blob: 01ba98b1b654fd04ba0a339a5c01eab5141e0c53 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
# This source code is released into the public domain.
#
# Primary makefile for DNS management.
# Make sure failures in != expansions cause make to stop.
.MAKEFLAGS: -W
### Our local master server.
MASTER= lily.le-fay.org
MASTER_ADDR!= set -o pipefail; \
getaddrinfo -f inet6 -p tcp -t stream ${MASTER} \
| awk '{ print $$4 }'
### Default SOA values.
SOA_MNAME= ${MASTER}.
SOA_RNAME= hostmaster.le-fay.org.
# Serial is always 1; nsdiff handles this magically.
SOA_SERIAL= 1
SOA_REFRESH= 1d
SOA_RETRY= 1h
SOA_EXPIRE= 2w
SOA_MINIMUM= 5m
# Default value for $TTL.
TTL= 1h
# Nameservers to use for Internet zones.
NAMESERVERS= ns1.le-fay.org \
ns2.le-fay.org \
ns3.le-fay.org
NS_ADDRS!= set -o pipefail; \
getent hosts ${NAMESERVERS} | awk '{print $$1}'
# The zones we serve; fetch this list from the catalog zone.
ZONES!= bin/get_catalog "catalog.invalid" "${MASTER}"
# These zones are always insecure, because they don't exist on the Internet.
INSECURE_ZONES= \
18.198.in-addr.arpa \
d.f.ip6.arpa
#######################################################################
# Unbound configuration for resolvers.
# All servers which run Unbound.
UNBOUND_SERVERS?= \
hemlock.le-fay.org \
fuchsia.le-fay.org \
amaranth.le-fay.org \
rose.le-fay.org \
witch.le-fay.org \
turnera.le-fay.org
# Forwarder addresses for Unbound forwarders.
UNBOUND_FORWARDERS?= \
2001:8b0:aab5:c401::1:3 \
2001:8b0:aab5:c401::1:4
# -Dforwarder means this server forwards queries to ${UNBOUND_FORWARDERS}.
# -Dnolocal means this server doesn't have a copy of our local zones.
# -Dtls enables DoH and DoT; certificates should be provided in confdir
# (tls/cert.pem, tls/key.pem).
#
UNBOUND_PROCESS_FLAGS.hemlock.le-fay.org= -Dnolocal=yes -Dforwarder=yes
UNBOUND_PROCESS_FLAGS.fuchsia.le-fay.org= -Dnolocal=yes -Dforwarder=yes
UNBOUND_PROCESS_FLAGS.amaranth.le-fay.org= -Dnolocal=yes
UNBOUND_PROCESS_FLAGS.rose.le-fay.org= -Dnolocal=yes
UNBOUND_PROCESS_FLAGS.witch.le-fay.org= -Dtls=yes
UNBOUND_PROCESS_FLAGS.turnera.le-fay.org= -Dtls=yes
#######################################################################
# The default target doesn't do anything.
#
all:
@echo "Please specify a target:"
@echo " make diff show diff between zone files and online zone"
@echo " make update-zones update online zones"
@echo " make unbound build and install Unbound configs"
.PHONY: all
# Individual targets add dependencies to clean.
clean:
.PHONY: clean
.include "Makefile.inc.unbound"
.include "Makefile.inc.zones"
# File paths.
.PATH: ${ZONEDIR}
.OBJDIR: ${.CURDIR}/build
BINDIR= ${.CURDIR}/bin
PROCESS= ${BINDIR}/process
|
