Commit | Line | Data |
---|---|---|
e80b4c2d MW |
1 | ;;; Zone file for distorted.org.uk |
2 | ||
b4d4c18b | 3 | (load "hosts.lisp" :verbose nil) |
e80b4c2d | 4 | |
b1d5c6c2 | 5 | ;;;-------------------------------------------------------------------------- |
aef7892b MW |
6 | ;;; Anycast services. |
7 | ||
8 | (defvar *anycast-routable-families* (list :ipv6)) | |
9 | ||
10 | (defzoneparse :anycast (name data rec :prefix prefix :zname zname) | |
11 | (destructuring-bind (any-provider default-provider &rest other-providers) | |
12 | data | |
13 | ||
14 | ;; First, the default address. If the anycast network is preferred then | |
15 | ;; this is easy; otherwise we have something complicated to do because | |
16 | ;; IPv6 anycast addresses are globally routable, while IPv4 ones aren't. | |
17 | (if (zone-preferred-subnet-p (car any-provider)) | |
18 | (zone-set-address #'rec (cdr any-provider) :make-ptr-p t) | |
6baf2de2 | 19 | (do-host (addr (cdr any-provider)) |
aef7892b MW |
20 | (let ((family (ipaddr-family addr))) |
21 | (if (member family *anycast-routable-families*) | |
22 | (zone-set-address #'rec addr | |
23 | :family family :make-ptr-p t) | |
24 | (zone-set-address #'rec (cdr default-provider) | |
25 | :family family :make-ptr-p nil))))) | |
26 | ||
27 | ;; Now for all of the others. | |
28 | (dolist (provider (list* any-provider default-provider other-providers)) | |
29 | (zone-set-address #'rec (cdr provider) | |
30 | :make-ptr-p (eq provider any-provider) | |
c9f96590 MW |
31 | :name (domain-name-concat prefix |
32 | (zone-parse-host | |
33 | (car provider) | |
34 | zname)))))) | |
aef7892b MW |
35 | |
36 | ;;;-------------------------------------------------------------------------- | |
07fe1e43 MW |
37 | ;;; Hostname abbreviations. |
38 | ||
39 | (defvar *abbrev-subdomain* | |
40 | (make-domain-name :labels '("abbrev") :absolutep nil)) | |
41 | (defparameter *abbrev-used* (make-hash-table :test #'equal)) | |
42 | ||
43 | (defzoneparse :abbrev (name data rec :zname zname) | |
44 | (let* ((domain (zone-parse-host data | |
45 | (domain-name-concat *abbrev-subdomain* | |
46 | zname))) | |
47 | (key (princ-to-string domain)) | |
48 | (existing (gethash key *abbrev-used*))) | |
49 | (when existing | |
50 | (error "Abbrev collision for ~A between ~A and ~A." | |
51 | domain existing name)) | |
52 | (setf (gethash key *abbrev-used*) name) | |
53 | (rec :name domain | |
54 | :type :cname | |
55 | :data name))) | |
56 | ||
57 | ;;;-------------------------------------------------------------------------- | |
b1d5c6c2 | 58 | ;;; Other definitions. |
e80b4c2d MW |
59 | |
60 | (setf *default-zone-admin* "hostmaster@distorted.org.uk") | |
2bc217e8 | 61 | |
ff6c53ad | 62 | (setf *default-zone-source* 'radius.distorted.org.uk.) |
e80b4c2d | 63 | |
b1d5c6c2 MW |
64 | ;;;-------------------------------------------------------------------------- |
65 | ;;; Main zone definition. | |
66 | ||
e80b4c2d | 67 | (defzone distorted.org.uk |
ec4898f9 | 68 | |
