diff options
| author | Lexi Winter <lexi@le-fay.org> | 2025-07-28 12:04:16 +0100 |
|---|---|---|
| committer | Lexi Winter <lexi@le-fay.org> | 2025-07-28 12:04:16 +0100 |
| commit | 1904ebb064121c6a8f54b2bbe2eeccc1c4f55896 (patch) | |
| tree | c60ffeec5e4b0c50a5c7c820895e493bc606db40 | |
| parent | 91c51c1b0e740ce8a09254d405afd41fca872ac4 (diff) | |
| download | dns-1904ebb064121c6a8f54b2bbe2eeccc1c4f55896.tar.gz dns-1904ebb064121c6a8f54b2bbe2eeccc1c4f55896.tar.bz2 | |
remove dn42
| -rw-r--r-- | Makefile | 11 | ||||
| -rw-r--r-- | Makefile.inc.unbound | 2 | ||||
| -rwxr-xr-x | bin/get_catalog | 3 | ||||
| -rw-r--r-- | unbound.conf.erb | 23 | ||||
| -rw-r--r-- | zones/0_26.76.23.172.in-addr.arpa.zone.erb | 23 | ||||
| -rw-r--r-- | zones/b.6.0.b.3.8.a.0.b.5.d.f.ip6.arpa.zone.erb | 42 | ||||
| -rw-r--r-- | zones/le-fay.dn42.zone.erb | 59 | ||||
| -rw-r--r-- | zones/le-fay.org.zone.erb | 4 |
8 files changed, 2 insertions, 165 deletions
@@ -31,20 +31,9 @@ NS_ADDRS!= set -o pipefail; \ getent hosts ${NAMESERVERS} | awk '{print $$1}' -### The DN42 master server. -DN42_MASTER= fd42:4242:2601:ac53::1 - - # The zones we serve; fetch this list from the catalog zone. ZONES!= bin/get_catalog "catalog.invalid" "${MASTER}" -# These zones are used for DN42. -DN42_ZONES= \ - dn42 \ - d.f.ip6.arpa \ - 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa \ - 23.172.in-addr.arpa 31.172.in-addr.arpa - # These zones are always insecure, because they don't exist on the Internet. INSECURE_ZONES= \ 18.198.in-addr.arpa diff --git a/Makefile.inc.unbound b/Makefile.inc.unbound index 7dad766..29e52aa 100644 --- a/Makefile.inc.unbound +++ b/Makefile.inc.unbound @@ -11,8 +11,6 @@ UNBOUND_PROCESS_FLAGS?= \ -Dns_addrs="${NS_ADDRS}" \ -Dlocal_zones="${ZONES}" \ -Dinsecure_zones="${INSECURE_ZONES}" \ - -Ddn42_zones="${DN42_ZONES}" \ - -Ddn42_master="${DN42_MASTER}" \ -Dforwarders="${UNBOUND_FORWARDERS}" unbound: diff --git a/bin/get_catalog b/bin/get_catalog index 4c069ac..addd365 100755 --- a/bin/get_catalog +++ b/bin/get_catalog @@ -44,8 +44,7 @@ def print_catalog(zone): nodes = [node for (name, node) in zone.nodes.items() - if len(name) == 2 and name[1] == b"zones" - and not "dn42" in origin(name)] + if len(name) == 2 and name[1] == b"zones"] ptrs = [str(ptr.target).rstrip('.') for node in nodes diff --git a/unbound.conf.erb b/unbound.conf.erb index 1cf8d4a..5edf4ad 100644 --- a/unbound.conf.erb +++ b/unbound.conf.erb @@ -41,11 +41,6 @@ server: private-address: 64:ff9b::/96 include: "<%= confdir %>/private_ldap.conf" - # Add the DN42 IPv4 address space to private-address. This ensures - # we'll