# notify no;
#};
+// Unfortunately, AFAICT we need to list the Linode IPs as an ACL (so they
+// can make the requests) *and* as masters (so they get the notify).
+acl "linode" {
+ // Linode
+ // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#operate-as-a-secondary-read-only-dns-service
+ 104.237.137.10;
+ 45.79.109.10;
+ 74.207.225.10;
+ 207.192.70.10;
+ 109.74.194.10;
+ 2600:3c00::a;
+ 2600:3c01::a;
+ 2600:3c02::a;
+ 2600:3c03::a;
+ 2a01:7e00::a;
+ // Import
+ // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#import-a-dns-zone
+ 96.126.114.97;
+ 96.126.114.98;
+ 2600:3c00::5e;
+ 2600:3c00::5f;
+};
+
+masters "linode" {
+ // Linode
+ // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#operate-as-a-secondary-read-only-dns-service
+ 104.237.137.10;
+ 45.79.109.10;
+ 74.207.225.10;
+ 207.192.70.10;
+ 109.74.194.10;
+ 2600:3c00::a;
+ 2600:3c01::a;
+ 2600:3c02::a;
+ 2600:3c03::a;
+ 2a01:7e00::a;
+ // Import
+ // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#import-a-dns-zone
+ 96.126.114.97;
+ 96.126.114.98;
+ 2600:3c00::5e;
+ 2600:3c00::5f;
+};
+
+// The actual ACL building blocks
acl "transfer-allowed" {
- localhost;
- 207.29.250.54; // ???
- 18.4.60.36; // charon
- 18.49.3.1; // charon4
- 18.25.131.1; // charon4
- 74.207.246.137; // arctic
- 66.92.29.156; // copan
- 18.18.208.12; // olinda
+ localhost;
+ 207.29.250.54; // ???
+ 18.4.60.36; // charon
+ 18.49.3.1; // charon4
+ 18.25.131.1; // charon4
+ 74.207.246.137; // arctic
+ 66.92.29.156; // copan
+ 18.18.208.12; // olinda
+ 18.25.129.162; // adehnert3.xvm
+ 130.44.166.3; // DD
+ 18.18.208.22; // chankillo
+ "linode";
};
-include "/etc/bind/pri/dynamic.keys";
+masters "primary-ns" {
+ 18.18.208.22; // chankillo
+};
-zone "dynamic.dehnerts.com" IN {
+masters "secondary-ns" {
+ 18.25.129.162; // adehnert3.xvm
+ 18.18.208.12; // olinda
+ linode;
+};
+
+include "/etc/bind/named.conf.per-host";
+
+zone "dynamic.dehnert.arctic.org" IN {
+ // DNAME to the real, dynamic.dehnerts.com, zone
type master;
- file "/etc/bind/dyn/dynamic.zone";
- update-policy { grant * selfsub * A;};
+ file "/etc/bind/pri/arctic-dynamic.zone";
+ allow-update { none; };
allow-transfer { "transfer-allowed"; };
allow-query { any; };
+ //notify no;
};
-#zone "dehnert.arctic.org" IN {
-# type master;
-# file "/etc/bind/pri/combined-dehnerts.zone";
-# #update-policy { grant * selfsub * A;};
-# allow-update { none; };
-# allow-transfer { "transfer-allowed"; };
-# allow-query { any; };
-# //notify no;
-#};
-zone "dehnerts.com" IN {
+zone "dehnert.arctic.org" IN {
type master;
file "/etc/bind/pri/combined-dehnerts.zone";
- #update-policy { grant * selfsub * A;};
allow-update { none; };
allow-transfer { "transfer-allowed"; };
allow-query { any; };
//notify no;
};
+zone "dehnerts.com" IN {
+ type master;
+ file "/etc/bind/pri/combined-dehnerts.zone";
+ #update-policy { grant * selfsub * A TXT;};
+ allow-update { none; };
+ allow-transfer { "transfer-allowed"; };
+ allow-query { any; };
+ also-notify { "secondary-ns"; };
+};
logging {
channel query.log {