X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/zones/blobdiff_plain/aa4209550daaa475ad22fee854140c4178575cd0..HEAD:/odin.lisp

diff --git a/odin.lisp b/odin.lisp
index 73abae1..1c00cb7 100644
--- a/odin.lisp
+++ b/odin.lisp
@@ -8,11 +8,26 @@ (setf *default-zone-source* 'radius.distorted.org.uk.)
 
 (defzone odin.gg
 
-  ;; Nameservers
-  :ns ((radius-ns :ip radius)
-       (precision-ns :ip precision)
-       (telecaster-ns :ip telecaster)
-       (national-ns :ip national))
+  ;; Nameservers.  Sadly, the registry permits at most six.  Don't deploy
+  ;; `mythic-ns1' (Linode Texas, duplicates `national') or `mythic-ns2'
+  ;; (Mythic Beasts in Cambridge, too close to home0; `mythic-ns3' is in the
+  ;; Netherlands, which is a better choice.
+  :ns #+odin-glue
+      ((radius.ns :ip radius)
+       (precision.ns :ip precision)
+       (telecaster.ns :ip telecaster)
+       (national.ns :ip national)
+       (eggle.ns :ip eggle)
+       ;;(mythic-beasts-1.ns :ip mythic-ns1)
+       ;;(mythic-beasts-2.ns :ip mythic-ns2)
+       (mythic-beasts-3.ns :ip mythic-ns3))
+      #-odin-glue
+      (radius.distorted.org.uk.
+       precision.distorted.org.uk.
+       telecaster.distorted.org.uk.
+       national.distorted.org.uk.
+       eggle.distorted.org.uk.
+       ns3.mythic-beasts.com.)
 
   ;; Web service.
   ((@ www) :svc stratocaster
@@ -26,4 +41,10 @@ (defzone odin.gg
   ;; Mail servers
   :mx ((mail :ip stratocaster))
   :srv ((:smtp mail))
+  :spf ((:version "spf1")
+	(:pass :ip stratocaster.dmz)
+	(:soft :all))
+  (_dmarc :dmarc (:v "DMARC1"
+		  :p "quarantine" :sp "quarantine"
+		  :adkim "s" :aspf "s"))
   (_domainkey :dname stratocaster.dkim.distorted.org.uk.))