6ef39f28 | 69 | ;; Nameservers. |
981c9c20 MW |
70 | :ns ((radius.ns :ip radius) |
71 | (precision.ns :ip precision) | |
72 | (telecaster.ns :ip telecaster) | |
1a8dfbe2 | 73 | (national.ns :ip national) |
981c9c20 MW |
74 | #-view/inside (mythic-beasts-1.ns :ip mythic-ns1) |
75 | #-view/inside (mythic-beasts-2.ns :ip mythic-ns2) | |
fdcd43da | 76 | #-view/inside (mythic-beasts-3.ns :ip mythic-ns3) |
981c9c20 | 77 | #-view/inside (chiark.ns :ip chiark.greenend.org.uk)) |
ec4898f9 | 78 | |
2e7d3852 MW |
79 | ;; Certification. |
80 | :caa ((:issue "letsencrypt.org") | |
81 | (:issue "distorted.org.uk")) | |
82 | ||
6ef39f28 | 83 | ;; Mail servers. |
68db42b5 | 84 | ((@ mail blackhole) :mx mail :srv ((:smtp mail))) |
beb363e0 | 85 | ((bugs) :ttl 300 :mx lists :srv ((:smtp bugs))) |
68db42b5 | 86 | ((lists) :ttl 300 :mx lists :srv ((:smtp lists))) |
ec4898f9 | 87 | |
69bbb181 | 88 | (stratocaster.20140403._domainkey |
8d261a89 MW |
89 | :dkim ("stratocaster-20140403" |
90 | :v "DKIM1" :k "rsa" :h "sha256" :s "email")) | |
69bbb181 | 91 | |
06f1bb3f | 92 | ;; Anycast services. |
be5a78bf | 93 | (dns0 :anycast ((any dns0.any) (dmz radius.dmz) |
aef7892b | 94 | (unsafe radius.unsafe))) |
be5a78bf MW |
95 | (dns1 :anycast ((any dns1.any) (dmz precision.dmz) |
96 | (unsafe precision.unsafe))) | |
cfecfa5c MW |
97 | (dns :cname dns0) |
98 | ||
be5a78bf MW |
99 | (ntp0 :anycast ((any ntp0.any) (dmz ibanez.dmz) |
100 | (unsafe ibanez.unsafe))) | |
101 | (ntp1 :anycast ((any ntp1.any) (dmz fender.dmz) | |
102 | (unsafe fender.unsafe))) | |
cfecfa5c MW |
103 | (ntp :cname ntp0) |
104 | ||
be5a78bf MW |
105 | (www-cache :anycast ((any www-cache.any) (dmz telecaster.dmz) |
106 | (unsafe telecaster.unsafe))) | |
345c0f69 MW |
107 | (wpad :cname www-cache) |
108 | ||
cfecfa5c | 109 | (_kerberos :txt "DISTORTED.ORG.UK") |
be5a78bf MW |
110 | (krb0 :anycast ((any krb0.any) (dmz radius.dmz) |
111 | (unsafe radius.unsafe))) | |
112 | (krb1 :anycast ((any krb1.any) (dmz precision.dmz) | |
113 | (unsafe precision.unsafe))) | |
cfecfa5c MW |
114 | (krb-master (unsafe :svc radius.unsafe) |
115 | (dmz :svc radius.dmz)) | |
116 | :srv (((:kerberos :protocol :udp) | |
117 | krb0 | |
118 | (krb1 :prio 100)) | |
119 | ((:kerberos-master :protocol :udp :port 88) krb-master) | |
120 | (:kerberos-adm krb-master) | |
121 | ((:kpasswd :protocol :udp) krb-master)) | |
122 | (krb :cname krb0) | |
123 | ||
6ef39f28 | 124 | ;; Other services. |
96c2a692 MW |
125 | :srv ((:http www) |
126 | (:ftp ftp)) | |
ec4898f9 | 127 | |
be5a78bf MW |
128 | ;; Formerly colocated services. |
129 | ((irc vox keys wiki) (unsafe :svc jazz.unsafe :sshfp "jazz") | |
130 | (dmz :svc jazz.dmz :sshfp "jazz")) | |
270fa799 | 131 | ((irc vox keys wiki) :tlsa (:https (:service-certificate-constraint |
15cca8c6 | 132 | :public-key :sha-256 #p"https-jazz"))) |
be5a78bf MW |
133 | ((bugs lists db ftp) (unsafe :svc telecaster.unsafe :sshfp "telecaster") |
134 | (dmz :svc telecaster.dmz :sshfp "telecaster")) | |
