Mark Wooding [Wed, 1 Apr 2015 19:49:15 +0000 (20:49 +0100)]
distorted.lisp: Prepare for a new listserver on telecaster.
Mark Wooding [Wed, 1 Apr 2015 17:07:56 +0000 (18:07 +0100)]
distorted.lisp, hosts.lisp: Move lespaul to the unsafe network.
Mark Wooding [Wed, 1 Apr 2015 17:03:32 +0000 (18:03 +0100)]
distorted.lisp, hosts.lisp: Sort client hosts by subnet.
Makes it a little easier to find the one you're looking for.
Mark Wooding [Wed, 1 Apr 2015 16:13:52 +0000 (17:13 +0100)]
distorted.lisp: Include nameservers in dhcp subzone.
This makes diffs slightly less cluttered.
Mark Wooding [Wed, 1 Apr 2015 16:09:12 +0000 (17:09 +0100)]
Makefile: Actually fail if nsdiff doesn't work.
Mark Wooding [Thu, 26 Mar 2015 01:45:58 +0000 (01:45 +0000)]
Include DS records explicitly; check them when diffing.
Mark Wooding [Wed, 25 Mar 2015 21:13:46 +0000 (21:13 +0000)]
distorted.lisp, hosts.lisp: Reverse entries for haze and gretsch.
Annoyingly, haze doesn't seem to be doing IPv6 over wifi at the
moment, but I'm living in hopes...
Mark Wooding [Wed, 25 Mar 2015 21:56:12 +0000 (21:56 +0000)]
Makefile: New target VIEW/ZONE.zonediff shows pending differences.
Requires Tony Finch's winning nsdiff(1) tool. See
http://dotat.at/prog/nsdiff/
Mark Wooding [Fri, 20 Mar 2015 20:34:00 +0000 (20:34 +0000)]
distorted.lisp, hosts.lisp: Assign theme names to the TP-Link switches.
Thanks to Owen Dunn for pointing me at some excellent names.
Mark Wooding [Fri, 20 Mar 2015 20:28:35 +0000 (20:28 +0000)]
distorted.lisp, hosts.lisp: Add entries for crybaby.unsafe.
Mark Wooding [Sat, 14 Mar 2015 12:05:00 +0000 (12:05 +0000)]
distorted.lisp, hosts.lisp: Assign VPN addresses to VPN hubs.
Now that we have trusted wireless networks, we want to be able to
allow hosts to use dynamically assigned addresses on those networks
and still claim their stable VPN addresses (e.g., for centralized
management). For this to work, the internal endpoint of the VPN hub
has to be outside of the internal network range.
This is currently especially broken for radius, since it's the main
router in the house network.
Mark Wooding [Thu, 12 Mar 2015 12:41:08 +0000 (12:41 +0000)]
hosts.lisp: evolution now speaks IPv6.
New hardware, new OS.
Mark Wooding [Tue, 17 Feb 2015 10:02:08 +0000 (10:02 +0000)]
distorted.lisp, hosts.lisp: Move groove to the unsafe network.
It's a proper host on the wired network now.
Mark Wooding [Mon, 16 Feb 2015 23:03:27 +0000 (23:03 +0000)]
distorted.lisp, hosts.lisp: Entries for the new switches.
Mark Wooding [Mon, 16 Feb 2015 22:57:47 +0000 (22:57 +0000)]
distorted.lisp: Reorder the network infrastructure hosts.
Mark Wooding [Fri, 13 Feb 2015 20:01:51 +0000 (20:01 +0000)]
distorted.lisp: Publish our standard abbreviated names in a subdomain.
We've been using abbreviated names for our hosts for ages, but haven't
published the abbrevations in DNS. Now they're all in the `abbrev'
subdomain, as CNAME records pointing at the primary names.
Also publish `strat.NET' and `tele.NET' aliases. I don't know why
these weren't published before.
This is a bit ugly. It'd be nice to work out a better way of doing it.
Mark Wooding [Mon, 9 Feb 2015 13:08:03 +0000 (13:08 +0000)]
distorted.lisp: Service name for keyserver.
Mark Wooding [Sat, 7 Feb 2015 19:46:24 +0000 (19:46 +0000)]
distorted.lisp, hosts.lisp: Proper VPN address for groove.
