X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/zones/blobdiff_plain/aa4209550daaa475ad22fee854140c4178575cd0..9d1c60e5e47cfb098d81a04e65b33e1307787ee4:/distorted.lisp?ds=sidebyside

diff --git a/distorted.lisp b/distorted.lisp
index 604e93d..9b6e798 100644
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -82,10 +82,19 @@ (defzone distorted.org.uk
 
   ;; Mail servers.
   ((@ mail blackhole) :mx mail :srv ((:smtp mail)))
-  ((bugs) :ttl 300 :mx lists :srv ((:smtp bugs)))
-  ((lists) :ttl 300 :mx lists :srv ((:smtp lists)))
+  (bugs :mx lists :srv ((:smtp bugs)))
+  (lists :mx lists :srv ((:smtp lists)))
+  (_dmarc :dmarc (:v "DMARC1"
+		  :p "quarantine" :sp "quarantine"
+		  :adkim "s" :aspf "s"))
   ((_domainkey _domainkey.mail) :dname stratocaster.dkim)
+  ((stratocaster @ mail) :spf ((:version "spf1")
+			       (:pass :ip stratocaster.dmz)
+			       (:soft :all)))
   ((_domainkey.bugs _domainkey.lists) :dname telecaster.dkim)
+  ((telecaster bugs lists) :spf ((:version "spf1")
+				 (:pass :ip telecaster.dmz)
+				 (:soft :all)))
 
   ;; Anycast services.
   (dns0 :anycast ((any dns0.any) (dmz radius.dmz)
@@ -202,8 +211,9 @@ (defzone distorted.org.uk
 
   ;; Virtual hosts.
   (national :abbrev n (linode :abbrev nl) (upn :abbrev ny))
-  (national (linode :addr national.linode)
-	    (upn :addr national.upn))
+  (national (linode :addr national.linode) (upn :addr national.upn))
+  (eggle :abbrev e (jump :abbrev ej) (upn :abbrev ey))
+  (eggle (jump :addr eggle.jump) (upn :addr eggle.upn))
   (mdwdev (upn :addr mdwdev.upn))
 
   ;; Nicko's servers.
@@ -342,9 +352,9 @@ (defzone distorted.org.uk
 	(precision.ns.stratocaster.dkim :ip precision.dmz)
 	(telecaster.ns.stratocaster.dkim :ip telecaster.dmz)
 	(national.ns.stratocaster.dkim :ip national.linode)
-	#+later (mythic-beasts-1.ns.stratocaster.dkim :ip mythic-ns1)
-	#+later (mythic-beasts-2.ns.stratocaster.dkim :ip mythic-ns2)
-	#+later (mythic-beasts-3.ns.stratocaster.dkim :ip mythic-ns3))
+	(mythic-beasts-1.ns.stratocaster.dkim :ip mythic-ns1)
+	(mythic-beasts-2.ns.stratocaster.dkim :ip mythic-ns2)
+	(mythic-beasts-3.ns.stratocaster.dkim :ip mythic-ns3))
    :ds ((24577 :rsasha256 :sha1
 	 "d06847c01e19098509a8d07a9aafaceff532c9c7")
 	(24577 :rsasha256 :sha256
@@ -355,9 +365,9 @@ (defzone distorted.org.uk
 	(precision.ns.telecaster.dkim :ip precision.dmz)
 	(telecaster.ns.telecaster.dkim :ip telecaster.dmz)
 	(national.ns.telecaster.dkim :ip national.linode)
-	#+later (mythic-beasts-1.ns.telecaster.dkim :ip mythic-ns1)
-	#+later (mythic-beasts-2.ns.telecaster.dkim :ip mythic-ns2)
-	#+later (mythic-beasts-3.ns.telecaster.dkim :ip mythic-ns3))
+	(mythic-beasts-1.ns.telecaster.dkim :ip mythic-ns1)
+	(mythic-beasts-2.ns.telecaster.dkim :ip mythic-ns2)
+	(mythic-beasts-3.ns.telecaster.dkim :ip mythic-ns3))
    :ds ((38896 :rsasha256 :sha1
 	 "2c2daea658784e22c46bf9e86da67def1e34cf40")
 	(38896 :rsasha256 :sha256
@@ -371,10 +381,10 @@ (defzone distorted.org.uk
 
 #+view/outside
 (defzone dhcp.distorted.org.uk
-  :ns ((radius.ns :ip radius.dmz)
-       (precision.ns :ip precision.dmz)
-       (telecaster.ns :ip telecaster.dmz)
-       (national.ns :ip national.linode))
+  :ns ((radius.ns :ip radius)
+       (precision.ns :ip precision)
+       (telecaster.ns :ip telecaster)
+       (national.ns :ip national))
   (gibson :addr gibson.unsafe)
   (crybaby :addr crybaby.unsafe)
   (lespaul :addr lespaul.unsafe)
@@ -397,22 +407,22 @@ (defzone nicko.org
 
 #+view/outside
 (defzone stratocaster.dkim.distorted.org.uk
-  :ns ((radius.ns :ip radius.dmz)
-       (precision.ns :ip precision.dmz)
-       (telecaster.ns :ip telecaster.dmz)
-       (national.ns :ip national.linode)
-       #+later (mythic-beasts-1.ns :ip mythic-ns1)
-       #+later (mythic-beasts-2.ns :ip mythic-ns2)
-       #+later (mythic-beasts-3.ns :ip mythic-ns3)))
+  :ns ((radius.ns :ip radius)
+       (precision.ns :ip precision)
+       (telecaster.ns :ip telecaster)
+       (national.ns :ip national)
+       (mythic-beasts-1.ns :ip mythic-ns1)
+       (mythic-beasts-2.ns :ip mythic-ns2)
+       (mythic-beasts-3.ns :ip mythic-ns3)))
 #+view/outside
 (defzone telecaster.dkim.distorted.org.uk
-  :ns ((radius.ns :ip radius.dmz)
-       (precision.ns :ip precision.dmz)
-       (telecaster.ns :ip telecaster.dmz)
-       (national.ns :ip national.linode)
-       #+later (mythic-beasts-1.ns :ip mythic-ns1)
-       #+later (mythic-beasts-2.ns :ip mythic-ns2)
-       #+later (mythic-beasts-3.ns :ip mythic-ns3)))
+  :ns ((radius.ns :ip radius)
+       (precision.ns :ip precision)
+       (telecaster.ns :ip telecaster)
+       (national.ns :ip national)
+       (mythic-beasts-1.ns :ip mythic-ns1)
+       (mythic-beasts-2.ns :ip mythic-ns2)
+       (mythic-beasts-3.ns :ip mythic-ns3)))
 
 (defrevzone trusted
   :ns (radius.distorted.org.uk.
@@ -478,6 +488,13 @@ (defrevzone (distorted.org.uk-aaisp :family :ipv6)
 				national.distorted.org.uk.))
   :reverse ((((:ipv6 distorted.org.uk-aaisp)))))
 
+(defrevzone jump-ipv6
+  :ns (radius.distorted.org.uk.
+       precision.distorted.org.uk.
+       telecaster.distorted.org.uk.
+       national.distorted.org.uk.)
+  :reverse ((((:ipv6 jump-ipv6)))))
+
 (defrevzone (dhcp :family :ipv6)
   :ns (radius.distorted.org.uk.
        precision.distorted.org.uk.