southerntofu
/
ben-dns
forked from ben/dns
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

use acl and master lists

This commit is contained in:
Ben Harris 2019-12-30 11:47:59 -05:00
parent 321794ca32
commit 2dbd6d7840
4 changed files with 107 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
named.conf.local
View File

@ -19,12 +19,22 @@ include "/etc/bind/bsd.tilde.team.key";
server 89.163.145.170 { keys { tilde_msT; }; }; // ns1.envs.net
server 78.31.64.115 { keys { tilde_msT; }; }; // ns2.envs.net
masters "notifylist" {
167.114.154.31;
89.163.145.170;
78.31.64.115;
};
acl "transferto" {
167.114.154.31;
key tilde_msT;
};
zone "tildeverse.net" {
type master;
file "/etc/bind/zones/db.tildeverse.net";
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { 167.114.154.31; key tilde_msT;};
also-notify { "notifylist"; };
allow-transfer { "transferto";};
update-policy {
grant certbot name _acme-challenge.tildeverse.net. txt;
};
@ -33,8 +43,8 @@ zone "tildeverse.net" {
zone "tildeverse.org" {
type master;
file "/etc/bind/zones/db.tildeverse.org";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tildeverse.org. txt;
};
@ -43,8 +53,8 @@ zone "tildeverse.org" {
zone "fuckup.club" {
type master;
file "/etc/bind/zones/db.fuckup.club";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.fuckup.club. txt;
};
@ -53,8 +63,8 @@ zone "fuckup.club" {
zone "nand.sh" {
type master;
file "/etc/bind/zones/db.nand.sh";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.nand.sh. txt;
};
@ -63,8 +73,8 @@ zone "nand.sh" {
zone "tild3.org" {
type master;
file "/etc/bind/zones/db.tild3.org";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tild3.org. txt;
};
@ -73,8 +83,8 @@ zone "tild3.org" {
zone "tilde.chat" {
type master;
file "/etc/bind/zones/db.tilde.chat";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tilde.chat. txt;
};
@ -83,8 +93,8 @@ zone "tilde.chat" {
zone "tildegit.org" {
type master;
file "/etc/bind/zones/db.tildegit.org";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tildegit.org. txt;
};
@ -93,8 +103,8 @@ zone "tildegit.org" {
zone "tilde.life" {
type master;
file "/etc/bind/zones/db.tilde.life";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tilde.life. txt;
};
@ -103,8 +113,8 @@ zone "tilde.life" {
zone "tildenet.org" {
type master;
file "/etc/bind/zones/db.tildenet.org";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tildenet.org. txt;
};
@ -113,8 +123,8 @@ zone "tildenet.org" {
zone "tilde.news" {
type master;
file "/etc/bind/zones/db.tilde.news";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tilde.news. txt;
};
@ -123,8 +133,8 @@ zone "tilde.news" {
zone "tilde.ninja" {
type master;
file "/etc/bind/zones/db.tilde.ninja";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tilde.ninja. txt;
};
@ -133,8 +143,8 @@ zone "tilde.ninja" {
zone "tilde.pizza" {
type master;
file "/etc/bind/zones/db.tilde.pizza";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tilde.pizza. txt;
};
@ -143,8 +153,8 @@ zone "tilde.pizza" {
zone "tilderadio.org" {
type master;
file "/etc/bind/zones/db.tilderadio.org";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tilderadio.org. txt;
};
@ -153,8 +163,8 @@ zone "tilderadio.org" {
zone "tilde.site" {
type master;
file "/etc/bind/zones/db.tilde.site";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tilde.site. txt;
};
@ -163,8 +173,8 @@ zone "tilde.site" {
zone "tilde.team" {
type master;
file "/etc/bind/zones/db.tilde.team";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tilde.team. txt;
grant bsd.tilde.team name _acme-challenge.bsd.tilde.team. txt;
@ -174,8 +184,8 @@ zone "tilde.team" {
zone "tildeteam.org" {
type master;
file "/etc/bind/zones/db.tildeteam.org";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tildeteam.org. txt;
};
@ -184,8 +194,8 @@ zone "tildeteam.org" {
zone "tildeteam.net" {
type master;
file "/etc/bind/zones/db.tildeteam.net";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tildeteam.net. txt;
};
@ -194,8 +204,8 @@ zone "tildeteam.net" {
zone "tilde.wiki" {
type master;
file "/etc/bind/zones/db.tilde.wiki";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tilde.wiki. txt;
};
@ -204,8 +214,8 @@ zone "tilde.wiki" {
zone "tilde.zone" {
type master;
file "/etc/bind/zones/db.tilde.zone";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.tilde.zone. txt;
};
@ -214,8 +224,8 @@ zone "tilde.zone" {
zone "ttm.sh" {
type master;
file "/etc/bind/zones/db.ttm.sh";
allow-transfer { 167.114.154.31; key tilde_msT; };
also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; };
allow-transfer { "transferto"; };
also-notify { "notifylist"; };
update-policy {
grant certbot name _acme-challenge.ttm.sh. txt;
};

