:v "DKIM1" :k "rsa" :h "sha256" :s "email"))
;; Anycast services.
- (dns0 :anycast ((any dns0.any)
- (jump precision.jump)
+ (dns0 :anycast ((any dns0.any) (jump precision.jump)
+ (nany dns0.nany)
(colo precision.colo)
(dmz radius.dmz)
(unsafe radius.unsafe)))
- (dns1 :anycast ((any dns1.any)
- (jump telecaster.jump)
+ (dns1 :anycast ((any dns1.any) (jump telecaster.jump)
+ (nany dns1.nany)
(dmz vampire.dmz)
(unsafe vampire.unsafe)
(colo telecaster.colo)))
(dns :cname dns0)
- (ntp0 :anycast ((any ntp0.any)
- (jump fender.jump)
+ (ntp0 :anycast ((any ntp0.any) (jump fender.jump)
+ (nany ntp0.nany)
(dmz ibanez.dmz)
(unsafe ibanez.unsafe)
(colo fender.colo)))
- (ntp1 :anycast ((any ntp1.any)
- (dmz vampire.dmz)
+ (ntp1 :anycast ((any ntp1.any) (dmz vampire.dmz)
+ (nany ntp1.nany)
(unsafe vampire.unsafe)))
(ntp :cname ntp0)
- (www-cache :anycast ((any www-cache.any)
- (jump telecaster.jump)
+ (www-cache :anycast ((any www-cache.any) (jump telecaster.jump)
+ (nany www-cache.nany)
(dmz roadstar.dmz)
(unsafe roadstar.unsafe)
(colo telecaster.colo)))
(wpad :cname www-cache)
(_kerberos :txt "DISTORTED.ORG.UK")
- (krb0 :anycast ((any krb0.any)
- (jump precision.jump)
+ (krb0 :anycast ((any krb0.any) (jump precision.jump)
+ (nany krb0.nany)
(dmz radius.dmz)
(unsafe radius.unsafe)
(colo precision.colo)))
- (krb1 :anycast ((any krb1.any)
- (dmz vampire.dmz)
+ (krb1 :anycast ((any krb1.any) (dmz vampire.dmz)
+ (nany krb1.nany)
(unsafe vampire.unsafe)))
(krb-master (unsafe :svc radius.unsafe)
(dmz :svc radius.dmz))
(fender :abbrev f (colo :abbrev fc) (jump :abbrev fj))
(fender (colo :addr fender.colo :sshfp "fender")
(jump :addr fender.jump :sshfp "fender"))
- (precision :abbrev p (colo :abbrev pc) (jump :abbrev pj) (vpn :abbrev pv))
+ (precision :abbrev p
+ (colo :abbrev pc) (jump :abbrev pj)
+ (vpn :abbrev pv) (nvpn :abbrev pnv))
(precision (colo :addr precision.colo :sshfp "precision")
(jump :addr precision.jump :sshfp "precision")
- (vpn :addr precision.vpn :sshfp "precision"))
+ (vpn :addr precision.vpn :sshfp "precision")
+ (nvpn :addr precision.nvpn :sshfp "precision"))
(telecaster :alias tele :abbrev t
(colo :alias tele.colo :abbrev tc)
(jump :alias tele.jump :abbrev tj))
(jump :alias strat.jump :abbrev sj))
(stratocaster (colo :addr stratocaster.colo :sshfp "stratocaster")
(jump :addr stratocaster.jump :sshfp "stratocaster"))
- (jazz :abbrev z (colo :abbrev zc) (jump :abbrev zj) (vpn :abbrev :zv))
+ (jazz :abbrev z
+ (colo :abbrev zc) (jump :abbrev zj)
+ (vpn :abbrev :zv) (nvpn :abbrev :znv))
(jazz (colo :addr jazz.colo :sshfp "jazz")
(jump :addr jazz.jump :sshfp "jazz")
(vpn :addr jazz.vpn :sshfp "jazz")
+ (nvpn :addr jazz.nvpn :sshfp "jazz")
(iodine :addr jazz.iodine :sshfp "jazz")
(hippo :addr jazz.hippo :sshfp "jazz"))
+ ;; Formerly colocated hosts.
