X-Git-Url: https://git.distorted.org.uk/~mdw/zones/blobdiff_plain/8b063560f9ef063309bd15bcba42a074cb24feb6..4ac8501e91b477565755245bd536402ee7160f75:/distorted.lisp

diff --git a/distorted.lisp b/distorted.lisp
index bd47fc8..be510a4 100644
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -82,12 +82,19 @@
 
   ;; Mail servers.
   ((@ mail blackhole) :mx mail :srv ((:smtp mail)))
-  ((bugs) :ttl 300 :mx lists :srv ((:smtp bugs)))
-  ((lists) :ttl 300 :mx lists :srv ((:smtp lists)))
-
-  (stratocaster.20140403._domainkey
-   :dkim ("stratocaster-20140403"
-	  :v "DKIM1" :k "rsa" :h "sha256" :s "email"))
+  (bugs :mx lists :srv ((:smtp bugs)))
+  (lists :mx lists :srv ((:smtp lists)))
+  (_dmarc :dmarc (:v "DMARC1"
+		  :p "quarantine" :sp "quarantine"
+		  :adkim "s" :aspf "s"))
+  ((_domainkey _domainkey.mail) :dname stratocaster.dkim)
+  ((stratocaster @ mail) :spf ((:version "spf1")
+			       (:pass :ip stratocaster.dmz)
+			       (:soft :all)))
+  ((_domainkey.bugs _domainkey.lists) :dname telecaster.dkim)
+  ((telecaster bugs lists) :spf ((:version "spf1")
+				 (:pass :ip telecaster.dmz)
+				 (:soft :all)))
 
   ;; Anycast services.
   (dns0 :anycast ((any dns0.any) (dmz radius.dmz)
@@ -204,8 +211,7 @@
 
   ;; Virtual hosts.
   (national :abbrev n (linode :abbrev nl) (upn :abbrev ny))
-  (national (linode :addr national.linode)
-	    (upn :addr national.upn))
+  (national (linode :addr national.linode) (upn :addr national.upn))
   (mdwdev (upn :addr mdwdev.upn))
 
   ;; Nicko's servers.
@@ -339,11 +345,39 @@
 	       (40945 :rsasha256 :sha256
 		#.(concatenate 'string "fb171d206d4d64c5a7a6c290ce6e20df"
 				       "44f1db7f41e2260f1fe8d7c55d524c11"))))
-  (io :ns ((ns.io :ip jazz.dmz))))
+  (stratocaster.dkim
+   :ns ((radius.ns.stratocaster.dkim :ip radius.dmz)
+	(precision.ns.stratocaster.dkim :ip precision.dmz)
+	(telecaster.ns.stratocaster.dkim :ip telecaster.dmz)
+	(national.ns.stratocaster.dkim :ip national.linode)
+	(mythic-beasts-1.ns.stratocaster.dkim :ip mythic-ns1)
+	(mythic-beasts-2.ns.stratocaster.dkim :ip mythic-ns2)
+	(mythic-beasts-3.ns.stratocaster.dkim :ip mythic-ns3))
+   :ds ((24577 :rsasha256 :sha1
+	 "d06847c01e19098509a8d07a9aafaceff532c9c7")
+	(24577 :rsasha256 :sha256
+	 #.(concatenate 'string "a40cdb1c633041cfbc1b80a400cff527"
+				"2cad051915fc0cd40296a2d4590b9d2b"))))
+  (telecaster.dkim
+   :ns ((radius.ns.telecaster.dkim :ip radius.dmz)
+	(precision.ns.telecaster.dkim :ip precision.dmz)
+	(telecaster.ns.telecaster.dkim :ip telecaster.dmz)
+	(national.ns.telecaster.dkim :ip national.linode)
+	(mythic-beasts-1.ns.telecaster.dkim :ip mythic-ns1)
+	(mythic-beasts-2.ns.telecaster.dkim :ip mythic-ns2)
+	(mythic-beasts-3.ns.telecaster.dkim :ip mythic-ns3))
+   :ds ((38896 :rsasha256 :sha1
+	 "2c2daea658784e22c46bf9e86da67def1e34cf40")
+	(38896 :rsasha256 :sha256
+	 #.(concatenate 'string "66997571c7d47f912caa65f2154ecd37"
+				"5b9d391e3ed44d79ac35eef59264e521"))))
+  (io :ns ((ns.io :ip jazz.dmz)))
+  (play :ns (radius.ns precision.ns telecaster.ns national.ns)))
 
 ;;;--------------------------------------------------------------------------
 ;;; Other subsidiary zones.
 
+#+view/outside
 (defzone dhcp.distorted.org.uk
   :ns ((radius.ns :ip radius.dmz)
        (precision.ns :ip precision.dmz)
@@ -358,15 +392,36 @@
   (invader :addr invader.safe)
   (marauder :addr marauder.safe))
 
+#+view/outside
 (defzone (dyn.distorted.org.uk :source telecaster.distorted.org.uk.)
   :ns ((radius.ns :ip radius)
        (precision.ns :ip precision)
        (telecaster.ns :ip telecaster)
        (national.ns :ip national)))
 
+#+view/outside
 (defzone nicko.org
   (richmond :addr richmond.dmz))
 
+#+view/outside
+(defzone stratocaster.dkim.distorted.org.uk
+  :ns ((radius.ns :ip radius.dmz)
+       (precision.ns :ip precision.dmz)
+       (telecaster.ns :ip telecaster.dmz)
+       (national.ns :ip national.linode)
+       (mythic-beasts-1.ns :ip mythic-ns1)
+       (mythic-beasts-2.ns :ip mythic-ns2)
+       (mythic-beasts-3.ns :ip mythic-ns3)))
+#+view/outside
+(defzone telecaster.dkim.distorted.org.uk
+  :ns ((radius.ns :ip radius.dmz)
+       (precision.ns :ip precision.dmz)
+       (telecaster.ns :ip telecaster.dmz)
+       (national.ns :ip national.linode)
+       (mythic-beasts-1.ns :ip mythic-ns1)
+       (mythic-beasts-2.ns :ip mythic-ns2)
+       (mythic-beasts-3.ns :ip mythic-ns3)))
+
 (defrevzone trusted
   :ns (radius.distorted.org.uk.
        precision.distorted.org.uk.
@@ -382,6 +437,7 @@
 	     national.distorted.org.uk.))
   :multi (((dhcp safe) :family :ipv4 :suffix "199.29.172.dhcp") :cname *))
 
+#+view/outside
 (defzone dhcp.199.29.172.in-addr.arpa
   :ns (radius.distorted.org.uk.
        precision.distorted.org.uk.
@@ -436,6 +492,7 @@
        telecaster.distorted.org.uk.
        national.distorted.org.uk.))
 
+#+view/outside
 (defzone io.distorted.org.uk
   :ns ((ns :ip jazz.dmz))
   (about :txt "Fake zone used for IP-over-DNS tunnelling."))