40832d80 MW |
135 | ((bugs lists ftp) :tlsa (:https #3=(:service-certificate-constraint |
136 | :public-key :sha-256 | |
137 | #p"https-telecaster"))) | |
be5a78bf MW |
138 | (dyndns :svc telecaster.dmz :sshfp "telecaster") |
139 | ((git www mail) (unsafe :svc stratocaster.unsafe :sshfp "stratocaster") | |
140 | (dmz :svc stratocaster.dmz :sshfp "stratocaster")) | |
40832d80 MW |
141 | ((www git mail @) :tlsa (:https #2=(:service-certificate-constraint |
142 | :public-key :sha-256 | |
143 | #p"https-stratocaster"))) | |
5a8c792f MW |
144 | (www-cache :tlsa (3127 #1=(:trust-anchor-assertion |
145 | :certificate :sha-256 #p"distorted-ca"))) | |
e30dcd9f | 146 | (mail :tlsa ((:submission :imap :imaps) #1#)) |
b868d3f4 MW |
147 | (mail :tlsa (:smtp |
148 | #+view/inside #1# | |
149 | #-view/inside (:domain-issued-certificate | |
150 | :public-key :sha-256 | |
151 | #p"smtps-stratocaster"))) | |
152 | ((bugs lists) :tlsa (:smtp | |
153 | #+view/inside #1# | |
154 | #-view/inside (:domain-issued-certificate | |
155 | :public-key :sha-256 | |
156 | #p"smtps-telecaster"))) | |
be5a78bf MW |
157 | :svc #+view/inside stratocaster.unsafe |
158 | #-view/inside stratocaster.dmz | |
159 | (cabal :svc stratocaster.dmz :sshfp "stratocaster") | |
4c25329e | 160 | |
6ef39f28 | 161 | ;; Local services. |
77fbb917 | 162 | (rawk (unsafe :svc artist.unsafe) (dmz :svc artist.dmz)) |
c0e64dd8 MW |
163 | (rawk :tlsa (:https (:service-certificate-constraint |
164 | :public-key :sha-256 | |
165 | #p"https-artist"))) | |
f5c3343e | 166 | (mirror (dmz :svc roadstar.dmz :sshfp "roadstar") |
8d261a89 | 167 | (unsafe :svc roadstar.unsafe :sshfp "roadstar")) |
ec4898f9 | 168 | |
6ef39f28 | 169 | ;; Internal services. |
ccc6ea89 | 170 | ((news lpr) :svc roadstar.unsafe :sshfp "roadstar") |
ec4898f9 | 171 | |
04db9729 | 172 | ;; Anonymity services. |
be5a78bf MW |
173 | (anon (dmz :svc anon.dmz) |
174 | (unsafe :svc jazz.unsafe)) | |
04db9729 | 175 | |
85a3496c | 176 | ;; Fancy connectivity. |
be5a78bf MW |
177 | (iodine (dmz :svc jazz.dmz)) |
178 | (hippotat (dmz :svc jazz.dmz)) | |
179 | ||
180 | ;; Formerly colocated hosts. | |
181 | (fender :abbrev f (unsafe :abbrev fu) (dmz :abbrev fd)) | |
182 | (fender (unsafe :addr fender.unsafe :sshfp "fender") | |
183 | (dmz :addr fender.dmz :sshfp "fender")) | |
184 | (precision :abbrev p (unsafe :abbrev pu) (dmz :abbrev pd) (vpn :abbrev pv)) | |
185 | (precision (unsafe :addr precision.unsafe :sshfp "precision") | |
186 | (dmz :addr precision.dmz :sshfp "precision") | |
187 | (vpn :addr precision.vpn :sshfp "precision")) | |
07fe1e43 | 188 | (telecaster :alias tele :abbrev t |
be5a78bf MW |
189 | (unsafe :alias tele.unsafe :abbrev tu) |
190 | (dmz :alias tele.dmz :abbrev td)) | |
191 | (telecaster (unsafe :addr telecaster.unsafe :sshfp "telecaster") | |
192 | (dmz :addr telecaster.dmz :sshfp "telecaster")) | |
07fe1e43 | 193 | (stratocaster :alias strat :abbrev s |
be5a78bf MW |
194 | (unsafe :alias strat.unsafe :abbrev su) |
