Mark Wooding [Sat, 4 May 2024 23:28:58 +0000 (00:28 +0100)]
distorted.lisp: Remove redundant parentheses.
I know, it's Lisp, but there are still standards to uphold.
Mark Wooding [Mon, 6 May 2024 03:32:20 +0000 (04:32 +0100)]
distorted.lisp: Enable the Mythic Beasts secondaries for DKIM zones.
I couldn't configure them using the usual control panel, so I had to ask
a human nicely. There's something about interacting with their support
that nearly has me wishing that it happened more often. (They don't pay
me to say nice things about them.)
Mark Wooding [Mon, 6 May 2024 03:31:32 +0000 (04:31 +0100)]
Makefile: Remove obsolete network name `colo'.
Mark Wooding [Fri, 3 May 2024 01:08:47 +0000 (02:08 +0100)]
distorted.lisp, escorted.lisp, odin.lisp: Add DKIM infrastructure.
Mark Wooding [Fri, 3 May 2024 01:04:35 +0000 (02:04 +0100)]
distorted.lisp: Don't bother publishing `inside' versions of common zones.
Mark Wooding [Fri, 3 May 2024 01:01:56 +0000 (02:01 +0100)]
distorted.lisp: Add delegation for `play' subdomain, for experiments.
Mark Wooding [Fri, 3 May 2024 00:49:09 +0000 (01:49 +0100)]
binswood.lisp, distorted.lisp: Name `telecaster' as master for dynamic zones.
Now `nsupdate' will actually send its updates to the correct server.
Mark Wooding [Fri, 3 May 2024 00:45:45 +0000 (01:45 +0100)]
binswood.lisp, distorted.lisp: Remove `vampire' as nameserver for more zones.
Mark Wooding [Mon, 29 Apr 2024 12:23:51 +0000 (13:23 +0100)]
Makefile: Delete old reverse zones.
Mark Wooding [Mon, 29 Apr 2024 12:23:44 +0000 (13:23 +0100)]
distorted.lisp: Remove `vampire' as a nameserver.
Mark Wooding [Sun, 28 Apr 2024 15:18:06 +0000 (16:18 +0100)]
Makefile, hosts.lisp, distorted.lisp: Move `fender' home.
Mark Wooding [Sun, 28 Apr 2024 11:14:38 +0000 (12:14 +0100)]
hosts.lisp: Update chiark's IP address.
Mark Wooding [Sun, 28 Apr 2024 11:14:11 +0000 (12:14 +0100)]
Makefile: Allow command-line setting of `zone' options.
The new timeout options are particularly useful here.
Mark Wooding [Tue, 12 Mar 2024 10:51:12 +0000 (10:51 +0000)]
distorted.lisp: Publish `lpr' and `news'.
Mark Wooding [Tue, 6 Feb 2024 14:16:20 +0000 (14:16 +0000)]
hosts.lisp, distorted.lisp: Preparation for fender's move home.
Mark Wooding [Tue, 19 Dec 2023 15:01:22 +0000 (15:01 +0000)]
hosts.lisp, distorted.lisp: Add VPN address for `groove'.
Mark Wooding [Tue, 19 Dec 2023 15:00:44 +0000 (15:00 +0000)]
distorted.lisp: Add network-specific abbreviation for `groove.unsafe'.
Mark Wooding [Sat, 25 Feb 2023 13:27:11 +0000 (13:27 +0000)]
distorded.lisp: Move lpr service to roadstar.
Mark Wooding [Sat, 25 Feb 2023 13:17:28 +0000 (13:17 +0000)]
distorted.lisp: Remove orphan section heading.
Mark Wooding [Wed, 17 Aug 2022 17:19:29 +0000 (18:19 +0100)]
hosts.lisp: Fix Mythic's ns1 address.
Mark Wooding [Mon, 9 May 2022 22:25:33 +0000 (23:25 +0100)]
distorted.lisp, hosts.lisp: Welcome `mdwdev' to the VPN.
Mark Wooding [Mon, 9 May 2022 09:23:23 +0000 (10:23 +0100)]
distorted.lisp, hosts.lisp: Add Nicko's new VM `marshall'.
Mark Wooding [Mon, 9 May 2022 09:22:52 +0000 (10:22 +0100)]
distorted.lisp, hosts.lisp: Remove defunct host `jaguar'.
Mark Wooding [Mon, 9 Nov 2020 16:34:44 +0000 (16:34 +0000)]
distorted.lisp: Add an `lp0' alias for the printer.
