diff options
| author | Lexi Winter <lexi@le-fay.org> | 2025-09-10 19:09:14 +0100 |
|---|---|---|
| committer | Lexi Winter <lexi@le-fay.org> | 2025-09-10 19:09:14 +0100 |
| commit | 330e9cfb746d052377e1a8d066fba20dbb5c6241 (patch) | |
| tree | 1bdeef705e31aa79dd4857353e2b5c3da6d66038 | |
| parent | 361784abbb3c871b69926faf71aebde61e73fb2a (diff) | |
| download | dns-330e9cfb746d052377e1a8d066fba20dbb5c6241.tar.gz dns-330e9cfb746d052377e1a8d066fba20dbb5c6241.tar.bz2 | |
updates
| -rw-r--r-- | Makefile | 4 | ||||
| -rw-r--r-- | unbound.conf.erb | 12 | ||||
| -rw-r--r-- | zones/18.198.in-addr.arpa.zone.erb | 2 | ||||
| -rw-r--r-- | zones/le-fay.org.zone.erb | 10 |
4 files changed, 23 insertions, 5 deletions
@@ -44,7 +44,7 @@ INSECURE_ZONES= \ # All servers which run Unbound. UNBOUND_SERVERS?= \ hemlock.le-fay.org \ - fuchsia.eden.le-fay.org \ + fuchsia.le-fay.org \ amaranth.le-fay.org \ rose.le-fay.org \ witch.le-fay.org \ @@ -61,7 +61,7 @@ UNBOUND_FORWARDERS?= \ # (tls/cert.pem, tls/key.pem). # UNBOUND_PROCESS_FLAGS.hemlock.le-fay.org= -Dnolocal=yes -Dforwarder=yes -UNBOUND_PROCESS_FLAGS.fuchsia.eden.le-fay.org= -Dnolocal=yes -Dforwarder=yes +UNBOUND_PROCESS_FLAGS.fuchsia.le-fay.org= -Dnolocal=yes -Dforwarder=yes UNBOUND_PROCESS_FLAGS.amaranth.le-fay.org= -Dnolocal=yes UNBOUND_PROCESS_FLAGS.rose.le-fay.org= -Dnolocal=yes UNBOUND_PROCESS_FLAGS.witch.le-fay.org= -Dtls=yes diff --git a/unbound.conf.erb b/unbound.conf.erb index 5edf4ad..27b2767 100644 --- a/unbound.conf.erb +++ b/unbound.conf.erb @@ -149,4 +149,16 @@ auth-zone: <% end -%> +<% else -%> +# This server doesn't have a copy of our local zones, so define them as +# stub zones instead. This is required for private zones (e.g. RFC1918) +# to resolve correctly. +<% local_zones.split.each do |zone| -%> +stub-zone: + name: <%= zone %> +<% ns_addrs.split.each do |ns| -%> + stub-addr: <%= ns %> +<% end -%> + +<% end -%> <% end %> diff --git a/zones/18.198.in-addr.arpa.zone.erb b/zones/18.198.in-addr.arpa.zone.erb index ae0ab27..9a122bb 100644 --- a/zones/18.198.in-addr.arpa.zone.erb +++ b/zones/18.198.in-addr.arpa.zone.erb @@ -19,3 +19,5 @@ $ORIGIN <%= zone %>. TXT "v=spf1 -all" 1.0 PTR vl402.eden-core-1.le-fay.org. +10.0 PTR outlet-hemlock.iot.le-fay.org. +11.0 PTR outlet-rack.iot.le-fay.org. diff --git a/zones/le-fay.org.zone.erb b/zones/le-fay.org.zone.erb index 98c96f7..ae49c4f 100644 --- a/zones/le-fay.org.zone.erb +++ b/zones/le-fay.org.zone.erb @@ -16,7 +16,11 @@ $ORIGIN <%= zone %>. <% end %> CAA 128 issue "letsencrypt.org;validationmethods=dns-01" - TXT "v=spf1 ip4:81.187.47.195 ip6:2001:8b0:aab5:4::9 ip4:185.73.44.74 ip6:2001:ba8:4015:100::2 ~all" + TXT ( + "v=spf1" + " ip4:46.235.229.111 ip6:2a00:1098:6b:400::3" + " ip4:185.73.44.74 ip6:2001:ba8:4015:100::2" + " ~all") MX 20 nightshade.le-fay.org. MX 21 nightshade.ipv4.le-fay.org. @@ -148,8 +152,8 @@ eden-access-3 AAAA 2001:8b0:aab5:c401::2:3 eden-access-4 AAAA 2001:8b0:aab5:c401::2:4 eden-access-5 AAAA 2001:8b0:aab5:c401::2:5 eden-access-6 AAAA 2001:8b0:aab5:c401::2:6 -outlet-hemlock.iot.eden A 172.20.193.1 -outlet-rack.iot.eden A 172.20.193.2 +outlet-hemlock.iot A 198.18.0.10 +outlet-rack.iot A 198.18.0.11 ; Miscellaneous vpn-in-1.eden AAAA 2001:8b0:aab5:1::1 |