never return an A record for a DN42 name query, because we - # don't route DN42 IPv4 internally. - private-address: 172.16.0.0/12 - # General tuning. prefer-ip6: yes rrset-cache-size: 128m @@ -101,13 +96,6 @@ server: domain-insecure: <%= zone %> <% end -%> - # DN42 zones. These don't need to be private, but should be insecure - # for now. Ideally we'd have a way to validate these properly. -<% dn42_zones.split.each do |zone| -%> - local-zone: <%= zone %>. nodefault - domain-insecure: <%= zone %>. -<% end -%> - remote-control: control-enable: yes control-interface: ::1 @@ -162,14 +150,3 @@ auth-zone: <% end -%> <% end %> - -# The DN42 zones. -<% dn42_zones.split.each do |zone| -%> -stub-zone: - name: <%= zone %> -<% ns_addrs.split.each do |addr| -%> - stub-addr: <%= addr %> -<% end -%> - -<% end -%> - diff --git a/zones/0_26.76.23.172.in-addr.arpa.zone.erb b/zones/0_26.76.23.172.in-addr.arpa.zone.erb deleted file mode 100644 index bd813d5..0000000 --- a/zones/0_26.76.23.172.in-addr.arpa.zone.erb +++ /dev/null @@ -1,23 +0,0 @@ -; vim:set ft=eruby.bindzone sw=8 ts=8 sts=8 noet: - -$TTL <%= ttl %> -$ORIGIN <%= zone %>. - -@ SOA <%= soa_mname %> <%= soa_rname %> ( - <%= soa_serial %> - <%= soa_refresh %> - <%= soa_retry %> - <%= soa_expire %> - <%= soa_minimum %> - ) - - NS ns1.le-fay.dn42. - NS ns2.le-fay.dn42. - NS ns3.le-fay.dn42. - - CAA 128 issue "letsencrypt.org;validationmethods=dns-01" - TXT "v=spf1 -all" - -0 PTR ash.ipv4.le-fay.dn42. -1 PTR oak.ipv4.le-fay.dn42. -4 PTR thyme.lon.uk.ipv4.le-fay.dn42. diff --git a/zones/b.6.0.b.3.8.a.0.b.5.d.f.ip6.arpa.zone.erb b/zones/b.6.0.b.3.8.a.0.b.5.d.f.ip6.arpa.zone.erb deleted file mode 100644 index 6580030..0000000 --- a/zones/b.6.0.b.3.8.a.0.b.5.d.f.ip6.arpa.zone.erb +++ /dev/null @@ -1,42 +0,0 @@ -; vim:set ft=eruby.bindzone sw=8 ts=8 sts=8 noet: - -$TTL <%= ttl %> -$ORIGIN <%= zone %>. - -@ SOA <%= soa_mname %> <%= soa_rname %> ( - <%= soa_serial %> - <%= soa_refresh %> - <%= soa_retry %> - <%= soa_expire %> - <%= soa_minimum %> - ) - - NS ns1.le-fay.dn42. - NS ns2.le-fay.dn42. - NS ns3.le-fay.dn42. - - CAA 128 issue "letsencrypt.org;validationmethods=dns-01" - TXT "v=spf1 -all" - -<%= v6rev('100::1/48') %> PTR ash.le-fay.dn42. - -<%= v6rev('200::1/48') %> PTR rose.le-fay.dn42. -<%= v6rev('200::3/48') %> PTR nightshade.le-fay.dn42. -<%= v6rev('200::6/48') %> PTR prometheus.le-fay.dn42. -<%= v6rev('200::9/48') %> PTR amaryllis.le-fay.dn42. - -<%= v6rev('500::2/48') %> PTR amaranth.le-fay.dn42. - -<%= v6rev('600::1/48') %> PTR willow.le-fay.dn42. -<%= v6rev('600::3/48') %> PTR eden-core-1.le-fay.dn42. -<%= v6rev('600::5/48') %> PTR