There's no `lp' since it doesn't really make sense to fling jobs at an
arbitrary printer.
Mark Wooding [Mon, 9 Nov 2020 16:31:01 +0000 (16:31 +0000)]
distorted.lisp: Move printer into a new section for printers.
Rather than throwing it in with the wireless APs and hoping that nobody
notices, which was a terrible idea.
Mark Wooding [Tue, 28 Jul 2020 10:47:34 +0000 (11:47 +0100)]
distorted.lisp, hosts.lisp: Add new printer `burntaxe'.
Mark Wooding [Fri, 3 Jul 2020 13:14:36 +0000 (14:14 +0100)]
distorted.tex: Delete catastrphically obsolete document.
Mark Wooding [Thu, 16 Apr 2020 22:59:21 +0000 (23:59 +0100)]
distorted.lisp: Add aliases `ap0', `ap1' for the new access points.
Mark Wooding [Thu, 16 Apr 2020 11:48:35 +0000 (12:48 +0100)]
hosts.lisp, distorted.lisp: Add entries for new wireless access points.
Thanks for these, James.
Mark Wooding [Mon, 6 Apr 2020 18:58:20 +0000 (19:58 +0100)]
distorted.lisp, hosts.lisp: New laptop `spirit'.
Mark Wooding [Wed, 4 Jul 2018 17:44:58 +0000 (18:44 +0100)]
distorted.lisp: Don't advertise Lets Encrypt certs for submission or IMAP.
Mark Wooding [Wed, 4 Jul 2018 17:44:40 +0000 (18:44 +0100)]
distorted.lisp: Do the split-horizon thing for TLSA records.
Mark Wooding [Wed, 4 Jul 2018 17:16:47 +0000 (18:16 +0100)]
distorted.lisp: Include the correct TLSA record details for SMTP.
Thanks to Viktor Dukhovni for pointing out that I'd done it wrong.
Mark Wooding [Wed, 4 Jul 2018 17:06:51 +0000 (18:06 +0100)]
keys/https-artist.pub: Commit missing file.
Mark Wooding [Wed, 27 Jun 2018 08:25:48 +0000 (09:25 +0100)]
distorted.lisp: Prepare for LetsEncrypt certificate on outward IMAP/SMTP.
Some SMTP TLS checking tools complain about the use of private
certificate authorities by public SMTP servers. And I must admit that,
while an SMTP server which uses an unverifiable certificate is much
better than one which doesn't try to use TLS at all, it's not as good as
it could be. So I want to use a LetsEncrypt certificate here. Prepare
for this by publishing the service public key hash in the TLSA records.
Mark Wooding [Wed, 30 May 2018 17:20:58 +0000 (18:20 +0100)]
hosts.lisp: Delete chiark's IPv6 nameserver address.
It seems that chiark doesn't actually respond to DNS queries over IPv6
at all. Best not to ask it.
Mark Wooding [Wed, 27 Jun 2018 08:31:34 +0000 (09:31 +0100)]
distorted.lisp: Publish a TLSA record for `rawk'.
This now has active TLS.
Mark Wooding [Wed, 27 Jun 2018 08:29:34 +0000 (09:29 +0100)]
distorted.lisp: Delete the last mention of `pifi'.
It got replaced by `groove' back in 2015.
Mark Wooding [Sun, 1 Oct 2017 14:40:31 +0000 (15:40 +0100)]
hosts.lisp, distorted.lisp: Define a network for `hippotat'.
This is for Ian Jackson's `Asinine IP Over HTTP' utility.
Mark Wooding [Wed, 20 Sep 2017 22:01:28 +0000 (23:01 +0100)]
goodhstg.lisp: Abandon this domain.
I've cancelled it with the registrar, switched off the virtual server
which hosted it, and see no reason to continue maintaining the zone.
Mark Wooding [Wed, 20 Sep 2017 21:46:08 +0000 (22:46 +0100)]
*.lisp: Add CAA records to discourage wrong CAs from issuing.
CAs are generally uselsss and can't be relied on to take any notice, but
it's better than nothing.
Add a record for our own CA for form's sake, even though I don't take
any notice.
Mark Wooding [Wed, 20 Sep 2017 21:55:50 +0000 (22:55 +0100)]
hosts.lisp, distorted.lisp: Allocate an IPv6 range for DHCP.
The magic 32-bit hex string spells out `dhcp' in ASCII.
Mark Wooding [Wed, 19 Jul 2017 02:48:30 +0000 (03:48 +0100)]
*.lisp: Add `ns3.mythic-beasts.com' as another secondary.
