;; Untrusted private network.
 (defhost national.upn ((:ipv4 upn 1) (:ipv6 upn "::1:1")))
 (defhost mdwdev.upn ((:ipv4 upn 2) (:ipv6 upn "::2:1")))

+(defhost eggle.upn ((:ipv4 upn 3) (:ipv6 upn "::3:1")))

 
 ;; Iodine network.
 (defhost jazz.iodine (iodine 1))
 
 ;; Iodine network.
 (defhost jazz.iodine (iodine 1))


@@ -151,13 +165,6 @@ (defhost spirit.hippo (hippo 3))
 (defhost gw.its (its 1))
 (defhost mz.its (its 2))
 
 (defhost gw.its (its 1))
 (defhost mz.its (its 2))
 

-;; Internal (VPN) addresses for colocated services.
-(defhost fender.colo (colo 1))
-(defhost precision.colo (colo 2))
-(defhost telecaster.colo (colo 3))
-(defhost stratocaster.colo (colo 4))
-(defhost jazz.colo (colo 5))
-

 ;; Anycast addresses for services.
 (defhost dns0.any ((:ipv4 any 0) (:ipv6 any "::0:1")))
 (defhost dns1.any ((:ipv4 any 1) (:ipv6 any "::1:1")))
 ;; Anycast addresses for services.
 (defhost dns0.any ((:ipv4 any 0) (:ipv6 any "::0:1")))
 (defhost dns1.any ((:ipv4 any 1) (:ipv6 any "::1:1")))


@@ -171,22 +178,24 @@ (defhost krb1.any ((:ipv4 any 6) (:ipv6 any "::6:1")))
 ;;; Host switch.
 
 (preferred-subnet-case
 ;;; Host switch.
 
 (preferred-subnet-case

-  ((unsafe colo)
+  (unsafe

    (defhost radius radius.unsafe)
    (defhost vampire vampire.unsafe)
    (defhost radius radius.unsafe)
    (defhost vampire vampire.unsafe)

-   (defhost precision precision.colo)
-   (defhost telecaster telecaster.colo)
-   (defhost stratocaster stratocaster.colo)
-   (defhost national national.upn))
+   (defhost precision precision.unsafe)
+   (defhost telecaster telecaster.unsafe)
+   (defhost stratocaster stratocaster.unsafe)
+   (defhost national national.upn)
+   (defhost eggle eggle.upn))

   (t
    (defhost radius radius.dmz)
    (defhost vampire vampire.dmz)
   (t
    (defhost radius radius.dmz)
    (defhost vampire vampire.dmz)

-   (defhost precision precision.jump)
-   (defhost telecaster telecaster.jump)
-   (defhost stratocaster stratocaster.jump)
-   (defhost national national.linode)))
+   (defhost precision precision.dmz)
+   (defhost telecaster telecaster.dmz)
+   (defhost stratocaster stratocaster.dmz)
+   (defhost national national.linode)
+   (defhost eggle eggle.jump)))

 
 

-(defhost marshall marshall.jump)
+(defhost marshall marshall.dmz)

 (defhost mdwdev mdwdev.upn)
 
 ;;;----- That's all, folks --------------------------------------------------
 (defhost mdwdev mdwdev.upn)
 
 ;;;----- That's all, folks --------------------------------------------------