fuchsia.le-fay.dn42. - -<%= v6rev('601::1/48') %> PTR vl401.eden-core-1.le-fay.dn42. -<%= v6rev('601::3/48') %> PTR witch.le-fay.dn42. -<%= v6rev('601::4/48') %> PTR turnera.le-fay.dn42. -<%= v6rev('601::5/48') %> PTR hemlock.le-fay.dn42. - -<%= v6rev('6ff::1/48') %> PTR ix0-3004.willow.le-fay.dn42. -<%= v6rev('6ff::2/48') %> PTR te1.eden-core-1.le-fay.dn42. - -<%= v6rev('900::1/48') %> PTR oak.le-fay.dn42. diff --git a/zones/le-fay.dn42.zone.erb b/zones/le-fay.dn42.zone.erb deleted file mode 100644 index 55d7ca6..0000000 --- a/zones/le-fay.dn42.zone.erb +++ /dev/null @@ -1,59 +0,0 @@ -; vim:set ft=eruby.bindzone sw=8 ts=8 sts=8 noet: - -$TTL <%= ttl %> -$ORIGIN <%= zone %>. - -@ SOA <%= soa_mname %> <%= soa_rname %> ( - <%= soa_serial %> - <%= soa_refresh %> - <%= soa_retry %> - <%= soa_expire %> - <%= soa_minimum %> - ) - - NS ns1.le-fay.dn42. - NS ns2.le-fay.dn42. - NS ns3.le-fay.dn42. - - MX 10 ash - MX 10 oak - TXT "v=spf1 ip6:fd5b:a83:b06b:100::1 ip6:fd5b:a83:b06b:900::1 ~all" - -; Services -ns1 AAAA fd5b:a83:b06b:500::1 -ns2 AAAA fd5b:a83:b06b:600::5 -ns3 AAAA fd5b:a83:b06b:200::3 - -www CNAME rose - -; willow -willow AAAA fd5b:a83:b06b:600::2 -ix0-3004.willow AAAA fd5b:a83:b06b:6ff::1 - -; Hosts -amaranth AAAA fd5b:a83:b06b:500::1 -hemlock AAAA fd5b:a83:b06b:601::5 -turnera AAAA fd5b:a83:b06b:601::4 -fuchsia AAAA fd5b:a83:b06b:600::5 -witch AAAA fd5b:a83:b06b:601::3 -thyme.lon.uk AAAA fd5b:a83:b06b:400::1 -uk-jmp-2 CNAME thyme.lon.uk.le-fay.dn42. - -; rose (+ jails) -rose AAAA fd5b:a83:b06b:200::1 -nightshade AAAA fd5b:a83:b06b:200::3 -prometheus AAAA fd5b:a83:b06b:200::6 -amaryllis AAAA fd5b:a83:b06b:200::9 - -ash AAAA fd5b:a83:b06b:100::1 -ash.ipv4 A 172.23.76.0 - -oak AAAA fd5b:a83:b06b:900::1 -oak.ipv4 A 172.23.76.1 - -thyme.lon.uk.ipv4 A 172.23.76.4 - -; Network devices -eden-core-1 AAAA fd5b:a83:b06b:600::3 -te1.eden-core-1 AAAA fd5b:a83:b06b:6ff::2 -vl401.eden-core-1 AAAA fd5b:a83:b06b:601::1 diff --git a/zones/le-fay.org.zone.erb b/zones/le-fay.org.zone.erb index 266c875..d8fc130 100644 --- a/zones/le-fay.org.zone.erb +++ b/zones/le-fay.org.zone.erb @@ -65,7 +65,7 @@ ntp.svc.eden CNAME ntp rose AAAA 2a00:1098:6b:400::1 A 176.126.243.164 pkg CNAME rose -git CNAME nightshade +git CNAME rose www CNAME rose postgres17 AAAA 2a00:1098:6b:400::5 prometheus AAAA 2a00:1098:6b:400::6 @@ -113,10 +113,8 @@ witch AAAA 2001:8b0:aab5:c401::1:3 ash AAAA 2a00:1098:6b:400::4 oak AAAA 2001:ba8:4015:100::3 -; DN42 nodes thyme.lon.uk.arpa AAAA 2001:ba8:404a:100::1 A 185.73.44.73 -uk-jmp-2 CNAME thyme.lon.uk.arpa.le-fay.org. ; willow willow AAAA 2001:8b0:aab5:4::8 |