Mark Wooding [Sun, 28 Apr 2024 15:18:06 +0000 (16:18 +0100)]
Makefile, hosts.lisp, distorted.lisp: Move `fender' home.
Mark Wooding [Sun, 28 Apr 2024 11:14:38 +0000 (12:14 +0100)]
hosts.lisp: Update chiark's IP address.
Mark Wooding [Sun, 28 Apr 2024 11:14:11 +0000 (12:14 +0100)]
Makefile: Allow command-line setting of `zone' options.
The new timeout options are particularly useful here.
Mark Wooding [Tue, 12 Mar 2024 10:51:12 +0000 (10:51 +0000)]
distorted.lisp: Publish `lpr' and `news'.
Mark Wooding [Tue, 6 Feb 2024 14:16:20 +0000 (14:16 +0000)]
hosts.lisp, distorted.lisp: Preparation for fender's move home.
Mark Wooding [Tue, 19 Dec 2023 15:01:22 +0000 (15:01 +0000)]
hosts.lisp, distorted.lisp: Add VPN address for `groove'.
Mark Wooding [Tue, 19 Dec 2023 15:00:44 +0000 (15:00 +0000)]
distorted.lisp: Add network-specific abbreviation for `groove.unsafe'.
Mark Wooding [Sat, 25 Feb 2023 13:27:11 +0000 (13:27 +0000)]
distorded.lisp: Move lpr service to roadstar.
Mark Wooding [Sat, 25 Feb 2023 13:17:28 +0000 (13:17 +0000)]
distorted.lisp: Remove orphan section heading.
Mark Wooding [Wed, 17 Aug 2022 17:19:29 +0000 (18:19 +0100)]
hosts.lisp: Fix Mythic's ns1 address.
Mark Wooding [Mon, 9 May 2022 22:25:33 +0000 (23:25 +0100)]
distorted.lisp, hosts.lisp: Welcome `mdwdev' to the VPN.
Mark Wooding [Mon, 9 May 2022 09:23:23 +0000 (10:23 +0100)]
distorted.lisp, hosts.lisp: Add Nicko's new VM `marshall'.
Mark Wooding [Mon, 9 May 2022 09:22:52 +0000 (10:22 +0100)]
distorted.lisp, hosts.lisp: Remove defunct host `jaguar'.
Mark Wooding [Mon, 9 Nov 2020 16:34:44 +0000 (16:34 +0000)]
distorted.lisp: Add an `lp0' alias for the printer.
There's no `lp' since it doesn't really make sense to fling jobs at an
arbitrary printer.
Mark Wooding [Mon, 9 Nov 2020 16:31:01 +0000 (16:31 +0000)]
distorted.lisp: Move printer into a new section for printers.
Rather than throwing it in with the wireless APs and hoping that nobody
notices, which was a terrible idea.
Mark Wooding [Tue, 28 Jul 2020 10:47:34 +0000 (11:47 +0100)]
distorted.lisp, hosts.lisp: Add new printer `burntaxe'.
Mark Wooding [Fri, 3 Jul 2020 13:14:36 +0000 (14:14 +0100)]
distorted.tex: Delete catastrphically obsolete document.
Mark Wooding [Thu, 16 Apr 2020 22:59:21 +0000 (23:59 +0100)]
distorted.lisp: Add aliases `ap0', `ap1' for the new access points.
Mark Wooding [Thu, 16 Apr 2020 11:48:35 +0000 (12:48 +0100)]
hosts.lisp, distorted.lisp: Add entries for new wireless access points.
Thanks for these, James.
Mark Wooding [Mon, 6 Apr 2020 18:58:20 +0000 (19:58 +0100)]
distorted.lisp, hosts.lisp: New laptop `spirit'.
Mark Wooding [Wed, 4 Jul 2018 17:44:58 +0000 (18:44 +0100)]
distorted.lisp: Don't advertise Lets Encrypt certs for submission or IMAP.
Mark Wooding [Wed, 4 Jul 2018 17:44:40 +0000 (18:44 +0100)]
distorted.lisp: Do the split-horizon thing for TLSA records.
Mark Wooding [Wed, 4 Jul 2018 17:16:47 +0000 (18:16 +0100)]
distorted.lisp: Include the correct TLSA record details for SMTP.
Thanks to Viktor Dukhovni for pointing out that I'd done it wrong.
Mark Wooding [Wed, 4 Jul 2018 17:06:51 +0000 (18:06 +0100)]
keys/https-artist.pub: Commit missing file.