195 | (dmz :alias strat.dmz :abbrev sd)) | |
196 | (stratocaster (unsafe :addr stratocaster.unsafe :sshfp "stratocaster") | |
197 | (dmz :addr stratocaster.dmz :sshfp "stratocaster")) | |
198 | (jazz :abbrev z (unsafe :abbrev zu) (dmz :abbrev zd) (vpn :abbrev :zv)) | |
199 | (jazz (unsafe :addr jazz.unsafe :sshfp "jazz") | |
200 | (dmz :addr jazz.dmz :sshfp "jazz") | |
aa779726 | 201 | (vpn :addr jazz.vpn :sshfp "jazz") |
df1d9fe1 MW |
202 | (iodine :addr jazz.iodine :sshfp "jazz") |
203 | (hippo :addr jazz.hippo :sshfp "jazz")) | |
38c2de7c | 204 | |
b577b999 | 205 | ;; Virtual hosts. |
be5a78bf | 206 | (national :abbrev n (linode :abbrev nl) (upn :abbrev ny)) |
b577b999 | 207 | (national (linode :addr national.linode) |
be5a78bf MW |
208 | (upn :addr national.upn)) |
209 | (mdwdev (upn :addr mdwdev.upn)) | |
b577b999 | 210 | |
e8ba93bc | 211 | ;; Nicko's servers. |
be5a78bf MW |
212 | (richmond (dmz :svc richmond.dmz)) |
213 | (marshall (dmz :svc marshall.dmz)) | |
a20ec58c | 214 | |
76e1e45a MW |
215 | ;; Entry is via little router box. |
216 | (dmz :net dmz) | |
f5c3343e MW |
217 | (guvnor (dmz :addr guvnor.dmz)) |
218 | (nat (dmz :addr nat.dmz)) | |
76e1e45a | 219 | |
327c80f3 | 220 | ;; Wireless access points. |
76e1e45a MW |
221 | (wireless :net wireless) |
222 | (evolution (safe :addr evolution.safe)) | |
223 | (evolution :alias evo) | |
25679b6d | 224 | (kitkat :alias ap0) |
327c80f3 | 225 | (kitkat (safe :addr kitkat.safe)) |
25679b6d | 226 | (lunch :alias ap1) |
327c80f3 | 227 | (lunch (safe :addr lunch.safe)) |
f233386b MW |
228 | |
229 | ;; Printer. | |
af319f47 | 230 | (burntaxe :alias lp0) |
32926f3b | 231 | (burntaxe (safe :addr burntaxe.safe)) |
76e1e45a | 232 | |
f8f3b283 | 233 | ;; Switches. |
c32d96fa MW |
234 | (grigsby :alias tp0) |
235 | (grigsby (safe :addr grigsby.safe)) | |
236 | (carling :alias tp1) | |
237 | (carling (safe :addr carling.safe)) | |
238 | (tritan :alias tp2) | |
239 | (tritan (safe :addr tritan.safe)) | |
f8f3b283 | 240 | |
6ef39f28 | 241 | ;; Wired ethernet. |
04d65182 MW |
242 | (unsafe :net unsafe) |
243 | (safe :net safe) | |
244 | (untrusted :net untrusted) | |
07fe1e43 | 245 | (vampire :abbrev v |
be5a78bf | 246 | (unsafe :abbrev vu) (dmz :abbrev vd) (vpn :abbrev vv) |
f5c3343e | 247 | (safe :abbrev vs) (untrusted :abbrev vx)) |
c3997955 MW |
248 | (vampire (unsafe :addr vampire.unsafe :sshfp "vampire") |
249 | (dmz :addr vampire.dmz :sshfp "vampire") | |
aa779726 | 250 | (vpn :addr vampire.vpn :sshfp "vampire") |
c3997955 MW |
251 | (safe :addr vampire.safe :sshfp "vampire") |
252 | (untrusted :addr vampire.untrusted :sshfp "vampire")) | |
f5c3343e | 253 | (ibanez :abbrev i (unsafe :abbrev iu) (dmz :abbrev id)) |
c3997955 MW |
254 | (ibanez (unsafe :addr ibanez.unsafe :sshfp "ibanez") |
255 | (dmz :addr ibanez.dmz :sshfp "ibanez")) | |
07fe1e43 | 256 | (radius :abbrev r |
be5a78bf | 257 | (unsafe :abbrev ru) (dmz :abbrev rd) (vpn :abbrev rv) |
f5c3343e | 258 | (safe :abbrev rs) (untrusted :abbrev rx)) |
