forked from ben/dns
use acl and master lists
This commit is contained in:
parent
321794ca32
commit
2dbd6d7840
@ -19,12 +19,22 @@ include "/etc/bind/bsd.tilde.team.key";
|
||||
server 89.163.145.170 { keys { tilde_msT; }; }; // ns1.envs.net
|
||||
server 78.31.64.115 { keys { tilde_msT; }; }; // ns2.envs.net
|
||||
|
||||
masters "notifylist" {
|
||||
167.114.154.31;
|
||||
89.163.145.170;
|
||||
78.31.64.115;
|
||||
};
|
||||
|
||||
acl "transferto" {
|
||||
167.114.154.31;
|
||||
key tilde_msT;
|
||||
};
|
||||
|
||||
zone "tildeverse.net" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tildeverse.net";
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { 167.114.154.31; key tilde_msT;};
|
||||
also-notify { "notifylist"; };
|
||||
allow-transfer { "transferto";};
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tildeverse.net. txt;
|
||||
};
|
||||
@ -33,8 +43,8 @@ zone "tildeverse.net" {
|
||||
zone "tildeverse.org" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tildeverse.org";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tildeverse.org. txt;
|
||||
};
|
||||
@ -43,8 +53,8 @@ zone "tildeverse.org" {
|
||||
zone "fuckup.club" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.fuckup.club";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.fuckup.club. txt;
|
||||
};
|
||||
@ -53,8 +63,8 @@ zone "fuckup.club" {
|
||||
zone "nand.sh" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.nand.sh";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.nand.sh. txt;
|
||||
};
|
||||
@ -63,8 +73,8 @@ zone "nand.sh" {
|
||||
zone "tild3.org" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tild3.org";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tild3.org. txt;
|
||||
};
|
||||
@ -73,8 +83,8 @@ zone "tild3.org" {
|
||||
zone "tilde.chat" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tilde.chat";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tilde.chat. txt;
|
||||
};
|
||||
@ -83,8 +93,8 @@ zone "tilde.chat" {
|
||||
zone "tildegit.org" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tildegit.org";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tildegit.org. txt;
|
||||
};
|
||||
@ -93,8 +103,8 @@ zone "tildegit.org" {
|
||||
zone "tilde.life" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tilde.life";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tilde.life. txt;
|
||||
};
|
||||
@ -103,8 +113,8 @@ zone "tilde.life" {
|
||||
zone "tildenet.org" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tildenet.org";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tildenet.org. txt;
|
||||
};
|
||||
@ -113,8 +123,8 @@ zone "tildenet.org" {
|
||||
zone "tilde.news" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tilde.news";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tilde.news. txt;
|
||||
};
|
||||
@ -123,8 +133,8 @@ zone "tilde.news" {
|
||||
zone "tilde.ninja" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tilde.ninja";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tilde.ninja. txt;
|
||||
};
|
||||
@ -133,8 +143,8 @@ zone "tilde.ninja" {
|
||||
zone "tilde.pizza" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tilde.pizza";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tilde.pizza. txt;
|
||||
};
|
||||
@ -143,8 +153,8 @@ zone "tilde.pizza" {
|
||||
zone "tilderadio.org" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tilderadio.org";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tilderadio.org. txt;
|
||||
};
|
||||
@ -153,8 +163,8 @@ zone "tilderadio.org" {
|
||||
zone "tilde.site" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tilde.site";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tilde.site. txt;
|
||||
};
|
||||
@ -163,8 +173,8 @@ zone "tilde.site" {
|
||||
zone "tilde.team" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tilde.team";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tilde.team. txt;
|
||||
grant bsd.tilde.team name _acme-challenge.bsd.tilde.team. txt;
|
||||
@ -174,8 +184,8 @@ zone "tilde.team" {
|
||||
zone "tildeteam.org" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tildeteam.org";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tildeteam.org. txt;
|
||||
};
|
||||
@ -184,8 +194,8 @@ zone "tildeteam.org" {
|
||||