Also an SSH fingerprint.
Mark Wooding [Sat, 7 Feb 2015 13:43:01 +0000 (13:43 +0000)]
goodhstg.lisp: New domain `goodhstg.com'.
Mark Wooding [Sat, 7 Feb 2015 13:42:19 +0000 (13:42 +0000)]
hosts.lisp: Simple name for `jaguar', since it'll be hosting services.
Mark Wooding [Tue, 20 Jan 2015 10:43:52 +0000 (10:43 +0000)]
distorted.lisp: DHCP CNAME for new host `gretsch'.
Mark Wooding [Tue, 23 Dec 2014 11:58:20 +0000 (11:58 +0000)]
distorted.lisp: Abbreviate the certificate pathnames.
Mark Wooding [Mon, 22 Dec 2014 18:21:13 +0000 (18:21 +0000)]
Add some useful-looking TLSA records to hedge against CA uselessness.
Also to help convince outsiders about our own CA.
Mark Wooding [Sat, 19 Jul 2014 21:27:32 +0000 (22:27 +0100)]
distorted.lisp, keys/haze.sshfp: Deploy haze properly.
Mark Wooding [Mon, 14 Jul 2014 13:24:11 +0000 (14:24 +0100)]
ecorted.lisp, Makefile: New zone, because of a transcription error.
Mark Wooding [Thu, 3 Jul 2014 13:11:34 +0000 (14:11 +0100)]
hosts.lisp, distorted.org.uk: New VPN host `haze'.
Mark Wooding [Wed, 21 May 2014 16:06:08 +0000 (17:06 +0100)]
Hack :ANY pseudo-record type to cope with the new domain name objects.
Mark Wooding [Mon, 12 May 2014 18:01:26 +0000 (19:01 +0100)]
distorted.lisp: Add MX for blackhole.
Mark Wooding [Sun, 4 May 2014 12:13:28 +0000 (13:13 +0100)]
binswood.lisp: Publish records for the web server.
Mark Wooding [Tue, 29 Apr 2014 17:28:47 +0000 (18:28 +0100)]
odin.lisp: Back to `NAME-ns.odin.gg' names for in-bailiwick nameservers.
Apparently the registry is hopeless and can't cope with multi-label
glue records.
Mark Wooding [Sun, 27 Apr 2014 22:33:47 +0000 (23:33 +0100)]
distorted.lisp: The record for `iodine' shouldn't override jazz's PTR.
Mark Wooding [Fri, 25 Apr 2014 23:16:50 +0000 (00:16 +0100)]
distorted.lisp: Emit reverse zones for optimistic RFC2317 delegations.
Mark Wooding [Fri, 25 Apr 2014 17:04:33 +0000 (18:04 +0100)]
Update IPv6 and SSHFP records for jaguar.
Mark Wooding [Tue, 22 Apr 2014 15:38:13 +0000 (16:38 +0100)]
distorted.lisp: Make `dyndns' be external only.
A useful application is catching external IP addresses for satellite
sites, and this doesn't work if the connection goes via the VPN.
Mark Wooding [Mon, 21 Apr 2014 21:22:18 +0000 (22:22 +0100)]
hosts.lisp: Move VPN and anycast hosts to ...:1.
Linux thinks that host addresses which coincide with network base
addresses are `anycast', and that this means that it shouldn't send
ICMP errors to them. This is obviously ridiculous. so move hosts to
address ...:1 to prevent this stupidity.
Mark Wooding [Mon, 21 Apr 2014 15:27:23 +0000 (16:27 +0100)]
hosts.lisp, distorted.lisp: Fix records for `richmond'.
Add the IPv6 address, because it seems to respond just fine to IPv6;
and arrange to put the correct name in the reverse zone.
Mark Wooding [Mon, 21 Apr 2014 15:26:41 +0000 (16:26 +0100)]
hosts.lisp: Make the IPv6 entry for `blackhole' more presentable.
Now we have proper address-suffix notation.
Mark Wooding [Mon, 21 Apr 2014 13:46:33 +0000 (14:46 +0100)]
hosts.lisp, distorted.lisp: Reinstate IPv6 addresses for `www-cache'!
