diff options
| author | Lexi Winter <lexi@le-fay.org> | 2025-07-12 11:10:09 +0100 |
|---|---|---|
| committer | Lexi Winter <lexi@le-fay.org> | 2025-07-12 11:10:09 +0100 |
| commit | 57edb0710ed9d269227550009e1522c883bacd9c (patch) | |
| tree | 943a757c72991da98b5f49978842de4032c183b2 /Makefile | |
| parent | 5cafd30fce6e27728e651d86a9740c296a63e965 (diff) | |
| download | dns-57edb0710ed9d269227550009e1522c883bacd9c.tar.gz dns-57edb0710ed9d269227550009e1522c883bacd9c.tar.bz2 | |
use a catalog zone to generate the ${ZONES} list
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 24 |
1 files changed, 8 insertions, 16 deletions
@@ -2,6 +2,8 @@ # # Primary makefile for DNS management. +# Make sure failures in != expansions cause make to stop. +.MAKEFLAGS: -W ### Our local master server. MASTER= lily.le-fay.org @@ -10,9 +12,9 @@ MASTER_ADDR!= getaddrinfo -f inet6 -p tcp -t stream ${MASTER} \ ### Default SOA values. -# Serial is always 1; nsdiff handles this magically. SOA_MNAME= ${MASTER}. SOA_RNAME= hostmaster.le-fay.org. +# Serial is always 1; nsdiff handles this magically. SOA_SERIAL= 1 SOA_REFRESH= 1d SOA_RETRY= 1h @@ -30,20 +32,8 @@ NAMESERVERS= ns1.le-fay.org \ DN42_MASTER= fd42:4242:2601:ac53::1 -# The zones we serve. -ZONES= le-fay.org \ - le-fay.dn42 \ - b.6.0.b.3.8.a.0.b.5.d.f.ip6.arpa \ - e.1.0.0.0.8.c.1.6.0.a.2.ip6.arpa \ - b.6.0.0.8.9.0.1.0.0.a.2.ip6.arpa \ - a.4.0.4.8.a.b.0.1.0.0.2.ip6.arpa \ - 5.1.0.4.8.a.b.0.1.0.0.2.ip6.arpa \ - 5.b.a.a.0.b.8.0.1.0.0.2.ip6.arpa \ - 117.73.187.81.in-addr.arpa \ - 160-175.96.2.81.in-addr.arpa \ - 192-207.47.187.81.in-addr.arpa \ - 0/26.76.23.172.in-addr.arpa \ - 18.198.in-addr.arpa +# The zones we serve; fetch this list from the catalog zone. +ZONES!= bin/get_catalog "catalog.invalid" "${MASTER}" # These zones are used for DN42. DN42_ZONES= \ @@ -68,7 +58,7 @@ UNBOUND_SERVERS?= \ amaranth.le-fay.org \ rose.le-fay.org \ witch.le-fay.org \ -# turnera.le-fay.org + turnera.le-fay.org # Forwarder addresses for Unbound forwarders. UNBOUND_FORWARDERS?= \ @@ -77,6 +67,8 @@ UNBOUND_FORWARDERS?= \ # -Dforwarder means this server forwards queries to ${UNBOUND_FORWARDERS}. # -Dnolocal means this server doesn't have a copy of our local zones. +# -Dtls enables DoH and DoT; certificates should be provided in confdir +# (tls/cert.pem, tls/key.pem). # UNBOUND_PROCESS_FLAGS.hemlock.le-fay.org= -Dnolocal=yes -Dforwarder=yes UNBOUND_PROCESS_FLAGS.fuchsia.eden.le-fay.org= -Dnolocal=yes -Dforwarder=yes |