For the zones registered with Mythic Beasts, anyway.
Mark Wooding [Wed, 19 Jul 2017 02:39:51 +0000 (03:39 +0100)]
hosts.lisp: Update IPv4 address for `ns1.mythic-beasts.com'.
Apparently it's changed. Somehow I managed to spot this before the
change was announced, through a temporary inconsistency in the DNS
records.
Mark Wooding [Sat, 8 Jul 2017 13:58:45 +0000 (14:58 +0100)]
keys/*.sshfp: Update to include the new
Ed25519 keys.
Mark Wooding [Fri, 1 Jul 2016 23:13:25 +0000 (00:13 +0100)]
Fix dynamic zones.
* Include the correct nameservers.
* Output a skeleton zone file for constructing updates.
Mark Wooding [Fri, 1 Jul 2016 22:21:46 +0000 (23:21 +0100)]
distorted.lisp: Fix nameservers for `dnserr' subzone.
Mark Wooding [Fri, 1 Jul 2016 21:31:05 +0000 (22:31 +0100)]
*.lisp: Arrange better authoritative nameservers.
* Don't try to use `ns6.gandi.net': it doesn't seem to work properly.
Specifically, it's rejecting all client requests with `REFUSED'.
* Add `national' as a new nameserver for most of the zones. It's a
reasonably reliable machine, geographically separate from the
existing nameservers, and in a very different AS. I use DNSSEC, so
its less trustworthy status isn't a big problem.
* Add `secondary-dns.co.uk' as a secondary for the A&A reverse zones.
I'm not convinced I can use that with glueful delegation, and it
doesn't currently seem worth trying.
Mark Wooding [Fri, 1 Jul 2016 21:28:36 +0000 (22:28 +0100)]
escorted.lisp: Use the correct `FOO.ns' nameserver names.
I think I must have copied this file from `odin.lisp' originally; that
has `FOO-ns' names instead because of a stupid limitation of Gandi, or
maybe the `.gg' registry.
Mark Wooding [Fri, 1 Jul 2016 21:26:12 +0000 (22:26 +0100)]
distorted.lisp, hosts.lisp: Sort `vampire' in with the other house servers.
Mark Wooding [Fri, 1 Jul 2016 21:19:14 +0000 (22:19 +0100)]
distorted.lisp: Refactor the nameserver stanza.
No actual change.
Mark Wooding [Fri, 1 Jul 2016 21:14:46 +0000 (22:14 +0100)]
Makefile, distorted.lisp, hosts.lisp: Finish renumbering for A&A switchover.
* Abolish the Hurricane Electric IPv6 range now that we have native
IPv6. I'm not going to try to do multihoming here. Therefore, the
A&A range takes over all of the house internal networks as well as
the border.
* Rearrange how the gateway addresses work. It turns out that I have
to allocate a little gateway network for the PPP terminating router:
otherwise, it uses the wrong default source address for the PPP
interface.
Mark Wooding [Mon, 27 Jun 2016 09:33:59 +0000 (10:33 +0100)]
hosts.lisp, distorted.lisp: Preliminary setup for migration to A&A.
Mark Wooding [Mon, 27 Jun 2016 09:33:40 +0000 (10:33 +0100)]
distorted.lisp: Reinstate `vampire' as nameserver.
Mark Wooding [Sun, 14 Feb 2016 02:51:16 +0000 (02:51 +0000)]
distorted.lisp: vampire is out of action, so remove it from NS lists.
Mark Wooding [Sun, 14 Feb 2016 02:33:48 +0000 (02:33 +0000)]
distorted.lisp: Rearrange telecaster's services a bit.
* Make sure the ftp service advertises a TLSA record.
* Merge the ftp and db stanzas in with the bugs and mailing-list
servers, which somehow managed to be at opposite ends of the
section.
* Move dyndns near the others, for company.
Mark Wooding [Sun, 7 Feb 2016 20:43:51 +0000 (20:43 +0000)]
New virtual server: universe.
Mark Wooding [Wed, 27 Jan 2016 18:06:18 +0000 (18:06 +0000)]
distorted.lisp: Actually publish default addresses for public services.
I broke these by adding the TLSA records carelessly. Maybe the zone
program should be fixed.
Mark Wooding [Wed, 27 Jan 2016 14:35:09 +0000 (14:35 +0000)]
distorted.lisp: Add `wiki' service name for jazz.
