From bee24e5b975012d69fa27a05cb03f08d59a6b11c Mon Sep 17 00:00:00 2001 From: Johannes Löthberg Date: Mon, 27 May 2024 06:35:57 +0200 Subject: Add pie-in-the-sky.kitchen MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Johannes Löthberg --- named-slave.conf | 9 +++++++++ named.conf | 19 ++++++++++++++++++ pie-in-the-sky.kitchen.zone | 47 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 75 insertions(+) create mode 100644 pie-in-the-sky.kitchen.zone diff --git a/named-slave.conf b/named-slave.conf index acf6a93..c7e3d55 100644 --- a/named-slave.conf +++ b/named-slave.conf @@ -35,6 +35,15 @@ zone "kyriasis.com" { }; }; +zone "pie-in-the-sky.kitchen" { + type slave; + file "pie-in-the-sky.kitchen.zone"; + masters { + 212.71.254.33; // theos + 2a01:7e00::f03c:91ff:fe6e:f996; // theos + }; +}; + zone "remmy.foo" { type slave; file "remmy.foo.zone"; diff --git a/named.conf b/named.conf index 8e1f825..90386ec 100644 --- a/named.conf +++ b/named.conf @@ -48,6 +48,11 @@ parental-agents "io" { 65.22.162.17; // c0.nic.io. }; +parental-agents "kitchen" { + 65.22.32.17; // v0n0.nic.kitchen. + 65.22.35.17; // v2n0.nic.kitchen. +}; + zone "kyriasis.com" IN { type master; file "dns/kyriasis.com.zone"; @@ -62,6 +67,20 @@ zone "kyriasis.com" IN { parental-agents { "com"; }; }; +zone "pie-in-the-sky.kitchen" IN { + type master; + file "dns/pie-in-the-sky.kitchen.zone"; + + allow-transfer { + 178.79.157.58; // lucifer + 2a01:7e00::f03c:91ff:fe69:1787; // lucifer + }; + + inline-signing yes; + dnssec-policy standard; + parental-agents { "kitchen"; }; +}; + zone "remmy.foo" IN { type master; file "dns/remmy.foo.zone"; diff --git a/pie-in-the-sky.kitchen.zone b/pie-in-the-sky.kitchen.zone new file mode 100644 index 0000000..2098c78 --- /dev/null +++ b/pie-in-the-sky.kitchen.zone @@ -0,0 +1,47 @@ +$ORIGIN pie-in-the-sky.kitchen. +$TTL 24h + +@ IN SOA ns1.kyriasis.com. hostmaster.kyriasis.com. ( + 2405270633 ; serial + 24h ; refresh + 2h ; retry + 1w ; expire + 4h ; minttl + ) + NS ns1.kyriasis.com. + NS ns2.kyriasis.com. + + ; -> theos.kyriasis.com + A 212.71.254.33 + AAAA 2a01:7e00:e000:136::1 + +www CNAME pie-in-the-sky.kitchen. + +;;;; Email + +;; MX +@ MX 0 theos.kyriasis.com. + +;; DMARC +_dmarc TXT "v=DMARC1; adkim=r; aspf=r; fo=1:d:s; p=none; rua=mailto:aggrep@pie-in-the-sky.kitchen; ruf=mailto:authfail@pie-in-the-sky.kitchen" + +;; SPF +@ TXT "v=spf1 a mx ip4:178.79.157.58 ip6:2a01:7e00::f03c:91ff:fe69:1787 ~all" +@ SPF "v=spf1 a mx ip4:178.79.157.58 ip6:2a01:7e00::f03c:91ff:fe69:1787 ~all" + +;; DKIM +theos._domainkey TXT "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5u7MOeQk0oIgy64BcFDvmxiRGuZBPTFaFvRTz0LZMIq66E0iW76RFC9tBONQrVvVUCeMldmgy7AGjRMbZaszgtL14PJQeD9HDfbVnEVQhS12kMY2HPR3HruwfLcSgADjBwt3nVkdXusjTsNoGB/Yj7+Bdr/HFHi5blLB3a+6S7wIDAQAB" + +;; Google Postmaster Tools +@ TXT "google-site-verification=ZMFu-B4m88pJf3CL-ug11JlgTNPZvZON0OPb7gZEv4s" + + +;;;; Certificates +;; CAA +@ CAA 0 issue "letsencrypt.org" +@ CAA 0 iodef "mailto:certificates@kyriasis.com" + +;; TLSA +$INCLUDE "dns/letsencrypt-tlsa.zone" _443._tcp.pie-in-the-sky.kitchen + +; vim: ft=bindzone ts=8 sw=8 nowrap et -- cgit v1.2.3-70-g09d2