;;; Zone file for distorted.org.uk

(load "hosts.lisp" :verbose nil)

;;;--------------------------------------------------------------------------
;;; Network allocations
;;; (RFC1918 addresses are allocated from Cambridge G-RIN.)

(defnet inet 62.49.204.144/28)

(defnet distorted.org.uk 172.29.198.0/23
  (untrusted 256
    (wireless 128)
    (iodine 16))
  (trusted 256
    (fretwank 128
      (unsafe 32)
      (dhcp 32)
      (safe 32))
    (virtual 32)
    (its 4)))

;;;--------------------------------------------------------------------------
;;; Host allocations

;; External addresses.
(defhost guvnor.inet (inet 1))
(defhost radius.inet (inet 2))
(defhost roadstar.inet (inet 3))
(defhost jem.inet (inet 4))
(defhost artist.inet (inet 5))
(defhost vampire.inet (inet 6))
(defhost ibanez.inet (inet 9))
(defhost gate.inet (inet 13))
(defhost nat.inet (inet 14))

;; Unsafe network.
(defhost radius (unsafe 1))
(defhost roadstar (unsafe 2))
(defhost jem (unsafe 3))
(defhost artist (unsafe 4))
(defhost vampire (unsafe 5))
(defhost ibanez (unsafe 14))

;; Safe network.
(defhost tubescreamer (safe 1))
(defhost obsidian (safe 2))

;; Wireless network.
(defhost radius.untrusted (untrusted 1))
(defhost evolution (untrusted 2))
(defhost vampire.untrusted (untrusted 3))

;; Virtual private network.
(defhost crybaby (virtual 1))
(defhost terror (virtual 2))

;; Iodine network.
(defhost vampire.iodine (iodine 1))

;; Special network for ITS.
;; It doesn't understand point-to-point links, so we need a little net.
(defhost gw (its 1))
(defhost mz (its 2))

;;;--------------------------------------------------------------------------
;;; Other definitions.

(setf *default-zone-admin* "hostmaster@distorted.org.uk")

(setf *default-zone-source* 'vampire.distorted.org.uk.)
(preferred-subnet-case
  (fretwank
   (defhost www-frontend vampire)
   (defhost dns-frontend vampire))
  (t
   (defhost www-frontend vampire.inet)
   (defhost dns-frontend vampire.inet)))

;;;--------------------------------------------------------------------------
;;; Main zone definition.

(defzone distorted.org.uk
  ;;
  ;; Nameservers.
  :ns #+subnet/fretwank ((vampire.ns :ip vampire))
      #-subnet/fretwank ((mythic-beasts-1.ns :ip mythic-ns1)
			 (mythic-beasts-2.ns :ip mythic-ns2)
			 (chiark.ns :ip chiark.greenend.org.uk)
			 (radius.ns :ip radius.inet)
			 (vampire.ns :ip vampire.inet))
  ;;
  ;; Mail servers.
  ((@ mail lists bugs cryptomail)
   :mx mail
   :srv ((:smtp mail)))
  ;;
  ;; Other services.
  :srv ((:http www)
	(:ftp ftp))
  ;;
  ;; Entry is via little router box.
  (inet :net inet)
  (guvnor (inet :a guvnor.inet) (fretwank :svc gate.inet))
  (gate (inet :a gate.inet))
  (nat (inet :a nat.inet))
  ;;
  ;; Wireless gateway.
  (untrusted :net untrusted)
  (evolution (untrusted :a evolution))
  ;;
  ;; Local services.
  (@ :svc www-frontend)
  ((www ftp wiki git bugs mail db tor i2p rawk vox www-cache)
   (inet :svc vampire.inet)
   (fretwank :svc vampire))
  ;;
  ;; Internal services.
  ((ntp) (fretwank :svc ibanez))
  ((wpad ntp1 news) (fretwank :svc vampire))
  ;;
  ;; Wired ethernet.
  (fretwank :net fretwank)
  (vampire (fretwank :a vampire)
	   (inet :a vampire.inet)
	   (untrusted :a vampire.untrusted)
	   (iodine :a vampire.iodine))
  (obsidian (fretwank :a obsidian))
  (ibanez (fretwank :a ibanez)
	  (inet :a ibanez.inet))
  (radius (fretwank :a radius)
	  (inet :a radius.inet)
	  (untrusted :a radius.untrusted))
  (roadstar (fretwank :a roadstar)
	    (inet :a roadstar.inet))
  (jem (fretwank :a jem)
       (inet :a jem.inet))
  (artist (fretwank :a artist)
	  (inet :a artist.inet))
  (gibson :cname gibson.dhcp)
  (lespaul :cname lespaul.dhcp)
  (firebird :cname firebird.dhcp)
  (marauder :cname marauder.dhcp)
  (invader :cname invader.dhcp)
  ;;
  ;; Virtual network.
  (virtual :net virtual)
  (crybaby (virtual :a crybaby))
  (terror (virtual :a terror))
  (iodine :net iodine)
  ;;
  ;; ITS.
  (its :net its)
  (gw (its :a gw))
  (mz (its :a mz))
  ;;
  ;; Delegations.
  #+subnet/fretwank (dhcp :ns (vampire.ns))
  (io :ns ((ns.io :ip dns-frontend))))

;;;--------------------------------------------------------------------------
;;; Other subsidiary zones.

(defrevzone trusted
  :ns ((vampire.ns :ip vampire))
  :reverse trusted
  #+subnet/fretwank (dhcp :ns (metalzone.ns vampire.ns))
  #+subnet/fretwank (@ :cidr-delegation
		       (dhcp
			(dhcp 199.29.172.dhcp.199.29.172.in-addr.arpa))))

(defrevzone untrusted
  :ns ((vampire.ns :ip vampire))
  :reverse untrusted)

(defrevzone inet
  :reverse inet)

(defzone dhcp.distorted.org.uk
  :ns ((vampire.ns :ip vampire))
  :net dhcp)

(defzone io.distorted.org.uk
  :ns ((ns :ip dns-frontend))
  (about :txt "Fake zone used for IP-over-DNS tunnelling."))

(defzone dhcp.199.29.172.in-addr.arpa
  :ns ((vampire.ns :ip vampire)))

;;;----- That's all, folks --------------------------------------------------