aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile4
-rw-r--r--unbound.conf.erb12
-rw-r--r--zones/18.198.in-addr.arpa.zone.erb2
-rw-r--r--zones/le-fay.org.zone.erb10
4 files changed, 23 insertions, 5 deletions
diff --git a/Makefile b/Makefile
index bcd83fb..d092efa 100644
--- a/Makefile
+++ b/Makefile
@@ -44,7 +44,7 @@ INSECURE_ZONES= \
# All servers which run Unbound.
UNBOUND_SERVERS?= \
hemlock.le-fay.org \
- fuchsia.eden.le-fay.org \
+ fuchsia.le-fay.org \
amaranth.le-fay.org \
rose.le-fay.org \
witch.le-fay.org \
@@ -61,7 +61,7 @@ UNBOUND_FORWARDERS?= \
# (tls/cert.pem, tls/key.pem).
#
UNBOUND_PROCESS_FLAGS.hemlock.le-fay.org= -Dnolocal=yes -Dforwarder=yes
-UNBOUND_PROCESS_FLAGS.fuchsia.eden.le-fay.org= -Dnolocal=yes -Dforwarder=yes
+UNBOUND_PROCESS_FLAGS.fuchsia.le-fay.org= -Dnolocal=yes -Dforwarder=yes
UNBOUND_PROCESS_FLAGS.amaranth.le-fay.org= -Dnolocal=yes
UNBOUND_PROCESS_FLAGS.rose.le-fay.org= -Dnolocal=yes
UNBOUND_PROCESS_FLAGS.witch.le-fay.org= -Dtls=yes
diff --git a/unbound.conf.erb b/unbound.conf.erb
index 5edf4ad..27b2767 100644
--- a/unbound.conf.erb
+++ b/unbound.conf.erb
@@ -149,4 +149,16 @@ auth-zone:
<% end -%>
+<% else -%>
+# This server doesn't have a copy of our local zones, so define them as
+# stub zones instead. This is required for private zones (e.g. RFC1918)
+# to resolve correctly.
+<% local_zones.split.each do |zone| -%>
+stub-zone:
+ name: <%= zone %>
+<% ns_addrs.split.each do |ns| -%>
+ stub-addr: <%= ns %>
+<% end -%>
+
+<% end -%>
<% end %>
diff --git a/zones/18.198.in-addr.arpa.zone.erb b/zones/18.198.in-addr.arpa.zone.erb
index ae0ab27..9a122bb 100644
--- a/zones/18.198.in-addr.arpa.zone.erb
+++ b/zones/18.198.in-addr.arpa.zone.erb
@@ -19,3 +19,5 @@ $ORIGIN <%= zone %>.
TXT "v=spf1 -all"
1.0 PTR vl402.eden-core-1.le-fay.org.
+10.0 PTR outlet-hemlock.iot.le-fay.org.
+11.0 PTR outlet-rack.iot.le-fay.org.
diff --git a/zones/le-fay.org.zone.erb b/zones/le-fay.org.zone.erb
index 98c96f7..ae49c4f 100644
--- a/zones/le-fay.org.zone.erb
+++ b/zones/le-fay.org.zone.erb
@@ -16,7 +16,11 @@ $ORIGIN <%= zone %>.
<% end %>
CAA 128 issue "letsencrypt.org;validationmethods=dns-01"
- TXT "v=spf1 ip4:81.187.47.195 ip6:2001:8b0:aab5:4::9 ip4:185.73.44.74 ip6:2001:ba8:4015:100::2 ~all"
+ TXT (
+ "v=spf1"
+ " ip4:46.235.229.111 ip6:2a00:1098:6b:400::3"
+ " ip4:185.73.44.74 ip6:2001:ba8:4015:100::2"
+ " ~all")
MX 20 nightshade.le-fay.org.
MX 21 nightshade.ipv4.le-fay.org.
@@ -148,8 +152,8 @@ eden-access-3 AAAA 2001:8b0:aab5:c401::2:3
eden-access-4 AAAA 2001:8b0:aab5:c401::2:4
eden-access-5 AAAA 2001:8b0:aab5:c401::2:5
eden-access-6 AAAA 2001:8b0:aab5:c401::2:6
-outlet-hemlock.iot.eden A 172.20.193.1
-outlet-rack.iot.eden A 172.20.193.2
+outlet-hemlock.iot A 198.18.0.10
+outlet-rack.iot A 198.18.0.11
; Miscellaneous
vpn-in-1.eden AAAA 2001:8b0:aab5:1::1