Refactor list of IPs for masters and ACLs

diff --git a/named.conf.local b/named.conf.local
index fd8724f9c6125f0fd81aaecf8179b0b3bd79006d..48837559ffc6d7a447d4215174bd76454e1785d7 100644 (file)
--- a/named.conf.local
+++ b/named.conf.local
@@ -12,50 +12,74 @@
 #        notify no;
 #};
 
+// Unfortunately, AFAICT we need to list the Linode IPs as an ACL (so they
+// can make the requests) *and* as masters (so they get the notify).
+acl "linode" {
+    // Linode
+    // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#operate-as-a-secondary-read-only-dns-service
+    104.237.137.10;
+    45.79.109.10;
+    74.207.225.10;
+    207.192.70.10;
+    109.74.194.10;
+    2600:3c00::a;
+    2600:3c01::a;
+    2600:3c02::a;
+    2600:3c03::a;
+    2a01:7e00::a;
+    // Import
+    // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#import-a-dns-zone
+    96.126.114.97;
+    96.126.114.98;
+    2600:3c00::5e;
+    2600:3c00::5f;
+};
+
+masters "linode" {
+    // Linode
+    // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#operate-as-a-secondary-read-only-dns-service
+    104.237.137.10;
+    45.79.109.10;
+    74.207.225.10;
+    207.192.70.10;
+    109.74.194.10;
+    2600:3c00::a;
+    2600:3c01::a;
+    2600:3c02::a;
+    2600:3c03::a;
+    2a01:7e00::a;
+    // Import
+    // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#import-a-dns-zone
+    96.126.114.97;
+    96.126.114.98;
+    2600:3c00::5e;
+    2600:3c00::5f;
+};
+
+// The actual ACL building blocks
 acl "transfer-allowed" {
-       localhost;
-       207.29.250.54;  // ???
-       18.4.60.36;     // charon
-       18.49.3.1;      // charon4
-       18.25.131.1;    // charon4
-       74.207.246.137; // arctic
-       66.92.29.156;   // copan
-       18.18.208.12;   // olinda
-       18.25.129.162;  // adehnert3.xvm
-       130.44.166.3;   // DD
-       18.18.208.22;   // chankillo
-       // Linode
-       104.237.137.10;
-       45.79.109.10;
-       74.207.225.10;
-       207.192.70.10;
-       109.74.194.10;
-       2600:3c00::a;
-       2600:3c01::a;
-       2600:3c02::a;
-       2600:3c03::a;
-       2a01:7e00::a;
+    localhost;
+    207.29.250.54;  // ???
+    18.4.60.36;     // charon
+    18.49.3.1;      // charon4
+    18.25.131.1;    // charon4
+    74.207.246.137; // arctic
+    66.92.29.156;   // copan
+    18.18.208.12;   // olinda
+    18.25.129.162;  // adehnert3.xvm
+    130.44.166.3;   // DD
+    18.18.208.22;   // chankillo
+    "linode";
 };
 
 masters "primary-ns" {
-       18.18.208.22;   // chankillo
+    18.18.208.22;   // chankillo
 };
 
 masters "secondary-ns" {
-       18.25.129.162;  // adehnert3.xvm
-       18.18.208.22;   // chankillo
-       // Linode
-       // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#operate-as-a-secondary-read-only-dns-service
-       104.237.137.10;
-       45.79.109.10;
-       74.207.225.10;
-       207.192.70.10;
-       109.74.194.10;
-       2600:3c00::a;
-       2600:3c01::a;
-       2600:3c02::a;
-       2600:3c03::a;
-       2a01:7e00::a;
+    18.25.129.162;  // adehnert3.xvm
+    18.18.208.12;   // olinda
+    linode;
 };
 
 include "/etc/bind/named.conf.per-host";