Mark Wooding [Wed, 27 Jan 2016 14:31:39 +0000 (14:31 +0000)]
distorted.lisp: Now using LetsEncrypt certificates on other servers.
Add the public keys and publish the TLSA records.
Mark Wooding [Wed, 27 Jan 2016 14:28:24 +0000 (14:28 +0000)]
distorted.lisp: Roll out LetsEncrypt certificates for other services.
Now Git and webmail services use certificates which external users might
actually believe.
Mark Wooding [Wed, 27 Jan 2016 14:23:16 +0000 (14:23 +0000)]
odin.lisp: Provide a TLSA record for the `odin' webserver.
Mark Wooding [Wed, 27 Jan 2016 14:04:30 +0000 (14:04 +0000)]
Use a public key for the main webserver's TLSA record.
We're changing CA to LetsEncrypt, so the old certificate won't work any
more. The LetsEncrypt certificate will change quite frequently, but the
public key is unchanged, so pin that in the TLSA record.
Mark Wooding [Wed, 27 Jan 2016 13:53:50 +0000 (13:53 +0000)]
distorted.lisp: Avoid repeating the tedious details for our internal CA.
Unfortunately, the best approach at the moment appears to be using the
`#n=' and `#n#' reader macros, which is rather bletcherous. Sorry.
Mark Wooding [Thu, 1 Oct 2015 07:07:52 +0000 (08:07 +0100)]
distorted.lisp, hosts.lisp: New virtual host `national'.
Hosted by Linode in Dallas, TX.
Mark Wooding [Thu, 1 Oct 2015 07:06:44 +0000 (08:06 +0100)]
Makefile, hosts.lisp: New network for untrusted hosts on the VPN.
Mark Wooding [Mon, 28 Sep 2015 09:41:42 +0000 (10:41 +0100)]
distorted.lisp: Add missing TLSA record for IMAPS.
Since we're providing public IMAPS on the right port, we ought to
authenticate the certificate.
Mark Wooding [Mon, 28 Sep 2015 09:35:02 +0000 (10:35 +0100)]
distorted.lisp: Add HTTPS TLSA record for mail.distorted.org.uk.
Shiny new Prayer-based webmail system.
Mark Wooding [Tue, 9 Jun 2015 22:21:02 +0000 (23:21 +0100)]
distorted.lisp: Add new records for the bug tracking system.
Mark Wooding [Tue, 9 Jun 2015 22:18:45 +0000 (23:18 +0100)]
distorted.lisp: No, there isn't an HTTPS certificate for the list server.
Mark Wooding [Tue, 9 Jun 2015 22:15:54 +0000 (23:15 +0100)]
distorted.lisp: Reformat mail server SRV records.
This makes it easier to add more.
Mark Wooding [Sat, 4 Apr 2015 17:04:17 +0000 (18:04 +0100)]
binswood.lisp: New master router; expunge dead devices.
Mark Wooding [Wed, 1 Apr 2015 19:49:38 +0000 (20:49 +0100)]
distorted.lisp: Expunge some old services allegedly running on vampire.
The wiki will probably end up on jazz. The others will just quietly
die.
Mark Wooding [Wed, 1 Apr 2015 19:49:15 +0000 (20:49 +0100)]
distorted.lisp: Prepare for a new listserver on telecaster.
Mark Wooding [Wed, 1 Apr 2015 17:07:56 +0000 (18:07 +0100)]
distorted.lisp, hosts.lisp: Move lespaul to the unsafe network.
Mark Wooding [Wed, 1 Apr 2015 17:03:32 +0000 (18:03 +0100)]
distorted.lisp, hosts.lisp: Sort client hosts by subnet.
Makes it a little easier to find the one you're looking for.
Mark Wooding [Wed, 1 Apr 2015 16:13:52 +0000 (17:13 +0100)]
distorted.lisp: Include nameservers in dhcp subzone.
This makes diffs slightly less cluttered.
Mark Wooding [Wed, 1 Apr 2015 16:09:12 +0000 (17:09 +0100)]
Makefile: Actually fail if nsdiff doesn't work.
Mark Wooding [Thu, 26 Mar 2015 01:45:58 +0000 (01:45 +0000)]
Include DS records explicitly; check them when diffing.
Mark Wooding [Wed, 25 Mar 2015 21:13:46 +0000 (21:13 +0000)]
distorted.lisp, hosts.lisp: Reverse entries for haze and gretsch.
Annoyingly, haze doesn't seem to be doing IPv6 over wifi at the
moment, but I'm living in hopes...