Mark Wooding [Wed, 27 Jun 2018 08:25:48 +0000 (09:25 +0100)]
distorted.lisp: Prepare for LetsEncrypt certificate on outward IMAP/SMTP.
Some SMTP TLS checking tools complain about the use of private
certificate authorities by public SMTP servers. And I must admit that,
while an SMTP server which uses an unverifiable certificate is much
better than one which doesn't try to use TLS at all, it's not as good as
it could be. So I want to use a LetsEncrypt certificate here. Prepare
for this by publishing the service public key hash in the TLSA records.
Mark Wooding [Wed, 30 May 2018 17:20:58 +0000 (18:20 +0100)]
hosts.lisp: Delete chiark's IPv6 nameserver address.
It seems that chiark doesn't actually respond to DNS queries over IPv6
at all. Best not to ask it.
Mark Wooding [Wed, 27 Jun 2018 08:31:34 +0000 (09:31 +0100)]
distorted.lisp: Publish a TLSA record for `rawk'.
This now has active TLS.
Mark Wooding [Wed, 27 Jun 2018 08:29:34 +0000 (09:29 +0100)]
distorted.lisp: Delete the last mention of `pifi'.
It got replaced by `groove' back in 2015.
Mark Wooding [Sun, 1 Oct 2017 14:40:31 +0000 (15:40 +0100)]
hosts.lisp, distorted.lisp: Define a network for `hippotat'.
This is for Ian Jackson's `Asinine IP Over HTTP' utility.
Mark Wooding [Wed, 20 Sep 2017 22:01:28 +0000 (23:01 +0100)]
goodhstg.lisp: Abandon this domain.
I've cancelled it with the registrar, switched off the virtual server
which hosted it, and see no reason to continue maintaining the zone.
Mark Wooding [Wed, 20 Sep 2017 21:46:08 +0000 (22:46 +0100)]
*.lisp: Add CAA records to discourage wrong CAs from issuing.
CAs are generally uselsss and can't be relied on to take any notice, but
it's better than nothing.
Add a record for our own CA for form's sake, even though I don't take
any notice.
Mark Wooding [Wed, 20 Sep 2017 21:55:50 +0000 (22:55 +0100)]
hosts.lisp, distorted.lisp: Allocate an IPv6 range for DHCP.
The magic 32-bit hex string spells out `dhcp' in ASCII.
Mark Wooding [Wed, 19 Jul 2017 02:48:30 +0000 (03:48 +0100)]
*.lisp: Add `ns3.mythic-beasts.com' as another secondary.
For the zones registered with Mythic Beasts, anyway.
Mark Wooding [Wed, 19 Jul 2017 02:39:51 +0000 (03:39 +0100)]
hosts.lisp: Update IPv4 address for `ns1.mythic-beasts.com'.
Apparently it's changed. Somehow I managed to spot this before the
change was announced, through a temporary inconsistency in the DNS
records.
Mark Wooding [Sat, 8 Jul 2017 13:58:45 +0000 (14:58 +0100)]
keys/*.sshfp: Update to include the new
Ed25519 keys.
Mark Wooding [Fri, 1 Jul 2016 23:13:25 +0000 (00:13 +0100)]
Fix dynamic zones.
* Include the correct nameservers.
* Output a skeleton zone file for constructing updates.
Mark Wooding [Fri, 1 Jul 2016 22:21:46 +0000 (23:21 +0100)]
distorted.lisp: Fix nameservers for `dnserr' subzone.
Mark Wooding [Fri, 1 Jul 2016 21:31:05 +0000 (22:31 +0100)]
*.lisp: Arrange better authoritative nameservers.
* Don't try to use `ns6.gandi.net': it doesn't seem to work properly.
Specifically, it's rejecting all client requests with `REFUSED'.
* Add `national' as a new nameserver for most of the zones. It's a
reasonably reliable machine, geographically separate from the
existing nameservers, and in a very different AS. I use DNSSEC, so
its less trustworthy status isn't a big problem.
* Add `secondary-dns.co.uk' as a secondary for the A&A reverse zones.
I'm not convinced I can use that with glueful delegation, and it
doesn't currently seem worth trying.
Mark Wooding [Fri, 1 Jul 2016 21:28:36 +0000 (22:28 +0100)]
escorted.lisp: Use the correct `FOO.ns' nameserver names.
I think I must have copied this file from `odin.lisp' originally; that
has `FOO-ns' names instead because of a stupid limitation of Gandi, or
maybe the `.gg' registry.
Mark Wooding [Fri, 1 Jul 2016 21:26:12 +0000 (22:26 +0100)]
distorted.lisp, hosts.lisp: Sort `vampire' in with the other house servers.