+ (nfender :abbrev nf (unsafe :abbrev fu) (dmz :abbrev fd))
+ (nfender (unsafe :addr fender.unsafe :sshfp "fender")
+ (dmz :addr fender.dmz :sshfp "fender"))
+ (nprecision :abbrev np (unsafe :abbrev pu) (dmz :abbrev pd))
+ (nprecision (unsafe :addr precision.unsafe :sshfp "precision")
+ (dmz :addr precision.dmz :sshfp "precision"))
+ (ntelecaster :alias ntele :abbrev nt
+ (unsafe :alias tele.unsafe :abbrev tu)
+ (dmz :alias tele.dmz :abbrev td))
+ (ntelecaster (unsafe :addr telecaster.unsafe :sshfp "telecaster")
+ (dmz :addr telecaster.dmz :sshfp "telecaster"))
+ (nstratocaster :alias nstrat :abbrev ns
+ (unsafe :alias strat.unsafe :abbrev su)
+ (dmz :alias strat.dmz :abbrev sd))
+ (nstratocaster (unsafe :addr stratocaster.unsafe :sshfp "stratocaster")
+ (dmz :addr stratocaster.dmz :sshfp "stratocaster"))
+ (njazz :abbrev nz (unsafe :abbrev zu) (dmz :abbrev zd))
+ (njazz (unsafe :addr jazz.unsafe :sshfp "jazz")
+ (dmz :addr jazz.dmz :sshfp "jazz"))
+
;; Virtual hosts.
- (national :abbrev n (linode :abbrev nl) (upn :abbrev ny))
+ (national :abbrev n (linode :abbrev nl) (upn :abbrev ny) (nupn :abbrev nny))
(national (linode :addr national.linode)
- (upn :addr national.upn))
- (mdwdev (upn :addr mdwdev.upn))
+ (upn :addr national.upn)
+ (nupn :addr national.nupn))
+ (mdwdev (upn :addr mdwdev.upn)
+ (nupn :addr mdwdev.nupn))
;; Nicko's servers.
(richmond (jump :svc richmond.jump))
(safe :net safe)
(untrusted :net untrusted)
(vampire :abbrev v
- (unsafe :abbrev vu) (dmz :abbrev vd) (vpn :abbrev vv)
+ (unsafe :abbrev vu) (dmz :abbrev vd)
+ (vpn :abbrev vv) (nvpn :abbrev vnv)
(safe :abbrev vs) (untrusted :abbrev vx))
(vampire (unsafe :addr vampire.unsafe :sshfp "vampire")
(dmz :addr vampire.dmz :sshfp "vampire")
(vpn :addr vampire.vpn :sshfp "vampire")
+ (nvpn :addr vampire.nvpn :sshfp "vampire")
(safe :addr vampire.safe :sshfp "vampire")
(untrusted :addr vampire.untrusted :sshfp "vampire"))
(ibanez :abbrev i (unsafe :abbrev iu) (dmz :abbrev id))
(ibanez (unsafe :addr ibanez.unsafe :sshfp "ibanez")
(dmz :addr ibanez.dmz :sshfp "ibanez"))
(radius :abbrev r
- (unsafe :abbrev ru) (dmz :abbrev rd) (vpn :abbrev rv)
+ (unsafe :abbrev ru) (dmz :abbrev rd)
+ (vpn :abbrev rv) (nvpn :abbrev rnv)
(safe :abbrev rs) (untrusted :abbrev rx))
(radius (unsafe :addr radius.unsafe :sshfp "radius")
(dmz :addr radius.dmz :sshfp "radius")
(vpn :addr radius.vpn :sshfp "radius")
+ (nvpn :addr radius.nvpn :sshfp "radius")
(safe :addr radius.safe :sshfp "radius")
(untrusted :addr radius.untrusted :sshfp "radius"))
(roadstar :abbrev rg (unsafe :abbrev rgu) (dmz :abbrev rgd))
(dmz :addr artist.dmz :sshfp "artist")
(untrusted :addr artist.untrusted :sshfp "artist"))
(groove :abbrev gr
- (unsafe :abbrev gru) (vpn :abbrev grv))
- (groove (unsafe :addr groove.unsafe :sshfp "groove")
- (vpn :addr groove.vpn :sshfp "groove"))
+ (vpn :abbrev grv) (nvpn :abbrev ngrv) (unsafe :abbrev gru))
+ (groove (vpn :addr groove.vpn :sshfp "groove")
+ (nvpn :addr groove.nvpn :sshfp "groove")
+ (unsafe :addr groove.unsafe :sshfp "groove"))
;; DHCP hosts.