c3997955 MW |
259 | (radius (unsafe :addr radius.unsafe :sshfp "radius") |
260 | (dmz :addr radius.dmz :sshfp "radius") | |
aa779726 | 261 | (vpn :addr radius.vpn :sshfp "radius") |
c3997955 MW |
262 | (safe :addr radius.safe :sshfp "radius") |
263 | (untrusted :addr radius.untrusted :sshfp "radius")) | |
f5c3343e | 264 | (roadstar :abbrev rg (unsafe :abbrev rgu) (dmz :abbrev rgd)) |
c3997955 MW |
265 | (roadstar (unsafe :addr roadstar.unsafe :sshfp "roadstar") |
266 | (dmz :addr roadstar.dmz :sshfp "roadstar")) | |
f5c3343e | 267 | (jem :abbrev j (unsafe :abbrev ju) (dmz :abbrev jd)) |
c3997955 MW |
268 | (jem (unsafe :addr jem.unsafe :sshfp "jem") |
269 | (dmz :addr jem.dmz :sshfp "jem")) | |
f5c3343e | 270 | (universe :abbrev u (unsafe :abbrev uu) (dmz :abbrev ud)) |
664e6cf9 MW |
271 | (universe (unsafe :addr universe.unsafe :sshfp "universe") |
272 | (dmz :addr universe.dmz :sshfp "universe")) | |
07fe1e43 | 273 | (artist :abbrev a |
f5c3343e | 274 | (unsafe :abbrev au) (dmz :abbrev ad) (untrusted :abbrev ax)) |
c3997955 MW |
275 | (artist (unsafe :addr artist.unsafe :sshfp "artist") |
276 | (dmz :addr artist.dmz :sshfp "artist") | |
277 | (untrusted :addr artist.untrusted :sshfp "artist")) | |
25d23a91 | 278 | (groove :abbrev gr |
be5a78bf | 279 | (vpn :abbrev grv) (unsafe :abbrev gru)) |
bda4d30e | 280 | (groove (vpn :addr groove.vpn :sshfp "groove") |
bda4d30e | 281 | (unsafe :addr groove.unsafe :sshfp "groove")) |
ec4898f9 | 282 | |
ff6c53ad | 283 | ;; DHCP hosts. |
07fe1e43 | 284 | (gibson :cname gibson.dhcp :abbrev g) |
4b5e05ad MW |
285 | (lespaul :cname lespaul.dhcp) |
286 | (firebird :cname firebird.dhcp) | |
aa4d55b1 MW |
287 | (marauder :cname marauder.dhcp) |
288 | (invader :cname invader.dhcp) | |
098020ad | 289 | (gretsch :cname gretsch.dhcp) |
ec4898f9 | 290 | |
6ef39f28 | 291 | ;; Virtual network. |
be5a78bf | 292 | (vpn :net vpn) |
07fe1e43 | 293 | (crybaby :abbrev cb) |
df1d9fe1 MW |
294 | (crybaby (vpn :addr crybaby.vpn :sshfp "crybaby") |
295 | (hippo :addr crybaby.hippo :sshfp "crybaby")) | |
e8d49c40 MW |
296 | (spirit (vpn :addr spirit.vpn :sshfp "spirit") |
297 | (hippo :addr spirit.hippo :sshfp "spirit")) | |
c3997955 | 298 | (terror (vpn :addr terror.vpn :sshfp "terror")) |
07fe1e43 | 299 | (orange :abbrev o) |
be5a78bf | 300 | (orange (vpn :addr orange.vpn :sshfp "orange")) |
07fe1e43 | 301 | (haze :abbrev h) |
be5a78bf | 302 | (haze (vpn :addr haze.vpn :sshfp "haze")) |
fc0ce2ed | 303 | (iodine :net iodine) |
df1d9fe1 | 304 | (hippo :net hippo) |
ec4898f9 | 305 | |
6ef39f28 | 306 | ;; ITS. |
b1d5c6c2 | 307 | (its :net its) |
c3997955 MW |
308 | (gw (its :addr gw.its)) |
309 | (mz (its :addr mz.its)) | |
ec4898f9 | 310 | |
c2118713 | 311 | ;; Strange things. |
be5a78bf | 312 | (blackhole (dmz :addr blackhole.dmz)) |
c2118713 | 313 | |
6ef39f28 | 314 | ;; Delegations. |
f0209b9c MW |
315 | (dhcp :ns ((radius.ns.dhcp :ip radius) |
316 | (precision.ns.dhcp :ip precision) | |
1a8dfbe2 MW |