Mark Wooding [Fri, 1 Jul 2016 21:19:14 +0000 (22:19 +0100)]
distorted.lisp: Refactor the nameserver stanza.
No actual change.
Mark Wooding [Fri, 1 Jul 2016 21:14:46 +0000 (22:14 +0100)]
Makefile, distorted.lisp, hosts.lisp: Finish renumbering for A&A switchover.
* Abolish the Hurricane Electric IPv6 range now that we have native
IPv6. I'm not going to try to do multihoming here. Therefore, the
A&A range takes over all of the house internal networks as well as
the border.
* Rearrange how the gateway addresses work. It turns out that I have
to allocate a little gateway network for the PPP terminating router:
otherwise, it uses the wrong default source address for the PPP
interface.
Mark Wooding [Mon, 27 Jun 2016 09:33:59 +0000 (10:33 +0100)]
hosts.lisp, distorted.lisp: Preliminary setup for migration to A&A.
Mark Wooding [Mon, 27 Jun 2016 09:33:40 +0000 (10:33 +0100)]
distorted.lisp: Reinstate `vampire' as nameserver.
Mark Wooding [Sun, 14 Feb 2016 02:51:16 +0000 (02:51 +0000)]
distorted.lisp: vampire is out of action, so remove it from NS lists.
Mark Wooding [Sun, 14 Feb 2016 02:33:48 +0000 (02:33 +0000)]
distorted.lisp: Rearrange telecaster's services a bit.
* Make sure the ftp service advertises a TLSA record.
* Merge the ftp and db stanzas in with the bugs and mailing-list
servers, which somehow managed to be at opposite ends of the
section.
* Move dyndns near the others, for company.
Mark Wooding [Sun, 7 Feb 2016 20:43:51 +0000 (20:43 +0000)]
New virtual server: universe.
Mark Wooding [Wed, 27 Jan 2016 18:06:18 +0000 (18:06 +0000)]
distorted.lisp: Actually publish default addresses for public services.
I broke these by adding the TLSA records carelessly. Maybe the zone
program should be fixed.
Mark Wooding [Wed, 27 Jan 2016 14:35:09 +0000 (14:35 +0000)]
distorted.lisp: Add `wiki' service name for jazz.
Mark Wooding [Wed, 27 Jan 2016 14:31:39 +0000 (14:31 +0000)]
distorted.lisp: Now using LetsEncrypt certificates on other servers.
Add the public keys and publish the TLSA records.
Mark Wooding [Wed, 27 Jan 2016 14:28:24 +0000 (14:28 +0000)]
distorted.lisp: Roll out LetsEncrypt certificates for other services.
Now Git and webmail services use certificates which external users might
actually believe.
Mark Wooding [Wed, 27 Jan 2016 14:23:16 +0000 (14:23 +0000)]
odin.lisp: Provide a TLSA record for the `odin' webserver.
Mark Wooding [Wed, 27 Jan 2016 14:04:30 +0000 (14:04 +0000)]
Use a public key for the main webserver's TLSA record.
We're changing CA to LetsEncrypt, so the old certificate won't work any
more. The LetsEncrypt certificate will change quite frequently, but the
public key is unchanged, so pin that in the TLSA record.
Mark Wooding [Wed, 27 Jan 2016 13:53:50 +0000 (13:53 +0000)]
distorted.lisp: Avoid repeating the tedious details for our internal CA.
Unfortunately, the best approach at the moment appears to be using the
`#n=' and `#n#' reader macros, which is rather bletcherous. Sorry.
Mark Wooding [Thu, 1 Oct 2015 07:07:52 +0000 (08:07 +0100)]
distorted.lisp, hosts.lisp: New virtual host `national'.
Hosted by Linode in Dallas, TX.
Mark Wooding [Thu, 1 Oct 2015 07:06:44 +0000 (08:06 +0100)]
Makefile, hosts.lisp: New network for untrusted hosts on the VPN.
Mark Wooding [Mon, 28 Sep 2015 09:41:42 +0000 (10:41 +0100)]
distorted.lisp: Add missing TLSA record for IMAPS.
Since we're providing public IMAPS on the right port, we ought to
authenticate the certificate.
Mark Wooding [Mon, 28 Sep 2015 09:35:02 +0000 (10:35 +0100)]
distorted.lisp: Add HTTPS TLSA record for mail.distorted.org.uk.
Shiny new Prayer-based webmail system.
