X-Git-Url: https://git.distorted.org.uk/~mdw/zones/blobdiff_plain/b29264c578d1d5baba52a1a47365f588dbbce20f..d9fb28388e718248637aec1e28bdb681611f6a9b:/distorted.lisp

diff --git a/distorted.lisp b/distorted.lisp
index 80c9a34..5dde19a 100644
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -28,9 +28,10 @@
     (dolist (provider (list* any-provider default-provider other-providers))
       (zone-set-address #'rec (cdr provider)
 			:make-ptr-p (eq provider any-provider)
-			:name (concatenate 'string prefix "."
-					   (string-downcase (car provider))
-					   "." (string-downcase zname))))))
+			:name (domain-name-concat prefix
+						  (zone-parse-host
+						   (car provider)
+						   zname))))))
 
 ;;;--------------------------------------------------------------------------
 ;;; Other definitions.
@@ -57,7 +58,7 @@
 		     (chiark.ns :ip chiark.greenend.org.uk))
 
   ;; Mail servers.
-  ((@ mail)
+  ((@ mail blackhole)
    :mx mail
    :srv ((:smtp mail)))
   ((lists bugs cryptomail)
@@ -137,6 +138,18 @@
 	     (jump :svc jazz.jump :sshfp "jazz"))
   ((git www mail) (colo :svc stratocaster.colo :sshfp "stratocaster")
 		  (jump :svc stratocaster.jump :sshfp "stratocaster"))
+  ((www @) :tlsa (:https (:service-certificate-constraint
+			  :certificate :sha-256
+			  #p"certs/http-server-www#1.cert")))
+  (git :tlsa (:https (:trust-anchor-assertion
+		      :certificate :sha-256
+		      #p"certs/distorted-ca.cert")))
+  (www-cache :tlsa (3127 (:trust-anchor-assertion
+			  :certificate :sha-256
+			  #p"certs/distorted-ca.cert")))
+  (mail :tlsa ((:smtp :submission :imap) (:trust-anchor-assertion
+					  :certificate :sha-256
+					  #p"certs/distorted-ca.cert")))
   :svc #+view/inside stratocaster.colo
        #-view/inside stratocaster.jump
   (cabal :svc stratocaster.colo :sshfp "stratocaster")
@@ -161,7 +174,7 @@
 	(dmz :addr anon.dmz))
 
   ;; Fancy connectivity.
-  (iodine (jump :addr jazz.jump))
+  (iodine (jump :svc jazz.jump))
 
   ;; Colocated hosts.
   (colo :net colo)
@@ -221,6 +234,7 @@
   (crybaby (vpn :addr crybaby.vpn :sshfp "crybaby"))
   (terror (vpn :addr terror.vpn :sshfp "terror"))
   (orange (vpn :addr orange.vpn :sshfp "orange"))
+  (haze (vpn :addr haze.vpn :sshfp "haze"))
   (iodine :net iodine)
 
   ;; ITS.