From: Mark Wooding <mdw@distorted.org.uk>
Date: Fri, 30 Mar 2012 22:44:39 +0000 (+0100)
Subject: External zones don't need split-brain madness any more.
X-Git-Url: https://git.distorted.org.uk/~mdw/zones/commitdiff_plain/c0430253dd8fe7e0746bf8ef30a4f1272521baff

External zones don't need split-brain madness any more.

They used to require it when I didn't have a proper publicly routable
border network for the servers.  So only generate `outside' views for
external zones.  This also means I have to swap around the
`preferred-subnet-case' for choosing server addresses to favour
outside, but I think that's the right answer anyway.
---

diff --git a/Makefile b/Makefile
index 8059956..8c65965 100644
--- a/Makefile
+++ b/Makefile
@@ -74,10 +74,7 @@ distorted_all_ZONES	+= 199.29.172.in-addr.arpa
 
 ZONESETS		+= harlequin
 
-harlequin_VIEWS		 = inside outside
-harlequin_outside_NETS	 = dmz
-harlequin_inside_NETS	 = unsafe
-
+harlequin_VIEWS		 = outside
 harlequin_all_ZONES	 = harlequin.org.uk
 
 ###--------------------------------------------------------------------------
@@ -85,10 +82,7 @@ harlequin_all_ZONES	 = harlequin.org.uk
 
 ZONESETS		+= felixpearce
 
-felixpearce_VIEWS	 = inside outside
-felixpearce_outside_NETS = dmz
-felixpearce_inside_NETS	 = unsafe
-
+felixpearce_VIEWS	 = outside
 felixpearce_all_ZONES	 = felixpearce.com
 
 ###--------------------------------------------------------------------------
diff --git a/felixpearce.lisp b/felixpearce.lisp
index 0e9a149..61873d1 100644
--- a/felixpearce.lisp
+++ b/felixpearce.lisp
@@ -9,12 +9,10 @@
 (defzone felixpearce.com
 
   ;; Nameservers
-  :ns #+view/inside ((radius.ns :ip radius)
-		     (vampire.ns :ip vampire))
-      #-view/inside ((radius.ns :ip radius)
-		     (vampire.ns :ip vampire)
-		     (mythic-beasts-1.ns :ip mythic-ns1)
-		     (mythic-beasts-2.ns :ip mythic-ns2))
+  :ns ((radius.ns :ip radius)
+       (vampire.ns :ip vampire)
+       (mythic-beasts-1.ns :ip mythic-ns1)
+       (mythic-beasts-2.ns :ip mythic-ns2))
 
   ;; Web service.
   ((@ www blog) :svc vampire)
diff --git a/harlequin.lisp b/harlequin.lisp
index 12b3008..48f5628 100644
--- a/harlequin.lisp
+++ b/harlequin.lisp
@@ -9,12 +9,10 @@
 (defzone harlequin.org.uk
 
   ;; Nameservers
-  :ns #+view/inside ((radius.ns :ip radius)
-		     (vampire.ns :ip vampire))
-      #-view/inside ((radius.ns :ip radius)
-		     (vampire.ns :ip vampire)
-		     (mythic-beasts-1.ns :ip mythic-ns1)
-		     (mythic-beasts-2.ns :ip mythic-ns2))
+  :ns ((radius.ns :ip radius)
+       (vampire.ns :ip vampire)
+       (mythic-beasts-1.ns :ip mythic-ns1)
+       (mythic-beasts-2.ns :ip mythic-ns2))
 
   ;; Mail servers
   :mx ((mail :ip vampire))
diff --git a/hosts.lisp b/hosts.lisp
index b7fc5e5..b2beaae 100644
--- a/hosts.lisp
+++ b/hosts.lisp
@@ -106,11 +106,11 @@
 ;;; Host switch.
 
 (preferred-subnet-case
-  (dmz
-   (defhost radius radius.dmz)
-   (defhost vampire vampire.dmz))
-  (t
+  ((unsafe colo)
    (defhost radius radius.unsafe)
-   (defhost vampire vampire.unsafe)))
+   (defhost vampire vampire.unsafe))
+  (t
+   (defhost radius radius.dmz)
+   (defhost vampire vampire.dmz)))
 
 ;;;----- That's all, folks --------------------------------------------------