Mark Wooding [Tue, 9 Jun 2015 22:21:02 +0000 (23:21 +0100)]
distorted.lisp: Add new records for the bug tracking system.
Mark Wooding [Tue, 9 Jun 2015 22:18:45 +0000 (23:18 +0100)]
distorted.lisp: No, there isn't an HTTPS certificate for the list server.
Mark Wooding [Tue, 9 Jun 2015 22:15:54 +0000 (23:15 +0100)]
distorted.lisp: Reformat mail server SRV records.
This makes it easier to add more.
Mark Wooding [Sat, 4 Apr 2015 17:04:17 +0000 (18:04 +0100)]
binswood.lisp: New master router; expunge dead devices.
Mark Wooding [Wed, 1 Apr 2015 19:49:38 +0000 (20:49 +0100)]
distorted.lisp: Expunge some old services allegedly running on vampire.
The wiki will probably end up on jazz. The others will just quietly
die.
Mark Wooding [Wed, 1 Apr 2015 19:49:15 +0000 (20:49 +0100)]
distorted.lisp: Prepare for a new listserver on telecaster.
Mark Wooding [Wed, 1 Apr 2015 17:07:56 +0000 (18:07 +0100)]
distorted.lisp, hosts.lisp: Move lespaul to the unsafe network.
Mark Wooding [Wed, 1 Apr 2015 17:03:32 +0000 (18:03 +0100)]
distorted.lisp, hosts.lisp: Sort client hosts by subnet.
Makes it a little easier to find the one you're looking for.
Mark Wooding [Wed, 1 Apr 2015 16:13:52 +0000 (17:13 +0100)]
distorted.lisp: Include nameservers in dhcp subzone.
This makes diffs slightly less cluttered.
Mark Wooding [Wed, 1 Apr 2015 16:09:12 +0000 (17:09 +0100)]
Makefile: Actually fail if nsdiff doesn't work.
Mark Wooding [Thu, 26 Mar 2015 01:45:58 +0000 (01:45 +0000)]
Include DS records explicitly; check them when diffing.
Mark Wooding [Wed, 25 Mar 2015 21:13:46 +0000 (21:13 +0000)]
distorted.lisp, hosts.lisp: Reverse entries for haze and gretsch.
Annoyingly, haze doesn't seem to be doing IPv6 over wifi at the
moment, but I'm living in hopes...
Mark Wooding [Wed, 25 Mar 2015 21:56:12 +0000 (21:56 +0000)]
Makefile: New target VIEW/ZONE.zonediff shows pending differences.
Requires Tony Finch's winning nsdiff(1) tool. See
http://dotat.at/prog/nsdiff/
Mark Wooding [Fri, 20 Mar 2015 20:34:00 +0000 (20:34 +0000)]
distorted.lisp, hosts.lisp: Assign theme names to the TP-Link switches.
Thanks to Owen Dunn for pointing me at some excellent names.
Mark Wooding [Fri, 20 Mar 2015 20:28:35 +0000 (20:28 +0000)]
distorted.lisp, hosts.lisp: Add entries for crybaby.unsafe.
Mark Wooding [Sat, 14 Mar 2015 12:05:00 +0000 (12:05 +0000)]
distorted.lisp, hosts.lisp: Assign VPN addresses to VPN hubs.
Now that we have trusted wireless networks, we want to be able to
allow hosts to use dynamically assigned addresses on those networks
and still claim their stable VPN addresses (e.g., for centralized
management). For this to work, the internal endpoint of the VPN hub
has to be outside of the internal network range.
This is currently especially broken for radius, since it's the main
router in the house network.
Mark Wooding [Thu, 12 Mar 2015 12:41:08 +0000 (12:41 +0000)]
hosts.lisp: evolution now speaks IPv6.
New hardware, new OS.
Mark Wooding [Tue, 17 Feb 2015 10:02:08 +0000 (10:02 +0000)]
distorted.lisp, hosts.lisp: Move groove to the unsafe network.
It's a proper host on the wired network now.
Mark Wooding [Mon, 16 Feb 2015 23:03:27 +0000 (23:03 +0000)]
distorted.lisp, hosts.lisp: Entries for the new switches.
Mark Wooding [Mon, 16 Feb 2015 22:57:47 +0000 (22:57 +0000)]
distorted.lisp: Reorder the network infrastructure hosts.
Mark Wooding [Fri, 13 Feb 2015 20:01:51 +0000 (20:01 +0000)]
distorted.lisp: Publish our standard abbreviated names in a subdomain.