Upgrading to squid3 was very easy, and it supports IPv6 just fine.
This reverts commit
43fc56bd687d70a16ec7cc6921e5a7681fe2674d.
Mark Wooding [Sun, 20 Apr 2014 13:44:41 +0000 (14:44 +0100)]
Add telecaster as a public-facing nameserver.
Annoyingly, precision has been a little flaky recently. Provide some
good colocated backup.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
distorted.lisp: Use `do-host' now that it's exported.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
hosts.lisp, distorted.lisp: Remove IPv6 addresses for `www-cache'.
At the moment squid doesn't handle IPv6 at all, so this is a dead loss.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
hosts.lisp: Replacing IPv6 host routes with /112 networks.
Linux has a bug: it doesn't make route cache entries for remote hosts if
there's already a host route, and it only attaches path-MTU information
to cache entries. The result is that it doesn't handle ICMPv6 `packet
too big' messages properly for destinations with host routes.
I'm bodging this by replacing all of the host routes with tiny /112
networks. It's awful, but it seems to work. The convention is that the
`host part' of the net is always zero.
Mark Wooding [Thu, 17 Apr 2014 17:58:30 +0000 (18:58 +0100)]
distorted.lisp: Service name `dyndns' for telecaster.
Mark Wooding [Wed, 16 Apr 2014 14:57:30 +0000 (15:57 +0100)]
Include IPv6 addresses for dynamic hosts.
It's easiest to stuff these in a dummy zone and get the magic
machinery to make the reverse records.
Mark Wooding [Wed, 16 Apr 2014 13:46:14 +0000 (14:46 +0100)]
odin.lisp: Bring Gandi's nameserver in-bailiwick.
Mark Wooding [Wed, 16 Apr 2014 13:45:27 +0000 (14:45 +0100)]
hosts.lisp: Mark IPv4-only hosts as being such.
Mark Wooding [Tue, 15 Apr 2014 17:43:42 +0000 (18:43 +0100)]
distorted.lisp: IPv6 reverse zones.
Mark Wooding [Tue, 15 Apr 2014 17:18:23 +0000 (18:18 +0100)]
distorted.lisp: Use out-of-zone nameservers for reverse zones.
Kind of cluttery with the A records in there, and it's rather less
critical than the forward zones.
Mark Wooding [Tue, 15 Apr 2014 17:15:35 +0000 (18:15 +0100)]
Publish IPv6 addresses for hosts which can cope.
Mark Wooding [Tue, 15 Apr 2014 16:59:03 +0000 (17:59 +0100)]
distorted.lisp: Use `:addr' records for hosts.
The `:a' only makes IPv4 records.
Mark Wooding [Tue, 15 Apr 2014 16:41:05 +0000 (17:41 +0100)]
distorted.lisp: Better processing of anycast addresses.
Introduce a custom `:anycast' record parser which hacks on descriptions
of which address families provide which services and does the right
thing.
This stuff is complicated because IPv6 anycast addresses actually
work globally so we might as well publish them properly. Also, actual
anycast addresses have dedicated allocations, so it's right to maintain
PTR records for them; but the static-provider addresses are service
names and don't want reverse records.
Mark Wooding [Tue, 15 Apr 2014 16:26:59 +0000 (17:26 +0100)]
distorted.lisp: Use `:multi' because `:cidr-delegation' has gone away.
Mark Wooding [Tue, 15 Apr 2014 16:08:46 +0000 (17:08 +0100)]
Move lots of key files into a subdirectory.
New `zone' will find them, by magic. Also prettify the DKIM stanzas
slightly.
Mark Wooding [Thu, 3 Apr 2014 17:46:26 +0000 (18:46 +0100)]
Publish SSHFP records in the DNS.
Machinery for fetching the fingerprints (relying on the existing CA) is
also included. I'm checking in the fingerprint files because I want to
track how they evolve.
Mark Wooding [Thu, 3 Apr 2014 14:19:15 +0000 (15:19 +0100)]
Domain keys support.
Mark Wooding [Thu, 3 Apr 2014 14:18:34 +0000 (15:18 +0100)]
distorted.lisp: Whitespace cleanup.