(gibson :cname gibson.dhcp :abbrev g)
(gretsch :cname gretsch.dhcp)
;; Virtual network.
- (vpn :net vpn)
+ (vpn :net vpn) (nvpn :net nvpn)
(crybaby :abbrev cb)
(crybaby (vpn :addr crybaby.vpn :sshfp "crybaby")
+ (nvpn :addr crybaby.nvpn :sshfp "crybaby")
(hippo :addr crybaby.hippo :sshfp "crybaby"))
(spirit (vpn :addr spirit.vpn :sshfp "spirit")
+ (nvpn :addr spirit.nvpn :sshfp "spirit")
(hippo :addr spirit.hippo :sshfp "spirit"))
(terror (vpn :addr terror.vpn :sshfp "terror"))
(orange :abbrev o)
- (orange (vpn :addr orange.vpn :sshfp "orange"))
+ (orange (vpn :addr orange.vpn :sshfp "orange")
+ (nvpn :addr orange.nvpn :sshfp "orange"))
(haze :abbrev h)
- (haze (vpn :addr haze.vpn :sshfp "haze"))
+ (haze (vpn :addr haze.vpn :sshfp "haze")
+ (nvpn :addr haze.nvpn :sshfp "haze"))
(iodine :net iodine)
(hippo :net hippo)
(mz (its :addr mz.its))
;; Strange things.
- (blackhole (jump :addr blackhole.jump))
+ (blackhole (dmz :addr blackhole.dmz)
+ (jump :addr blackhole.jump))
;; Delegations.
(dhcp :ns ((radius.ns.dhcp :ip radius)
secondary-dns.co.uk.)
:reverse ((((:ipv4 dmz)))))
+(defzone 64-79.12.169.217.in-addr.arpa
+ :ns (radius.distorted.org.uk.
+ vampire.distorted.org.uk.
+ precision.distorted.org.uk.
+ telecaster.distorted.org.uk.
+ national.distorted.org.uk.
+ secondary-dns.co.uk.)
+ :reverse ((((:ipv4 dmz1)))))
+
(defzone 195.113.2.81.in-addr.arpa
:ns (radius.distorted.org.uk.
vampire.distorted.org.uk.
;; Externally routable DMZ from Andrews and Arnold.
(defnet gw "81.2.113.195")
(defnet dmz "81.187.238.128/28")
+(defnet dmz1 "217.169.12.64/28")
(defnet distorted.org.uk-aaisp "2001:8b0:c92/48"
(unsafe "1/64"
(dhcp "6468:6370/96"))
+ (nany "0/64")
(dmz "fff/64")
(safe "4001/64")
- (untrusted "8001/64"))
+ (nvpn "6000/64")
+ (untrusted "8001/64")
+ (nupn "a000/64"))
;; Externally routed colo range.
(defnet jump "212.13.198.66/28")
(defhost anon.jump (jump 13))
(defhost blackhole.jump ((:ipv4 jump 14) (:ipv6 jump "::ffff")))
+;; Formerly colocated addresses.