zone "tildeteam.net" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tildeteam.net";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tildeteam.net. txt;
|
||||
};
|
||||
@ -194,8 +204,8 @@ zone "tildeteam.net" {
|
||||
zone "tilde.wiki" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tilde.wiki";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tilde.wiki. txt;
|
||||
};
|
||||
@ -204,8 +214,8 @@ zone "tilde.wiki" {
|
||||
zone "tilde.zone" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.tilde.zone";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.tilde.zone. txt;
|
||||
};
|
||||
@ -214,8 +224,8 @@ zone "tilde.zone" {
|
||||
zone "ttm.sh" {
|
||||
type master;
|
||||
file "/etc/bind/zones/db.ttm.sh";
|
||||
allow-transfer { 167.114.154.31; key tilde_msT; };
|
||||
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
|
||||
allow-transfer { "transferto"; };
|
||||
also-notify { "notifylist"; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.ttm.sh. txt;
|
||||
};
|
||||
|
@ -1,11 +1,14 @@
|
||||
// my domains
|
||||
include "/etc/bind/pi.key";
|
||||
|
||||
acl ns2 { 167.114.154.31; };
|
||||
masters ns2 { 167.114.154.31; };
|
||||
|
||||
zone "benharri.com" {
|
||||
type master;
|
||||
file "/etc/bind/zones/mydomains/db.benharri.com";
|
||||
allow-transfer { 167.114.154.31; };
|
||||
also-notify { 167.114.154.31; };
|
||||
allow-transfer { ns2; };
|
||||
also-notify { ns2; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.benharri.com. txt;
|
||||
};
|
||||
@ -14,8 +17,8 @@ zone "benharri.com" {
|
||||
zone "benharr.is" {
|
||||
type master;
|
||||
file "/etc/bind/zones/mydomains/db.benharr.is";
|
||||
allow-transfer { 167.114.154.31; };
|
||||
also-notify { 167.114.154.31; };
|
||||
allow-transfer { ns2; };
|
||||
also-notify { ns2; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.benharr.is. txt;
|
||||
};
|
||||
@ -24,8 +27,8 @@ zone "benharr.is" {
|
||||
zone "ben.o" {
|
||||
type master;
|
||||
file "/etc/bind/zones/mydomains/db.ben.o";
|
||||
allow-transfer { 167.114.154.31; };
|
||||
also-notify { 167.114.154.31; };
|
||||
allow-transfer { ns2; };
|
||||
also-notify { ns2; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.ben.o. txt;
|
||||
};
|
||||
@ -34,8 +37,8 @@ zone "ben.o" {
|
||||
zone "benharri.dev" {
|
||||
type master;
|
||||
file "/etc/bind/zones/mydomains/db.benharri.dev";
|
||||
allow-transfer { 167.114.154.31; };
|
||||
also-notify { 167.114.154.31; };
|
||||
allow-transfer { ns2; };
|
||||
also-notify { ns2; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.benharri.dev. txt;
|
||||
};
|
||||
@ -44,8 +47,8 @@ zone "benharri.dev" {
|
||||
zone "benhh.com" {
|
||||
type master;
|
||||
file "/etc/bind/zones/mydomains/db.benhh.com";
|
||||
allow-transfer { 167.114.154.31; };
|
||||
also-notify { 167.114.154.31; };
|
||||
allow-transfer { ns2; };
|
||||
also-notify { ns2; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.benhh.com. txt;
|
||||
};
|
||||
@ -54,8 +57,8 @@ zone "benhh.com" {
|
||||
zone "bhh.sh" {
|
||||
type master;
|
||||
file "/etc/bind/zones/mydomains/db.bhh.sh";
|
||||
allow-transfer { 167.114.154.31; };
|
||||
also-notify { 167.114.154.31; };
|
||||
allow-transfer { ns2; };
|
||||
also-notify { ns2; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.bhh.sh. txt;
|
||||
grant pi name pi.bhh.sh. A;
|
||||
@ -65,8 +68,8 @@ zone "bhh.sh" {
|
||||
zone "esthersedibles.net" {
|
||||
type master;
|
||||
file "/etc/bind/zones/mydomains/db.esthersedibles.net";
|
||||
allow-transfer { 167.114.154.31; };
|
||||
also-notify { 167.114.154.31; };
|
||||
allow-transfer { ns2; };
|
||||
also-notify { ns2; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.esthersedibles.net. txt;
|
||||
};
|
||||
@ -75,8 +78,8 @@ zone "esthersedibles.net" {
|
||||
zone "harris.team" {
|
||||
type master;
|
||||
file "/etc/bind/zones/mydomains/db.harris.team";
|
||||
allow-transfer { 167.114.154.31; };
|
||||
also-notify { 167.114.154.31; };
|
||||
allow-transfer { ns2; };
|
||||
also-notify { ns2; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.harris.team. txt;
|
||||
};
|
||||
@ -85,8 +88,8 @@ zone "harris.team" {
|
||||
zone "itsreallynot.com" {
|
||||
type master;
|
||||
file "/etc/bind/zones/mydomains/db.itsreallynot.com";
|
||||
allow-transfer { 167.114.154.31; };
|
||||
also-notify { 167.114.154.31; };
|
||||
allow-transfer { ns2; };
|
||||