Mark Wooding [Thu, 13 Mar 2014 01:55:54 +0000 (01:55 +0000)]
distorted.lisp: Arrange for artist to front for pifi generally.
The previous situation was a disaster: because orange is a VPN host,
it's not allowed to communicate directly with untrusted clients, but
not all clients can easily be persuaded to use www-cache. So just
give up and proxy everything.
Mark Wooding [Sun, 9 Mar 2014 18:35:05 +0000 (18:35 +0000)]
distorted.lisp: FTP now on telecaster; `mirror' alias for roadstar.
Mark Wooding [Sat, 22 Feb 2014 15:29:18 +0000 (15:29 +0000)]
distorted.lisp: `db' now hosted on telecaster.
Mark Wooding [Fri, 21 Feb 2014 14:58:32 +0000 (14:58 +0000)]
binswood.lisp: Stable addreess for spare printer.
Mark Wooding [Fri, 14 Feb 2014 18:39:01 +0000 (18:39 +0000)]
distorted.lisp: Point `pifi' to `orange.dhcp' internally.
Mark Wooding [Sun, 26 Jan 2014 13:47:38 +0000 (13:47 +0000)]
distorted.lisp, odin.lisp: Move main mail service to stratocaster.
And there was much rejoicing.
Mark Wooding [Sun, 29 Dec 2013 21:20:49 +0000 (21:20 +0000)]
distorted.lisp, odin.lisp: Reduce TTL for mail servers.
They ought to be changing soon.
Mark Wooding [Sun, 24 Nov 2013 23:34:44 +0000 (23:34 +0000)]
No longer serving harlequin.org.uk or felixpearce.com.
Mark Wooding [Sun, 24 Nov 2013 23:34:29 +0000 (23:34 +0000)]
binswood.lisp: Placeholder for web service.
Mark Wooding [Tue, 3 Sep 2013 16:50:20 +0000 (17:50 +0100)]
New domain odin.gg.
Really silly vanity domain.
Mark Wooding [Mon, 2 Sep 2013 13:45:41 +0000 (14:45 +0100)]
hosts.lisp, distorted.lisp: Allocate address for jaguar.
Mark Wooding [Wed, 14 Aug 2013 00:56:50 +0000 (01:56 +0100)]
distorted.lisp: Use the proper address for `guvnor' internally.
Mark Wooding [Mon, 8 Apr 2013 12:25:07 +0000 (13:25 +0100)]
hosts.lisp, distorted.lisp: Move anonymity services to jazz.
Mark Wooding [Sun, 7 Apr 2013 14:04:34 +0000 (15:04 +0100)]
binswood.lisp: Static allocation for Wifi client gadget.
Mark Wooding [Sun, 7 Apr 2013 14:01:26 +0000 (15:01 +0100)]
binswood.lisp, hosts.lisp: Move network definition to specific file.
Mark Wooding [Wed, 20 Mar 2013 22:51:16 +0000 (22:51 +0000)]
distorted.lisp, hosts.lisp: Evict records for mango.
Mark Wooding [Wed, 20 Mar 2013 22:50:37 +0000 (22:50 +0000)]
felixpearce.com: Move hosting to stratocaster.
Mark Wooding [Fri, 22 Feb 2013 09:54:47 +0000 (09:54 +0000)]
distorted.lisp: Host vox on jazz.
Mark Wooding [Sun, 10 Feb 2013 13:10:37 +0000 (13:10 +0000)]
binswood.lisp, hosts.lisp: Stable name and address for the printer.
Mark Wooding [Sun, 27 Jan 2013 20:52:44 +0000 (20:52 +0000)]
hosts.lisp, distorted.lisp: artist is on the untrusted network.
For some reason evo was still partially listed with that address.
Mark Wooding [Thu, 24 Jan 2013 21:07:09 +0000 (21:07 +0000)]
New domain `binswood.org.uk'.
Mark Wooding [Thu, 24 Jan 2013 21:05:59 +0000 (21:05 +0000)]
distorted.lisp: New zone for dynamic DNS service.
Mark Wooding [Thu, 24 Jan 2013 21:04:46 +0000 (21:04 +0000)]
Makefile: Prettify declaraions of other zones.