We've been using abbreviated names for our hosts for ages, but haven't
published the abbrevations in DNS. Now they're all in the `abbrev'
subdomain, as CNAME records pointing at the primary names.
Also publish `strat.NET' and `tele.NET' aliases. I don't know why
these weren't published before.
This is a bit ugly. It'd be nice to work out a better way of doing it.
Mark Wooding [Mon, 9 Feb 2015 13:08:03 +0000 (13:08 +0000)]
distorted.lisp: Service name for keyserver.
Mark Wooding [Sat, 7 Feb 2015 19:46:24 +0000 (19:46 +0000)]
distorted.lisp, hosts.lisp: Proper VPN address for groove.
Also an SSH fingerprint.
Mark Wooding [Sat, 7 Feb 2015 13:43:01 +0000 (13:43 +0000)]
goodhstg.lisp: New domain `goodhstg.com'.
Mark Wooding [Sat, 7 Feb 2015 13:42:19 +0000 (13:42 +0000)]
hosts.lisp: Simple name for `jaguar', since it'll be hosting services.
Mark Wooding [Tue, 20 Jan 2015 10:43:52 +0000 (10:43 +0000)]
distorted.lisp: DHCP CNAME for new host `gretsch'.
Mark Wooding [Tue, 23 Dec 2014 11:58:20 +0000 (11:58 +0000)]
distorted.lisp: Abbreviate the certificate pathnames.
Mark Wooding [Mon, 22 Dec 2014 18:21:13 +0000 (18:21 +0000)]
Add some useful-looking TLSA records to hedge against CA uselessness.
Also to help convince outsiders about our own CA.
Mark Wooding [Sat, 19 Jul 2014 21:27:32 +0000 (22:27 +0100)]
distorted.lisp, keys/haze.sshfp: Deploy haze properly.
Mark Wooding [Mon, 14 Jul 2014 13:24:11 +0000 (14:24 +0100)]
ecorted.lisp, Makefile: New zone, because of a transcription error.
Mark Wooding [Thu, 3 Jul 2014 13:11:34 +0000 (14:11 +0100)]
hosts.lisp, distorted.org.uk: New VPN host `haze'.
Mark Wooding [Wed, 21 May 2014 16:06:08 +0000 (17:06 +0100)]
Hack :ANY pseudo-record type to cope with the new domain name objects.
Mark Wooding [Mon, 12 May 2014 18:01:26 +0000 (19:01 +0100)]
distorted.lisp: Add MX for blackhole.
Mark Wooding [Sun, 4 May 2014 12:13:28 +0000 (13:13 +0100)]
binswood.lisp: Publish records for the web server.
Mark Wooding [Tue, 29 Apr 2014 17:28:47 +0000 (18:28 +0100)]
odin.lisp: Back to `NAME-ns.odin.gg' names for in-bailiwick nameservers.
Apparently the registry is hopeless and can't cope with multi-label
glue records.
Mark Wooding [Sun, 27 Apr 2014 22:33:47 +0000 (23:33 +0100)]
distorted.lisp: The record for `iodine' shouldn't override jazz's PTR.
Mark Wooding [Fri, 25 Apr 2014 23:16:50 +0000 (00:16 +0100)]
distorted.lisp: Emit reverse zones for optimistic RFC2317 delegations.
Mark Wooding [Fri, 25 Apr 2014 17:04:33 +0000 (18:04 +0100)]
Update IPv6 and SSHFP records for jaguar.
Mark Wooding [Tue, 22 Apr 2014 15:38:13 +0000 (16:38 +0100)]
distorted.lisp: Make `dyndns' be external only.
A useful application is catching external IP addresses for satellite
sites, and this doesn't work if the connection goes via the VPN.
Mark Wooding [Mon, 21 Apr 2014 21:22:18 +0000 (22:22 +0100)]
hosts.lisp: Move VPN and anycast hosts to ...:1.
Linux thinks that host addresses which coincide with network base
addresses are `anycast', and that this means that it shouldn't send
ICMP errors to them. This is obviously ridiculous. so move hosts to
address ...:1 to prevent this stupidity.
Mark Wooding [Mon, 21 Apr 2014 15:27:23 +0000 (16:27 +0100)]
hosts.lisp, distorted.lisp: Fix records for `richmond'.
Add the IPv6 address, because it seems to respond just fine to IPv6;
and arrange to put the correct name in the reverse zone.
Mark Wooding [Mon, 21 Apr 2014 15:26:41 +0000 (16:26 +0100)]
hosts.lisp: Make the IPv6 entry for `blackhole' more presentable.
Now we have proper address-suffix notation.