317 | (telecaster.ns.dhcp :ip telecaster) |
318 | (national.ns.dhcp :ip national)) | |
3f954bac MW |
319 | :ds ((55966 :rsasha256 :sha1 |
320 | "95b05c1f4e84f950f29630004bac447f8a87ca33") | |
321 | (55966 :rsasha256 :sha256 | |
322 | #.(concatenate 'string "31696bf54b577362b2eb75793adeb9ec" | |
323 | "2e8440ec671371b35d8d978cd9ca3007")))) | |
49c5f8ff MW |
324 | (dyn :ns ((radius.ns.dyn :ip radius) |
325 | (precision.ns.dyn :ip precision) | |
1a8dfbe2 MW |
326 | (telecaster.ns.dyn :ip telecaster) |
327 | (national.ns.dyn :ip national)) | |
3f954bac MW |
328 | :ds ((11335 :rsasha256 :sha1 |
329 | "7ed2b843b0bfb38ceca68617dfacbeafab1d1ea9") | |
330 | (11335 :rsasha256 :sha256 | |
331 | #.(concatenate 'string "6eb15eb587c48f5b84ca128a656a4cce" | |
332 | "0a41cf040d3d0f15a44dffd6476b2b55")))) | |
0262908f | 333 | (dnserr :ns ((radius.ns.dnserr :ip radius.dmz) |
be5a78bf MW |
334 | (precision.ns.dnserr :ip precision.dmz) |
335 | (telecaster.ns.dnserr :ip telecaster.dmz) | |
2831cef5 | 336 | (national.ns.dnserr :ip national.linode)) |
3f954bac MW |
337 | :ds ((40945 :rsasha256 :sha1 |
338 | "f35b5d0b877b940e63ad1b3afc21d6ba83cd1b3b") | |
339 | (40945 :rsasha256 :sha256 | |
340 | #.(concatenate 'string "fb171d206d4d64c5a7a6c290ce6e20df" | |
341 | "44f1db7f41e2260f1fe8d7c55d524c11")))) | |
5b39cda9 MW |
342 | (io :ns ((ns.io :ip jazz.dmz))) |
343 | (play :ns (radius.ns precision.ns telecaster.ns national.ns))) | |
b1d5c6c2 MW |
344 | |
345 | ;;;-------------------------------------------------------------------------- | |
346 | ;;; Other subsidiary zones. | |
e80b4c2d | 347 | |
d21175f4 | 348 | #+view/outside |
55f161b6 | 349 | (defzone dhcp.distorted.org.uk |
a1ab9d7e | 350 | :ns ((radius.ns :ip radius.dmz) |
be5a78bf MW |
351 | (precision.ns :ip precision.dmz) |
352 | (telecaster.ns :ip telecaster.dmz) | |
1a8dfbe2 | 353 | (national.ns :ip national.linode)) |
55f161b6 | 354 | (gibson :addr gibson.unsafe) |
812706bd | 355 | (crybaby :addr crybaby.unsafe) |
2d7b9fe6 | 356 | (lespaul :addr lespaul.unsafe) |
3e38779f | 357 | (gretsch :addr gretsch.unsafe) |
e8d49c40 | 358 | (spirit :addr spirit.unsafe) |
3e38779f | 359 | (haze :addr haze.unsafe) |
55f161b6 | 360 | (invader :addr invader.safe) |
3e38779f | 361 | (marauder :addr marauder.safe)) |
55f161b6 | 362 | |
d21175f4 | 363 | #+view/outside |
8b063560 | 364 | (defzone (dyn.distorted.org.uk :source telecaster.distorted.org.uk.) |
424ccd8a | 365 | :ns ((radius.ns :ip radius) |
424ccd8a MW |
366 | (precision.ns :ip precision) |
367 | (telecaster.ns :ip telecaster) | |
368 | (national.ns :ip national))) | |
369 | ||
d21175f4 | 370 | #+view/outside |
c1f47051 | 371 | (defzone nicko.org |
be5a78bf | 372 | (richmond :addr richmond.dmz)) |
c1f47051 | 373 | |
e80b4c2d | 374 | (defrevzone trusted |
8aa87005 MW |
375 | :ns (radius.distorted.org.uk. |
376 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
377 | telecaster.distorted.org.uk. |
378 | national.distorted.org.uk.) | |
b59ce50d MW |
379 | :reverse unsafe |