Mark Wooding [Fri, 18 Jan 2013 01:12:20 +0000 (01:12 +0000)]
distorted.lisp: Proxy pifi via artist for external users.
Mark Wooding [Thu, 17 Jan 2013 23:44:35 +0000 (23:44 +0000)]
distorted.lisp: Service name `pifi' for lounge jukebox
Mark Wooding [Thu, 17 Jan 2013 23:44:01 +0000 (23:44 +0000)]
distorted.lisp: Move main www service to stratocaster.
Mark Wooding [Thu, 17 Jan 2013 23:41:52 +0000 (23:41 +0000)]
Makefile: `vpn' is a preferred subnet for the inside view
Mark Wooding [Sun, 13 Jan 2013 22:11:03 +0000 (22:11 +0000)]
distorted.lisp: Give rawk a more sensible external address.
Mark Wooding [Sun, 13 Jan 2013 18:52:11 +0000 (18:52 +0000)]
hosts.lisp, distorted.lisp: Addresses for Raspberry Pi VPN devices.
Mark Wooding [Sun, 13 Jan 2013 18:51:54 +0000 (18:51 +0000)]
distorted.lisp: Move Git service to stratocaster.
Mark Wooding [Fri, 28 Dec 2012 22:49:47 +0000 (22:49 +0000)]
distorted.lisp, hosts.lisp: Move Kerberos, and use anycast.
Move the Kerberos master server to radius, and set up slave servers,
for performance and reliability, using anycast addresses.
Mark Wooding [Fri, 28 Dec 2012 17:56:46 +0000 (17:56 +0000)]
distorted.lisp: Move `rawk' server (back?) to artist.
Mark Wooding [Fri, 28 Dec 2012 17:55:32 +0000 (17:55 +0000)]
distorted.lisp: Announce `cabal' internal webserver.
Mark Wooding [Thu, 13 Dec 2012 17:48:38 +0000 (17:48 +0000)]
distorted.lisp: Move IRC server to jazz.
Mark Wooding [Sun, 9 Dec 2012 17:31:43 +0000 (17:31 +0000)]
distorted.lisp, hosts.lisp: Move iodine endpoint to jazz.
We no longer need the special address, because this is the only DNS
server jazz runs.
Mark Wooding [Sun, 9 Dec 2012 17:30:57 +0000 (17:30 +0000)]
distorted.lisp: Make roadstar the official house web proxy.
Mark Wooding [Sat, 8 Dec 2012 15:06:57 +0000 (15:06 +0000)]
Makefile, distorted.lisp: Deploy anycast services.
Mark Wooding [Sat, 25 Aug 2012 10:00:16 +0000 (03:00 -0700)]
hosts.lisp, distorted.lisp: Add Nicko's virtual server `richmond'.
Mark Wooding [Mon, 30 Jul 2012 00:31:08 +0000 (01:31 +0100)]
distorted.lisp: Announce an IRC server.
Mark Wooding [Thu, 26 Apr 2012 00:58:24 +0000 (01:58 +0100)]
Use precision as an official nameserver.
Withdraw vampire as an externally visible nameserver. It remains a
stealth secondary, and continues to serve internal views.
Mark Wooding [Wed, 25 Apr 2012 21:41:57 +0000 (22:41 +0100)]
distorted.lisp: Announce internal addresses for colocated servers.
Mark Wooding [Fri, 30 Mar 2012 22:51:00 +0000 (23:51 +0100)]
distorted.lisp: A new subzone `dnserr' full of wrong things.
Mark Wooding [Fri, 30 Mar 2012 22:50:00 +0000 (23:50 +0100)]
hosts.lisp, distorted.lisp: New `blackhole' address.
All IP packets to this address will be dropped silently. Useful for
strange testing.
Mark Wooding [Fri, 30 Mar 2012 22:48:02 +0000 (23:48 +0100)]
hosts.lisp, distorted.lisp: Allocate a separate address for iodine.
This is the only way of getting it to work, it seems. BIND9 can be
persuaded to serve using a nonstandard port, but it has no way to
forward to another server listening on such a port. This is obviously
crazy, but I'm still running a surplus of addresses.