This is the only way of getting it to work, it seems. BIND9 can be
persuaded to serve using a nonstandard port, but it has no way to
forward to another server listening on such a port. This is obviously
crazy, but I'm still running a surplus of addresses.
(tor :svc #+view/inside vampire.unsafe
#-view/inside anon.dmz)
+ ;; Fancy connectivity.
+ (iodine (dmz :a iodine.dmz))
+
;; Colocated hosts.
(colo :net colo)
(jump :net jump)
;; Delegations.
(dhcp :ns (radius.ns vampire.ns))
- (io :ns ((ns.io :ip vampire))))
+ (io :ns ((ns.io :ip iodine.dmz))))
;;;--------------------------------------------------------------------------
;;; Other subsidiary zones.
(defhost artist.dmz (dmz 5))
(defhost vampire.dmz (dmz 6))
(defhost ibanez.dmz (dmz 9))
+(defhost iodine.dmz (dmz 11))
(defhost anon.dmz (dmz 12))
(defhost gate.dmz (dmz 13))
(defhost nat.dmz (dmz 14))