also-notify { ns2; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.itsreallynot.com. txt;
|
||||
};
|
||||
@ -95,8 +98,8 @@ zone "itsreallynot.com" {
|
||||
zone "hmm.st" {
|
||||
type master;
|
||||
file "/etc/bind/zones/mydomains/db.hmm.st";
|
||||
allow-transfer { 167.114.154.31; };
|
||||
also-notify { 167.114.154.31; };
|
||||
allow-transfer { ns2; };
|
||||
also-notify { ns2; };
|
||||
update-policy {
|
||||
grant certbot name _acme-challenge.hmm.st. txt;
|
||||
};
|
||||
|
@ -1,24 +1,26 @@
|
||||
masters envs { 89.163.145.170; };
|
||||
|
||||
zone "envs.net" {
|
||||
type slave;
|
||||
file "/var/cache/bind/fwd.envs.net";
|
||||
masters { 89.163.145.170; };
|
||||
masters { envs; };
|
||||
};
|
||||
|
||||
zone "envs.sh" {
|
||||
type slave;
|
||||
file "/var/cache/bind/fwd.envs.sh";
|
||||
masters { 89.163.145.170; };
|
||||
masters { envs; };
|
||||
};
|
||||
|
||||
zone "envs.o" {
|
||||
type slave;
|
||||
file "/var/cache/bind/fwd.envs.o";
|
||||
masters { 89.163.145.170; };
|
||||
masters { envs; };
|
||||
};
|
||||
|
||||
zone "envs.tilde" {
|
||||
type slave;
|
||||
file "/var/cache/bind/fwd.envs.tilde";
|
||||
masters { 89.163.145.170; };
|
||||
masters { envs; };
|
||||
};
|
||||
|
||||
|
@ -1,62 +1,73 @@
|
||||
acl "tildenameservers" {
|
||||
213.239.234.117;
|
||||
149.56.184.112;
|
||||
192.95.3.29;
|
||||
};
|
||||
masters "tildenameservers" {
|
||||
213.239.234.117;
|
||||
149.56.184.112;
|
||||
192.95.3.29;
|
||||
};
|
||||
|
||||
zone "tilde" IN {
|
||||
type forward;
|
||||
forward only;
|
||||
forwarders { 213.239.234.117; 149.56.184.112; };
|
||||
forwarders { 213.239.234.117; 149.56.184.112; 192.95.3.29; };
|
||||
};
|
||||
|
||||
zone "team.tilde" {
|
||||
type master;
|
||||
file "/etc/bind/zones/tilde/db.team.tilde";
|
||||
allow-transfer { 213.239.234.117; 149.56.184.112; };
|
||||
also-notify { 213.239.234.117; 149.56.184.112; };
|
||||
allow-transfer { "tildenameservers"; };
|
||||
also-notify { "tildenameservers"; };
|
||||
};
|
||||
|
||||
zone "git.tilde" {
|
||||
type master;
|
||||
file "/etc/bind/zones/tilde/db.git.tilde";
|
||||
allow-transfer { 213.239.234.117; 149.56.184.112; };
|
||||
also-notify { 213.239.234.117; 149.56.184.112; };
|
||||
allow-transfer { "tildenameservers"; };
|
||||
also-notify { "tildenameservers"; };
|
||||
};
|
||||
|
||||
zone "mastodon.tilde" {
|
||||
type master;
|
||||
file "/etc/bind/zones/tilde/db.mastodon.tilde";
|
||||
allow-transfer { 213.239.234.117; 149.56.184.112; };
|
||||
also-notify { 213.239.234.117; 149.56.184.112; };
|
||||
allow-transfer { "tildenameservers"; };
|
||||
also-notify { "tildenameservers"; };
|
||||
};
|
||||
|
||||
zone "lists.tilde" {
|
||||
type master;
|
||||
file "/etc/bind/zones/tilde/db.lists.tilde";
|
||||
allow-transfer { 213.239.234.117; 149.56.184.112; };
|
||||
also-notify { 213.239.234.117; 149.56.184.112; };
|
||||
allow-transfer { "tildenameservers"; };
|
||||
also-notify { "tildenameservers"; };
|
||||
};
|
||||
|
||||
zone "chat.tilde" {
|
||||
type master;
|
||||
file "/etc/bind/zones/tilde/db.chat.tilde";
|
||||
allow-transfer { 213.239.234.117; 149.56.184.112; };
|
||||
also-notify { 213.239.234.117; 149.56.184.112; };
|
||||
allow-transfer { "tildenameservers"; };
|
||||
also-notify { "tildenameservers"; };
|
||||
};
|
||||
|
||||
zone "ci.tilde" {
|
||||
type master;
|
||||
file "/etc/bind/zones/tilde/db.ci.tilde";
|
||||
allow-transfer { 213.239.234.117; 149.56.184.112; };
|
||||
also-notify { 213.239.234.117; 149.56.184.112; };
|
||||
allow-transfer { "tildenameservers"; };
|
||||
also-notify { "tildenameservers"; };
|
||||
};
|
||||
|
||||
zone "pleroma.tilde" {
|
||||
type master;
|
||||
file "/etc/bind/zones/tilde/db.pleroma.tilde";
|
||||
allow-transfer { 213.239.234.117; 149.56.184.112; };
|
||||
also-notify { 213.239.234.117; 149.56.184.112; };
|
||||
allow-transfer { "tildenameservers"; };
|
||||
also-notify { "tildenameservers"; };
|
||||
};
|
||||
|
||||
zone "news.tilde" {
|
||||
type master;
|
||||
file "/etc/bind/zones/tilde/db.news.tilde";
|
||||
allow-transfer { 213.239.234.117; 149.56.184.112; };
|
||||
also-notify { 213.239.234.117; 149.56.184.112; };
|
||||
allow-transfer { "tildenameservers"; };
|
||||
also-notify { "tildenameservers"; };
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user