blob: 8651da4560143225ac6d6a0bfee6c30c5f34ab26 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
# This source code is released into the public domain.
#
# Primary makefile for DNS management.
### Our local master server.
MASTER= hemlock.le-fay.org
MASTER_ADDR!= getaddrinfo -f inet6 -p tcp -t stream ${MASTER} \
| awk '{ print $$4 }'
### Default SOA values.
# Serial is always 1; nsdiff handles this magically.
SOA_MNAME= ${MASTER}.
SOA_RNAME= hostmaster.le-fay.org.
SOA_SERIAL= 1
SOA_REFRESH= 1d
SOA_RETRY= 1h
SOA_EXPIRE= 2w
SOA_MINIMUM= 5m
# Default value for $TTL.
TTL= 1h
# Nameservers to use for Internet zones.
NAMESERVERS= ns1.le-fay.org \
ns2.le-fay.org \
ns3.le-fay.org
### The DN42 master server.
DN42_MASTER= fd42:4242:2601:ac53::1
# The zones we serve.
ZONES= le-fay.org \
le-fay.dn42 \
b.6.0.b.3.8.a.0.b.5.d.f.ip6.arpa \
e.1.0.0.0.8.c.1.6.0.a.2.ip6.arpa \
b.6.0.0.8.9.0.1.0.0.a.2.ip6.arpa \
a.4.0.4.8.a.b.0.1.0.0.2.ip6.arpa \
5.1.0.4.8.a.b.0.1.0.0.2.ip6.arpa \
5.b.a.a.0.b.8.0.1.0.0.2.ip6.arpa \
117.73.187.81.in-addr.arpa \
160-175.96.2.81.in-addr.arpa \
192-207.47.187.81.in-addr.arpa \
0/26.76.23.172.in-addr.arpa \
18.198.in-addr.arpa
# These zones are used for DN42.
DN42_ZONES= \
dn42 \
d.f.ip6.arpa \
20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa \
23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa \
26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa \
29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa
# These zones are always insecure, because they don't exist on the Internet.
INSECURE_ZONES= \
18.198.in-addr.arpa
# Our local networks.
# TODO: Generate these from LDAP.
LFNETWORKS= \
2001:8b0:aab5::/48 \
81.187.47.192/28 \
81.2.96.160/28 \
81.187.73.117/32 \
2a00:1098:6b::/48 \
2001:ba8:4015::/48 \
2001:ba8:404a::/48 \
fd5b:a83:b06b::/48 \
172.16.0.0/12 \
10.0.0.0/8 \
198.18.0.0/15
#######################################################################
# Unbound configuration for resolvers.
# All servers which run Unbound.
UNBOUND_SERVERS?= \
hemlock.le-fay.org \
fuchsia.eden.le-fay.org \
yarrow.le-fay.org \
amaranth.le-fay.org \
rose.le-fay.org \
witch.le-fay.org \
# turnera.le-fay.org
# Forwarder addresses for Unbound forwarders.
UNBOUND_FORWARDERS?= \
2001:8b0:aab5:c401::1:3 \
2001:8b0:aab5:c401::1:4
# -Dforwarder means this server forwards queries to ${UNBOUND_FORWARDERS}.
# -Dnolocal means this server doesn't have a copy of our local zones.
#
UNBOUND_PROCESS_FLAGS.hemlock.le-fay.org= -Dnolocal=yes -Dforwarder=yes
UNBOUND_PROCESS_FLAGS.fuchsia.eden.le-fay.org= -Dnolocal=yes -Dforwarder=yes
UNBOUND_PROCESS_FLAGS.amaranth.le-fay.org= -Dnolocal=yes
UNBOUND_PROCESS_FLAGS.rose.le-fay.org= -Dnolocal=yes
UNBOUND_PROCESS_FLAGS.yarrow.le-fay.org= -Dnolocal=yes
UNBOUND_PROCESS_FLAGS.witch.le-fay.org= -Dtls=yes
UNBOUND_PROCESS_FLAGS.turnera.le-fay.org= -Dtls=yes
#######################################################################
# The default target doesn't do anything.
#
all:
@echo "Please specify a target:"
@echo " make diff show diff between zone files and online zone"
@echo " make update-zones update online zones"
@echo " make unbound build and install Unbound configs"
.PHONY: all
# Individual targets add dependencies to clean.
clean:
.PHONY: clean
.include "Makefile.inc.unbound"
.include "Makefile.inc.zones"
# File paths.
.PATH: ${ZONEDIR}
.OBJDIR: ${.CURDIR}/build
BINDIR= ${.CURDIR}/bin
PROCESS= ${BINDIR}/process
|
