3 files changed, 82 insertions, 0 deletions

diff --git a/named-slave.conf b/named-slave.conf
index 746c74c..acf6a93 100644
--- a/named-slave.conf
+++ b/named-slave.conf
@@ -35,6 +35,15 @@ zone "kyriasis.com" {
 	};
 };
 
+zone "remmy.foo" {
+	type slave;
+	file "remmy.foo.zone";
+	masters {
+		212.71.254.33; // theos
+		2a01:7e00::f03c:91ff:fe6e:f996; // theos
+	};
+};
+
 zone "remmy.io" {
 	type slave;
 	file "remmy.io.zone";
diff --git a/named.conf b/named.conf
index ac0e4b6..26b796d 100644
--- a/named.conf
+++ b/named.conf
@@ -34,6 +34,12 @@ parental-agents "com" {
 	192.26.92.30; // c.gtld-servers.net.
 };
 
+parental-agents "foo" {
+	216.239.32.105; // ns-tld1.charlestonroadregistry.com.
+	216.239.34.105; // ns-tld2.charlestonroadregistry.com.
+	216.239.36.105; // ns-tld3.charlestonroadregistry.com.
+};
+
 parental-agents "io" {
 	65.22.160.17; // a0.nic.io.
 	65.22.161.17; // b0.nic.io.
@@ -54,6 +60,20 @@ zone "kyriasis.com" IN {
 	parental-agents { "com"; };
 };
 
+zone "remmy.foo" IN {
+	type master;
+	file "dns/remmy.foo.zone";
+
+	allow-transfer {
+		178.79.157.58; // lucifer
+		2a01:7e00::f03c:91ff:fe69:1787; // lucifer
+	};
+
+	inline-signing yes;
+	dnssec-policy standard;
+	parental-agents { "foo"; };
+};
+
 zone "remmy.io" IN {
 	type master;
 	file "dns/remmy.io.zone";
diff --git a/remmy.foo.zone b/remmy.foo.zone
new file mode 100644
index 0000000..ae6c644
--- /dev/null
+++ b/remmy.foo.zone
@@ -0,0 +1,53 @@
+$ORIGIN remmy.foo.
+$TTL 24h
+
+@       IN       SOA     ns1.kyriasis.com. hostmaster.kyriasis.com. (
+                                2405262235  ; serial
+                                24h         ; refresh
+                                2h          ; retry
+                                1w          ; expire
+                                4h          ; minttl
+                        )
+                 NS ns1.kyriasis.com.
+                 NS ns2.kyriasis.com.
+
+                 ; -> theos.kyriasis.com
+                 A       212.71.254.33
+                 AAAA    2a01:7e00:e000:136::1
+
+www              CNAME remmy.foo.
+
+;; Gallery
+gallery          CNAME   remmy.foo.
+gallery-static   CNAME   remmy.foo.
+
+;;;; Email
+
+;; MX
+@                MX      0 theos.kyriasis.com.
+
+;; DMARC <https://tools.ietf.org/html/rfc7489>
+_dmarc           TXT     "v=DMARC1; adkim=r; aspf=r; fo=1:d:s; p=none; rua=mailto:aggrep@remmy.foo; ruf=mailto:authfail@remmy.foo"
+
+;; SPF <http://tools.ietf.org/html/rfc4408>
+@                TXT    "v=spf1 a mx ip4:178.79.157.58 ip6:2a01:7e00::f03c:91ff:fe69:1787 ~all"
+@                SPF    "v=spf1 a mx ip4:178.79.157.58 ip6:2a01:7e00::f03c:91ff:fe69:1787 ~all"
+
+;; DKIM <http://tools.ietf.org/html/rfc6376>
+theos._domainkey TXT    "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5u7MOeQk0oIgy64BcFDvmxiRGuZBPTFaFvRTz0LZMIq66E0iW76RFC9tBONQrVvVUCeMldmgy7AGjRMbZaszgtL14PJQeD9HDfbVnEVQhS12kMY2HPR3HruwfLcSgADjBwt3nVkdXusjTsNoGB/Yj7+Bdr/HFHi5blLB3a+6S7wIDAQAB"
+
+
+;; Google Postmaster Tools
+@                TXT     "google-site-verification=_6bo_zgXBacrEiF2blK9JUCvB9NJGOeudJ_fjBWsN4g"
+
+;;;; Certificates
+;; CAA
+@                CAA     0 issue "letsencrypt.org"
+@                CAA     0 iodef "mailto:certificates@kyriasis.com"
+
+;; TLSA
+$INCLUDE "dns/letsencrypt-tlsa.zone" _443._tcp.remmy.foo
+$INCLUDE "dns/letsencrypt-tlsa.zone" _443._tcp.gallery.remmy.foo
+$INCLUDE "dns/letsencrypt-tlsa.zone" _443._tcp.gallery-static.remmy.foo
+
+; vim: ft=bindzone ts=8 sw=8 nowrap et