43
named.conf.mydomains
View File

@ -1,11 +1,14 @@
// my domains
include "/etc/bind/pi.key";
acl ns2 { 167.114.154.31; };
masters ns2 { 167.114.154.31; };
zone "benharri.com" {
type master;
file "/etc/bind/zones/mydomains/db.benharri.com";
allow-transfer { 167.114.154.31; };
also-notify { 167.114.154.31; };
allow-transfer { ns2; };
also-notify { ns2; };
update-policy {
grant certbot name _acme-challenge.benharri.com. txt;
};
@ -14,8 +17,8 @@ zone "benharri.com" {
zone "benharr.is" {
type master;
file "/etc/bind/zones/mydomains/db.benharr.is";
allow-transfer { 167.114.154.31; };
also-notify { 167.114.154.31; };
allow-transfer { ns2; };
also-notify { ns2; };
update-policy {
grant certbot name _acme-challenge.benharr.is. txt;
};
@ -24,8 +27,8 @@ zone "benharr.is" {
zone "ben.o" {
type master;
file "/etc/bind/zones/mydomains/db.ben.o";
allow-transfer { 167.114.154.31; };
also-notify { 167.114.154.31; };
allow-transfer { ns2; };
also-notify { ns2; };
update-policy {
grant certbot name _acme-challenge.ben.o. txt;
};
@ -34,8 +37,8 @@ zone "ben.o" {
zone "benharri.dev" {
type master;
file "/etc/bind/zones/mydomains/db.benharri.dev";
allow-transfer { 167.114.154.31; };
also-notify { 167.114.154.31; };
allow-transfer { ns2; };
also-notify { ns2; };
update-policy {
grant certbot name _acme-challenge.benharri.dev. txt;
};
@ -44,8 +47,8 @@ zone "benharri.dev" {
zone "benhh.com" {
type master;
file "/etc/bind/zones/mydomains/db.benhh.com";
allow-transfer { 167.114.154.31; };
also-notify { 167.114.154.31; };
allow-transfer { ns2; };
also-notify { ns2; };
update-policy {
grant certbot name _acme-challenge.benhh.com. txt;
};
@ -54,8 +57,8 @@ zone "benhh.com" {
zone "bhh.sh" {
type master;
file "/etc/bind/zones/mydomains/db.bhh.sh";
allow-transfer { 167.114.154.31; };
also-notify { 167.114.154.31; };
allow-transfer { ns2; };
also-notify { ns2; };
update-policy {
grant certbot name _acme-challenge.bhh.sh. txt;
grant pi name pi.bhh.sh. A;
@ -65,8 +68,8 @@ zone "bhh.sh" {
zone "esthersedibles.net" {
type master;
file "/etc/bind/zones/mydomains/db.esthersedibles.net";
allow-transfer { 167.114.154.31; };
also-notify { 167.114.154.31; };
allow-transfer { ns2; };
also-notify { ns2; };
update-policy {
grant certbot name _acme-challenge.esthersedibles.net. txt;
};
@ -75,8 +78,8 @@ zone "esthersedibles.net" {
zone "harris.team" {
type master;
file "/etc/bind/zones/mydomains/db.harris.team";
allow-transfer { 167.114.154.31; };
also-notify { 167.114.154.31; };
allow-transfer { ns2; };
also-notify { ns2; };
update-policy {
grant certbot name _acme-challenge.harris.team. txt;
};
@ -85,8 +88,8 @@ zone "harris.team" {
zone "itsreallynot.com" {
type master;
file "/etc/bind/zones/mydomains/db.itsreallynot.com";
allow-transfer { 167.114.154.31; };
also-notify { 167.114.154.31; };
allow-transfer { ns2; };
also-notify { ns2; };
update-policy {
grant certbot name _acme-challenge.itsreallynot.com. txt;
};
@ -95,8 +98,8 @@ zone "itsreallynot.com" {
zone "hmm.st" {
type master;
file "/etc/bind/zones/mydomains/db.hmm.st";
allow-transfer { 167.114.154.31; };
also-notify { 167.114.154.31; };
allow-transfer { ns2; };
also-notify { ns2; };
update-policy {
grant certbot name _acme-challenge.hmm.st. txt;
};