Mark Wooding [Wed, 25 Mar 2015 21:56:12 +0000 (21:56 +0000)]
Makefile: New target VIEW/ZONE.zonediff shows pending differences.
Requires Tony Finch's winning nsdiff(1) tool. See
http://dotat.at/prog/nsdiff/
Mark Wooding [Fri, 20 Mar 2015 20:34:00 +0000 (20:34 +0000)]
distorted.lisp, hosts.lisp: Assign theme names to the TP-Link switches.
Thanks to Owen Dunn for pointing me at some excellent names.
Mark Wooding [Fri, 20 Mar 2015 20:28:35 +0000 (20:28 +0000)]
distorted.lisp, hosts.lisp: Add entries for crybaby.unsafe.
Mark Wooding [Sat, 14 Mar 2015 12:05:00 +0000 (12:05 +0000)]
distorted.lisp, hosts.lisp: Assign VPN addresses to VPN hubs.
Now that we have trusted wireless networks, we want to be able to
allow hosts to use dynamically assigned addresses on those networks
and still claim their stable VPN addresses (e.g., for centralized
management). For this to work, the internal endpoint of the VPN hub
has to be outside of the internal network range.
This is currently especially broken for radius, since it's the main
router in the house network.
Mark Wooding [Thu, 12 Mar 2015 12:41:08 +0000 (12:41 +0000)]
hosts.lisp: evolution now speaks IPv6.
New hardware, new OS.
Mark Wooding [Tue, 17 Feb 2015 10:02:08 +0000 (10:02 +0000)]
distorted.lisp, hosts.lisp: Move groove to the unsafe network.
It's a proper host on the wired network now.
Mark Wooding [Mon, 16 Feb 2015 23:03:27 +0000 (23:03 +0000)]
distorted.lisp, hosts.lisp: Entries for the new switches.
Mark Wooding [Mon, 16 Feb 2015 22:57:47 +0000 (22:57 +0000)]
distorted.lisp: Reorder the network infrastructure hosts.
Mark Wooding [Fri, 13 Feb 2015 20:01:51 +0000 (20:01 +0000)]
distorted.lisp: Publish our standard abbreviated names in a subdomain.
We've been using abbreviated names for our hosts for ages, but haven't
published the abbrevations in DNS. Now they're all in the `abbrev'
subdomain, as CNAME records pointing at the primary names.
Also publish `strat.NET' and `tele.NET' aliases. I don't know why
these weren't published before.
This is a bit ugly. It'd be nice to work out a better way of doing it.
Mark Wooding [Mon, 9 Feb 2015 13:08:03 +0000 (13:08 +0000)]
distorted.lisp: Service name for keyserver.
Mark Wooding [Sat, 7 Feb 2015 19:46:24 +0000 (19:46 +0000)]
distorted.lisp, hosts.lisp: Proper VPN address for groove.
Also an SSH fingerprint.
Mark Wooding [Sat, 7 Feb 2015 13:43:01 +0000 (13:43 +0000)]
goodhstg.lisp: New domain `goodhstg.com'.
Mark Wooding [Sat, 7 Feb 2015 13:42:19 +0000 (13:42 +0000)]
hosts.lisp: Simple name for `jaguar', since it'll be hosting services.
Mark Wooding [Tue, 20 Jan 2015 10:43:52 +0000 (10:43 +0000)]
distorted.lisp: DHCP CNAME for new host `gretsch'.
Mark Wooding [Tue, 23 Dec 2014 11:58:20 +0000 (11:58 +0000)]
distorted.lisp: Abbreviate the certificate pathnames.
Mark Wooding [Mon, 22 Dec 2014 18:21:13 +0000 (18:21 +0000)]
Add some useful-looking TLSA records to hedge against CA uselessness.
Also to help convince outsiders about our own CA.
Mark Wooding [Sat, 19 Jul 2014 21:27:32 +0000 (22:27 +0100)]
distorted.lisp, keys/haze.sshfp: Deploy haze properly.
Mark Wooding [Mon, 14 Jul 2014 13:24:11 +0000 (14:24 +0100)]
ecorted.lisp, Makefile: New zone, because of a transcription error.
Mark Wooding [Thu, 3 Jul 2014 13:11:34 +0000 (14:11 +0100)]
hosts.lisp, distorted.org.uk: New VPN host `haze'.
Mark Wooding [Wed, 21 May 2014 16:06:08 +0000 (17:06 +0100)]
Hack :ANY pseudo-record type to cope with the new domain name objects.