+(defhost precision.dmz ((:ipv4 dmz1 1) (:ipv6 dmz 33)))
+(defhost telecaster.dmz ((:ipv4 dmz1 2) (:ipv6 dmz 34)))
+(defhost stratocaster.dmz ((:ipv4 dmz1 3) (:ipv6 dmz 35)))
+(defhost jazz.dmz ((:ipv4 dmz1 4) (:ipv6 dmz 36)))
+(defhost fender.dmz ((:ipv4 dmz1 9) (:ipv6 dmz 41)))
+(defhost marshall.dmz ((:ipv4 dmz1 11) (:ipv6 dmz "::2:1")))
+(defhost richmond.dmz ((:ipv4 dmz1 12) (:ipv6 dmz "::1:1")))
+(defhost blackhole.dmz ((:ipv4 dmz1 14) (:ipv6 dmz "::ffff")))
+
;; Linode virtual hosts.
(defhost national.linode ((:ipv4 "45.33.118.239")
(:ipv6 "2600:3c00::f03c:91ff:fe3b:d7c1")))
(defhost artist.unsafe (unsafe 4))
(defhost vampire.unsafe (unsafe 5))
(defhost universe.unsafe (unsafe 6))
+(defhost precision.unsafe (unsafe 7))
+(defhost telecaster.unsafe (unsafe 8))
+(defhost stratocaster.unsafe (unsafe 9))
+(defhost jazz.unsafe (unsafe 10))
(defhost ibanez.unsafe (unsafe 14))
+(defhost fender.unsafe (unsafe 15))
(defhost groove.unsafe (unsafe 17))
;; Client hosts, with IPv6 addresses.
(defhost radius.untrusted (untrusted 1))
(defhost artist.untrusted (untrusted 2))
(defhost vampire.untrusted (untrusted 3))
+(defhost jazz.untrusted (untrusted 4))
;; Virtual private network.
(defhost crybaby.vpn ((:ipv4 vpn 1) (:ipv6 vpn "::1:1")))
(defhost spirit.vpn ((:ipv4 vpn 9) (:ipv6 vpn "::9:1")))
(defhost groove.vpn ((:ipv4 vpn 10) (:ipv6 vpn "::10:1")))
+(defhost crybaby.nvpn ((:ipv6 nvpn "::1:1")))
+(defhost orange.nvpn ((:ipv6 nvpn "::3:1")))
+(defhost haze.nvpn ((:ipv6 nvpn "::4:1")))
+(defhost radius.nvpn ((:ipv6 nvpn "::5:1")))
+(defhost precision.nvpn ((:ipv6 nvpn "::6:1")))
+(defhost jazz.nvpn ((:ipv6 nvpn "::7:1")))
+(defhost vampire.nvpn ((:ipv6 nvpn "::8:1")))
+(defhost spirit.nvpn ((:ipv6 nvpn "::9:1")))
+(defhost groove.nvpn ((:ipv6 nvpn "::10:1")))
+
;; Untrusted private network.
(defhost national.upn ((:ipv4 upn 1) (:ipv6 upn "::1:1")))
(defhost mdwdev.upn ((:ipv4 upn 2) (:ipv6 upn "::2:1")))
+(defhost national.nupn ((:ipv6 nupn "::1:1")))
+(defhost mdwdev.nupn ((:ipv6 nupn "::2:1")))
+
;; Iodine network.
(defhost jazz.iodine (iodine 1))
(defhost krb0.any ((:ipv4 any 5) (:ipv6 any "::5:1")))
(defhost krb1.any ((:ipv4 any 6) (:ipv6 any "::6:1")))
+(defhost dns0.nany ((:ipv6 nany "::0:1")))
+(defhost dns1.nany ((:ipv6 nany "::1:1")))
+(defhost ntp0.nany ((:ipv6 nany "::2:1")))
+(defhost ntp1.nany ((:ipv6 nany "::3:1")))
+(defhost www-cache.nany ((:ipv6 nany "::4:1")))
+(defhost krb0.nany ((:ipv6 nany "::5:1")))
+(defhost krb1.nany ((:ipv6 nany "::6:1")))
+
;;;--------------------------------------------------------------------------
;;; Host switch.
~mdw / zones / commitdiff