10
named.conf.slave
View File

@ -1,24 +1,26 @@
masters envs { 89.163.145.170; };
zone "envs.net" {
type slave;
file "/var/cache/bind/fwd.envs.net";
masters { 89.163.145.170; };
masters { envs; };
};
zone "envs.sh" {
type slave;
file "/var/cache/bind/fwd.envs.sh";
masters { 89.163.145.170; };
masters { envs; };
};
zone "envs.o" {
type slave;
file "/var/cache/bind/fwd.envs.o";
masters { 89.163.145.170; };
masters { envs; };
};
zone "envs.tilde" {
type slave;
file "/var/cache/bind/fwd.envs.tilde";
masters { 89.163.145.170; };
masters { envs; };
};

45
named.conf.tilde
View File

@ -1,62 +1,73 @@
acl "tildenameservers" {
213.239.234.117;
149.56.184.112;
192.95.3.29;
};
masters "tildenameservers" {
213.239.234.117;
149.56.184.112;
192.95.3.29;
};
zone "tilde" IN {
type forward;
forward only;
forwarders { 213.239.234.117; 149.56.184.112; };
forwarders { 213.239.234.117; 149.56.184.112; 192.95.3.29; };
};
zone "team.tilde" {
type master;
file "/etc/bind/zones/tilde/db.team.tilde";
allow-transfer { 213.239.234.117; 149.56.184.112; };
also-notify { 213.239.234.117; 149.56.184.112; };
allow-transfer { "tildenameservers"; };
also-notify { "tildenameservers"; };
};
zone "git.tilde" {
type master;
file "/etc/bind/zones/tilde/db.git.tilde";
allow-transfer { 213.239.234.117; 149.56.184.112; };
also-notify { 213.239.234.117; 149.56.184.112; };
allow-transfer { "tildenameservers"; };
also-notify { "tildenameservers"; };
};
zone "mastodon.tilde" {
type master;
file "/etc/bind/zones/tilde/db.mastodon.tilde";
allow-transfer { 213.239.234.117; 149.56.184.112; };
also-notify { 213.239.234.117; 149.56.184.112; };
allow-transfer { "tildenameservers"; };
also-notify { "tildenameservers"; };
};
zone "lists.tilde" {
type master;
file "/etc/bind/zones/tilde/db.lists.tilde";
allow-transfer { 213.239.234.117; 149.56.184.112; };
also-notify { 213.239.234.117; 149.56.184.112; };
allow-transfer { "tildenameservers"; };
also-notify { "tildenameservers"; };
};
zone "chat.tilde" {
type master;
file "/etc/bind/zones/tilde/db.chat.tilde";
allow-transfer { 213.239.234.117; 149.56.184.112; };
also-notify { 213.239.234.117; 149.56.184.112; };
allow-transfer { "tildenameservers"; };
also-notify { "tildenameservers"; };
};
zone "ci.tilde" {
type master;
file "/etc/bind/zones/tilde/db.ci.tilde";
allow-transfer { 213.239.234.117; 149.56.184.112; };
also-notify { 213.239.234.117; 149.56.184.112; };
allow-transfer { "tildenameservers"; };
also-notify { "tildenameservers"; };
};
zone "pleroma.tilde" {
type master;
file "/etc/bind/zones/tilde/db.pleroma.tilde";
allow-transfer { 213.239.234.117; 149.56.184.112; };
also-notify { 213.239.234.117; 149.56.184.112; };
allow-transfer { "tildenameservers"; };
also-notify { "tildenameservers"; };
};
zone "news.tilde" {
type master;
file "/etc/bind/zones/tilde/db.news.tilde";
allow-transfer { 213.239.234.117; 149.56.184.112; };
also-notify { 213.239.234.117; 149.56.184.112; };
allow-transfer { "tildenameservers"; };
also-notify { "tildenameservers"; };
};