diff options
author | Johannes Löthberg <johannes@kyriasis.com> | 2024-05-27 06:35:57 +0200 |
---|---|---|
committer | Johannes Löthberg <johannes@kyriasis.com> | 2024-05-27 06:35:57 +0200 |
commit | bee24e5b975012d69fa27a05cb03f08d59a6b11c (patch) | |
tree | 49f3283e879faffb32305e38dc219898c685329a | |
parent | c6ece481a422083a7fb9d76487cc9e6a997eb907 (diff) | |
download | dns-bee24e5b975012d69fa27a05cb03f08d59a6b11c.tar.xz |
Add pie-in-the-sky.kitchen
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
-rw-r--r-- | named-slave.conf | 9 | ||||
-rw-r--r-- | named.conf | 19 | ||||
-rw-r--r-- | pie-in-the-sky.kitchen.zone | 47 |
3 files changed, 75 insertions, 0 deletions
diff --git a/named-slave.conf b/named-slave.conf index acf6a93..c7e3d55 100644 --- a/named-slave.conf +++ b/named-slave.conf @@ -35,6 +35,15 @@ zone "kyriasis.com" { }; }; +zone "pie-in-the-sky.kitchen" { + type slave; + file "pie-in-the-sky.kitchen.zone"; + masters { + 212.71.254.33; // theos + 2a01:7e00::f03c:91ff:fe6e:f996; // theos + }; +}; + zone "remmy.foo" { type slave; file "remmy.foo.zone"; @@ -48,6 +48,11 @@ parental-agents "io" { 65.22.162.17; // c0.nic.io. }; +parental-agents "kitchen" { + 65.22.32.17; // v0n0.nic.kitchen. + 65.22.35.17; // v2n0.nic.kitchen. +}; + zone "kyriasis.com" IN { type master; file "dns/kyriasis.com.zone"; @@ -62,6 +67,20 @@ zone "kyriasis.com" IN { parental-agents { "com"; }; }; +zone "pie-in-the-sky.kitchen" IN { + type master; + file "dns/pie-in-the-sky.kitchen.zone"; + + allow-transfer { + 178.79.157.58; // lucifer + 2a01:7e00::f03c:91ff:fe69:1787; // lucifer + }; + + inline-signing yes; + dnssec-policy standard; + parental-agents { "kitchen"; }; +}; + zone "remmy.foo" IN { type master; file "dns/remmy.foo.zone"; diff --git a/pie-in-the-sky.kitchen.zone b/pie-in-the-sky.kitchen.zone new file mode 100644 index 0000000..2098c78 --- /dev/null +++ b/pie-in-the-sky.kitchen.zone @@ -0,0 +1,47 @@ +$ORIGIN pie-in-the-sky.kitchen. +$TTL 24h + +@ IN SOA ns1.kyriasis.com. hostmaster.kyriasis.com. ( + 2405270633 ; serial + 24h ; refresh + 2h ; retry + 1w ; expire + 4h ; minttl + ) + NS ns1.kyriasis.com. + NS ns2.kyriasis.com. + + ; -> theos.kyriasis.com + A 212.71.254.33 + AAAA 2a01:7e00:e000:136::1 + +www CNAME pie-in-the-sky.kitchen. + +;;;; Email + +;; MX +@ MX 0 theos.kyriasis.com. + +;; DMARC <https://tools.ietf.org/html/rfc7489> +_dmarc TXT "v=DMARC1; adkim=r; aspf=r; fo=1:d:s; p=none; rua=mailto:aggrep@pie-in-the-sky.kitchen; ruf=mailto:authfail@pie-in-the-sky.kitchen" + +;; SPF <http://tools.ietf.org/html/rfc4408> +@ TXT "v=spf1 a mx ip4:178.79.157.58 ip6:2a01:7e00::f03c:91ff:fe69:1787 ~all" +@ SPF "v=spf1 a mx ip4:178.79.157.58 ip6:2a01:7e00::f03c:91ff:fe69:1787 ~all" + +;; DKIM <http://tools.ietf.org/html/rfc6376> +theos._domainkey TXT "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5u7MOeQk0oIgy64BcFDvmxiRGuZBPTFaFvRTz0LZMIq66E0iW76RFC9tBONQrVvVUCeMldmgy7AGjRMbZaszgtL14PJQeD9HDfbVnEVQhS12kMY2HPR3HruwfLcSgADjBwt3nVkdXusjTsNoGB/Yj7+Bdr/HFHi5blLB3a+6S7wIDAQAB" + +;; Google Postmaster Tools +@ TXT "google-site-verification=ZMFu-B4m88pJf3CL-ug11JlgTNPZvZON0OPb7gZEv4s" + + +;;;; Certificates +;; CAA +@ CAA 0 issue "letsencrypt.org" +@ CAA 0 iodef "mailto:certificates@kyriasis.com" + +;; TLSA +$INCLUDE "dns/letsencrypt-tlsa.zone" _443._tcp.pie-in-the-sky.kitchen + +; vim: ft=bindzone ts=8 sw=8 nowrap et |