~mdw
/
zones
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
distorted.lisp: Publish a TLSA record for `rawk'.
[zones]
/
distorted.lisp
diff --git
a/distorted.lisp
b/distorted.lisp
index
9ce7fa8
..
88c9bd2
100644
(file)
--- a/
distorted.lisp
+++ b/
distorted.lisp
@@
-74,8
+74,13
@@
#+view/inside (vampire.ns :ip vampire)
#-view/inside (mythic-beasts-1.ns :ip mythic-ns1)
#-view/inside (mythic-beasts-2.ns :ip mythic-ns2)
#+view/inside (vampire.ns :ip vampire)
#-view/inside (mythic-beasts-1.ns :ip mythic-ns1)
#-view/inside (mythic-beasts-2.ns :ip mythic-ns2)
+ #-view/inside (mythic-beasts-3.ns :ip mythic-ns3)
#-view/inside (chiark.ns :ip chiark.greenend.org.uk))
#-view/inside (chiark.ns :ip chiark.greenend.org.uk))
+ ;; Certification.
+ :caa ((:issue "letsencrypt.org")
+ (:issue "distorted.org.uk"))
+
;; Mail servers.
((@ mail blackhole) :mx mail :srv ((:smtp mail)))
((bugs) :ttl 300 :mx lists :srv ((:smtp bugs)))
;; Mail servers.
((@ mail blackhole) :mx mail :srv ((:smtp mail)))
((bugs) :ttl 300 :mx lists :srv ((:smtp bugs)))
@@
-163,7
+168,10
@@
(cabal :svc stratocaster.colo :sshfp "stratocaster")
;; Local services.
(cabal :svc stratocaster.colo :sshfp "stratocaster")
;; Local services.
- ((rawk pifi) (unsafe :svc artist.unsafe) (dmz :svc artist.dmz))
+ (rawk (unsafe :svc artist.unsafe) (dmz :svc artist.dmz))
+ (rawk :tlsa (:https (:service-certificate-constraint
+ :public-key :sha-256
+ #p"https-artist")))
(mirror (dmz :svc roadstar.dmz :sshfp "roadstar")
(unsafe :svc roadstar.unsafe :sshfp "roadstar"))
(mirror (dmz :svc roadstar.dmz :sshfp "roadstar")
(unsafe :svc roadstar.unsafe :sshfp "roadstar"))
@@
-178,6
+186,7
@@
;; Fancy connectivity.
(iodine (jump :svc jazz.jump))
;; Fancy connectivity.
(iodine (jump :svc jazz.jump))
+ (hippotat (jump :svc jazz.jump))
;; Colocated hosts.
(colo :net colo)
;; Colocated hosts.
(colo :net colo)
@@
-204,7
+213,8
@@
(jazz (colo :addr jazz.colo :sshfp "jazz")
(jump :addr jazz.jump :sshfp "jazz")
(vpn :addr jazz.vpn :sshfp "jazz")
(jazz (colo :addr jazz.colo :sshfp "jazz")
(jump :addr jazz.jump :sshfp "jazz")
(vpn :addr jazz.vpn :sshfp "jazz")
- (iodine :addr jazz.iodine :sshfp "jazz"))
+ (iodine :addr jazz.iodine :sshfp "jazz")
+ (hippo :addr jazz.hippo :sshfp "jazz"))
;; Virtual hosts.
(national :abbrev n (linode :abbrev nl) (upn :abbrev ny))
;; Virtual hosts.
(national :abbrev n (linode :abbrev nl) (upn :abbrev ny))
@@
-287,13
+297,15
@@
;; Virtual network.
(vpn :net vpn)
(crybaby :abbrev cb)
;; Virtual network.
(vpn :net vpn)
(crybaby :abbrev cb)
- (crybaby (vpn :addr crybaby.vpn :sshfp "crybaby"))
+ (crybaby (vpn :addr crybaby.vpn :sshfp "crybaby")
+ (hippo :addr crybaby.hippo :sshfp "crybaby"))
(terror (vpn :addr terror.vpn :sshfp "terror"))
(orange :abbrev o)
(orange (vpn :addr orange.vpn :sshfp "orange"))
(haze :abbrev h)
(haze (vpn :addr haze.vpn :sshfp "haze"))
(iodine :net iodine)
(terror (vpn :addr terror.vpn :sshfp "terror"))
(orange :abbrev o)
(orange (vpn :addr orange.vpn :sshfp "orange"))
(haze :abbrev h)
(haze (vpn :addr haze.vpn :sshfp "haze"))
(iodine :net iodine)
+ (hippo :net hippo)
;; ITS.
(its :net its)
;; ITS.
(its :net its)
@@
-327,8
+339,8
@@
(dnserr :ns ((radius.ns.dnserr :ip radius.dmz)
(vampire.ns.dnserr :ip vampire.dmz)
(precision.ns.dnserr :ip precision.jump)
(dnserr :ns ((radius.ns.dnserr :ip radius.dmz)
(vampire.ns.dnserr :ip vampire.dmz)
(precision.ns.dnserr :ip precision.jump)
- (telecaster.ns.dnserr :ip telecaster)
- (national.ns.dnserr :ip national))
+ (telecaster.ns.dnserr :ip telecaster
.jump
)
+ (national.ns.dnserr :ip national
.linode
))
:ds ((40945 :rsasha256 :sha1
"f35b5d0b877b940e63ad1b3afc21d6ba83cd1b3b")
(40945 :rsasha256 :sha256
:ds ((40945 :rsasha256 :sha1
"f35b5d0b877b940e63ad1b3afc21d6ba83cd1b3b")
(40945 :rsasha256 :sha256
@@
-353,6
+365,13
@@
(invader :addr invader.safe)
(marauder :addr marauder.safe))
(invader :addr invader.safe)
(marauder :addr marauder.safe))
+(defzone dyn.distorted.org.uk
+ :ns ((radius.ns :ip radius)
+ (vampire.ns :ip vampire)
+ (precision.ns :ip precision)
+ (telecaster.ns :ip telecaster)
+ (national.ns :ip national)))
+
(defzone nicko.org
(richmond :addr richmond.jump))
(defzone nicko.org
(richmond :addr richmond.jump))
@@
-437,8
+456,20
@@
telecaster.distorted.org.uk.
national.distorted.org.uk.
secondary-dns.co.uk.)
telecaster.distorted.org.uk.
national.distorted.org.uk.
secondary-dns.co.uk.)
+ (0.7.3.6.8.6.4.6.1.0.0.0 :ns (radius.distorted.org.uk.
+ vampire.distorted.org.uk.
+ precision.distorted.org.uk.
+ telecaster.distorted.org.uk.
+ national.distorted.org.uk.))
:reverse ((((:ipv6 distorted.org.uk-aaisp)))))
:reverse ((((:ipv6 distorted.org.uk-aaisp)))))
+(defrevzone (dhcp :family :ipv6)
+ :ns (radius.distorted.org.uk.
+ vampire.distorted.org.uk.
+ precision.distorted.org.uk.
+ telecaster.distorted.org.uk.
+ national.distorted.org.uk.))
+
(defrevzone distorted.org.uk-jump
:ns (radius.distorted.org.uk.
vampire.distorted.org.uk.
(defrevzone distorted.org.uk-jump
:ns (radius.distorted.org.uk.
vampire.distorted.org.uk.