380 | :reverse vpn | |
b59ce50d | 381 | :reverse its |
345c0f69 | 382 | :reverse any |
8aa87005 MW |
383 | (dhcp :ns (radius.distorted.org.uk. |
384 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
385 | telecaster.distorted.org.uk. |
386 | national.distorted.org.uk.)) | |
3503589d | 387 | :multi (((dhcp safe) :family :ipv4 :suffix "199.29.172.dhcp") :cname *)) |
b3f75214 | 388 | |
d21175f4 | 389 | #+view/outside |
f5c3343e | 390 | (defzone dhcp.199.29.172.in-addr.arpa |
8aa87005 MW |
391 | :ns (radius.distorted.org.uk. |
392 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
393 | telecaster.distorted.org.uk. |
394 | national.distorted.org.uk.)) | |
b29264c5 | 395 | |
f5c3343e | 396 | (defrevzone untrusted |
b29264c5 MW |
397 | :ns (radius.distorted.org.uk. |
398 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
399 | telecaster.distorted.org.uk. |
400 | national.distorted.org.uk.)) | |
b29264c5 | 401 | |
7c0d1761 MW |
402 | (defzone 128-143.238.187.81.in-addr.arpa |
403 | :ns (radius.distorted.org.uk. | |
404 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
405 | telecaster.distorted.org.uk. |
406 | national.distorted.org.uk. | |
407 | secondary-dns.co.uk.) | |
f5c3343e | 408 | :reverse ((((:ipv4 dmz))))) |
7c0d1761 | 409 | |
bda4d30e MW |
410 | (defzone 64-79.12.169.217.in-addr.arpa |
411 | :ns (radius.distorted.org.uk. | |
bda4d30e MW |
412 | precision.distorted.org.uk. |
413 | telecaster.distorted.org.uk. | |
414 | national.distorted.org.uk. | |
415 | secondary-dns.co.uk.) | |
416 | :reverse ((((:ipv4 dmz1))))) | |
417 | ||
7c0d1761 MW |
418 | (defzone 195.113.2.81.in-addr.arpa |
419 | :ns (radius.distorted.org.uk. | |
420 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
421 | telecaster.distorted.org.uk. |
422 | national.distorted.org.uk. | |
423 | secondary-dns.co.uk.) | |
f5c3343e | 424 | :reverse ((((:ipv4 gw))))) |
7c0d1761 | 425 | |
f5c3343e | 426 | (defrevzone (distorted.org.uk-aaisp :family :ipv6) |
7c0d1761 MW |
427 | :ns (radius.distorted.org.uk. |
428 | precision.distorted.org.uk. | |
1a8dfbe2 MW |
429 | telecaster.distorted.org.uk. |
430 | national.distorted.org.uk. | |
431 | secondary-dns.co.uk.) | |
b0eb5b79 | 432 | (0.7.3.6.8.6.4.6.1.0.0.0 :ns (radius.distorted.org.uk. |
b0eb5b79 MW |
433 | precision.distorted.org.uk. |
434 | telecaster.distorted.org.uk. | |
435 | national.distorted.org.uk.)) | |
f5c3343e | 436 | :reverse ((((:ipv6 distorted.org.uk-aaisp))))) |
7c0d1761 | 437 | |
b0eb5b79 MW |
438 | (defrevzone (dhcp :family :ipv6) |
439 | :ns (radius.distorted.org.uk. | |
b0eb5b79 MW |
440 | precision.distorted.org.uk. |
441 | telecaster.distorted.org.uk. | |
442 | national.distorted.org.uk.)) | |
443 | ||
d21175f4 | 444 | #+view/outside |
995d75b4 | 445 | (defzone io.distorted.org.uk |
be5a78bf | 446 | :ns ((ns :ip jazz.dmz)) |
995d75b4 MW |
447 | (about :txt "Fake zone used for IP-over-DNS tunnelling.")) |
448 | ||
b1d5c6c2 | 449 | ;;;----- That's all, folks -------------------------------------------------- |