From 6351ccb1853e565aba2da733c5de0e3382541fb1 Mon Sep 17 00:00:00 2001
From: root <root@olinda.mit.edu>
Date: Mon, 1 Mar 2010 11:02:04 -0500
Subject: [PATCH] Have copan's DNS configuration

---
 named.conf.local           | 25 +++++++++++++
 named.conf.options         | 35 +++++++++++++++---
 pri/combined-dehnerts.zone | 74 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 129 insertions(+), 5 deletions(-)
 create mode 100644 pri/combined-dehnerts.zone

diff --git a/named.conf.local b/named.conf.local
index 7a57b10..9f09209 100644
--- a/named.conf.local
+++ b/named.conf.local
@@ -6,3 +6,28 @@
 // organization
 //include "/etc/bind/zones.rfc1918";
 
+# zone "debuntu.foo" {
+#        type master;
+#        file "debuntu.foo.db";
+#        notify no;
+#};
+
+//added by Alex Dehnert on 2004-11-27
+zone "dehnert.arctic.org" IN {
+	type master;
+//	file "pri/arctic.zone";
+	file "/etc/bind/pri/combined-dehnerts.zone";
+	allow-update { none; };
+	allow-transfer { localhost;  207.29.250.54; 18.181.0.36; 74.207.246.137; };
+	allow-query { any; };
+	notify no;
+};
+zone "dehnerts.com" IN {
+	type master;
+//	file "pri/dehnerts.zone";
+	file "/etc/bind/pri/combined-dehnerts.zone";
+	allow-update { none; };
+	allow-transfer { localhost;  207.29.250.54; 18.181.0.36; 74.207.246.137; };
+	allow-query { any; };
+	notify no;
+};
diff --git a/named.conf.options b/named.conf.options
index af79758..eeedc29 100644
--- a/named.conf.options
+++ b/named.conf.options
@@ -2,19 +2,44 @@ options {
 	directory "/var/cache/bind";
 
 	// If there is a firewall between you and nameservers you want
-	// to talk to, you may need to fix the firewall to allow multiple
-	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113
+	// to talk to, you might need to uncomment the query-source
+	// directive below.  Previous versions of BIND always asked
+	// questions using port 53, but BIND 8.1 and later use an unprivileged
+	// port by default.
+
+	// query-source address * port 53;
 
 	// If your ISP provided one or more IP addresses for stable 
 	// nameservers, you probably want to use them as forwarders.  
 	// Uncomment the following block, and insert the addresses replacing 
 	// the all-0's placeholder.
 
-	// forwarders {
-	// 	0.0.0.0;
-	// };
+	// ALEX DEHNERT: slightly updated 2008-12-19
+	// ALEX DEHNERT: slightly updated 2010-03-01
+	forward first;
+	forwarders {
+		18.71.0.151;
+		18.70.0.160;
+		18.72.0.3;
+	};
+
+	// ALEX DEHNERT: copied from old arctic version on 2008-12-19
+	//ALEX DEHNERT: Security-related stuff:
+	// Secure(ish):
+	allow-recursion	{ 66.92.29.156; 66.92.29.144; 127.0.0.1; 192.168.0.0/16; };
+	//allow-query	{ 66.92.29.156; 66.92.29.144; 127.0.0.1; };
+	allow-transfer { none; };
+
+	// Insecure:
+	//allow-recursion	{ any; };
+	allow-query	{ any; };
+
 
 	auth-nxdomain no;    # conform to RFC1035
 	listen-on-v6 { any; };
+
+	// Decent info on DNS
+	// http://newweb.zytrax.com/books/dns/ch2/
+	// http://www.madboa.com/geek/soho-bind/
 };
 
diff --git a/pri/combined-dehnerts.zone b/pri/combined-dehnerts.zone
new file mode 100644
index 0000000..fabef86
--- /dev/null
+++ b/pri/combined-dehnerts.zone
@@ -0,0 +1,74 @@
+$TTL 1W
+@       IN      SOA     ns root  (
+                                      2010022804 ; Serial
+                                      28800      ; Refresh
+                                      14400      ; Retry
+                                      604800     ; Expire - 1 week
+                                      86400 )    ; Minimum
+	IN	NS	ns
+	IN	NS	ns.arctic.org.
+        IN      NS      olinda
+	IN	A	66.92.29.156
+	IN	MX	10	mail
+
+; Servers
+angkor	IN A 192.168.1.18
+*.angkor	IN CNAME	angkor
+copan	IN	A	66.92.29.156
+*.copan	IN	CNAME	copan
+borobudur	IN A 192.168.1.15
+borobudur	IN MX 10 mail
+*.borobudur	IN CNAME	borobudur
+gwynedd	IN A 192.168.1.16
+*.gwynedd	IN CNAME	gwynedd
+lushan  IN  CNAME   lushan.mit.edu
+olinda  IN  A   18.208.0.204
+
+; Most services
+;mail	IN	A	66.92.29.156
+mail	IN	A	18.208.0.204
+*.imap  IN      CNAME   mail
+;smtp	IN	A	66.92.29.156
+smtp	IN	A	18.208.0.204
+ns	IN	A	66.92.29.156
+;www	IN	CNAME	copan
+www	IN	CNAME	olinda
+rcs	IN	CNAME	olinda
+svn	IN	CNAME	olinda
+ldap	IN	CNAME	copan
+jabber	IN	CNAME	copan
+xmpp	IN	CNAME	copan
+
+alex	IN	CNAME	olinda
+linux	IN	CNAME	olinda
+paly	IN	CNAME	olinda
+voice	IN	CNAME	olinda
+scouts	IN	CNAME	olinda
+troop57	IN	CNAME	olinda
+mathcamp	IN	CNAME	olinda
+mc	IN	CNAME	olinda
+webapps	IN	CNAME	olinda
+extern	IN	A	66.92.29.156
+phillipian	IN	CNAME	olinda
+
+
+; Admin services
+monitoring	IN CNAME borobudur
+
+; Local development services
+blog.dubrovnik	IN CNAME dubrovnik-l.intern
+dubrovnik	IN CNAME philacad.andover.edu
+dubrovnik-l   IN CNAME philacad.andover.edu
+dubrovnik-l.intern	IN A 192.168.1.17
+
+; Laptop
+ilulissat   IN CNAME    ilulissat.mit.edu.
+
+; Bridge
+borobudur.intern-extern-bridge  IN A 192.168.2.2
+
+; Miscellaneous extra services
+evols	IN	A	64.202.163.10
+
+; SRV records
+_xmpp-client._tcp     3600 IN SRV 10 0 5222 jabber.dehnerts.com.
-- 
2.34.1