diff options
Diffstat (limited to 'bind/builder/zones.yaml')
-rw-r--r-- | bind/builder/zones.yaml | 256 |
1 files changed, 256 insertions, 0 deletions
diff --git a/bind/builder/zones.yaml b/bind/builder/zones.yaml new file mode 100644 index 0000000..85fc863 --- /dev/null +++ b/bind/builder/zones.yaml | |||
@@ -0,0 +1,256 @@ | |||
1 | dynamic-acls: | ||
2 | all-masters: | ||
3 | generator: servers | ||
4 | |||
5 | internal-keys: | ||
6 | generator: keys | ||
7 | filter: "*-internal" | ||
8 | |||
9 | external-keys: | ||
10 | generator: keys | ||
11 | filter: "*-external" | ||
12 | |||
13 | static-acls: | ||
14 | internal-nets: | ||
15 | - 172.16.0.0/16 # SEA1 (and AWS) | ||
16 | - 172.17.0.0/16 # SEA2 | ||
17 | - 172.18.0.0/16 # FKL1 | ||
18 | - 172.19.0.0/16 # SEA4 | ||
19 | - 172.20.0.0/16 # ORD1 | ||
20 | - 172.21.0.0/16 # Mobile Network | ||
21 | - 23.149.16.0/24 # Pomona ARIN Delegation | ||
22 | - 192.168.255.0/24 # Local Docker Bridge | ||
23 | - 2602:0803:4000::/40 # Pomona ARIN Delegation | ||
24 | - 2600:1f14:f39:e000::/56 # PDX1 | ||
25 | - 2600:1f16:33:500::/56 # CMH1 | ||
26 | - 2a05:d01c:7ba:b800::/56 # LHR1 | ||
27 | |||
28 | servers: | ||
29 | 172.16.18.52: # PDX1 Legacy Primary | ||
30 | type: primary | ||
31 | ips: | ||
32 | - 50.112.45.116 # PDX1 Gateway External Legacy | ||
33 | - 54.148.70.70 # PDX1 Gateway External | ||
34 | - 172.16.18.73 # PDX1 Gateway Internal Legacy | ||
35 | - 2600:1f14:f39:e000:9fb5:8745:4eec:28b8 # PDX1 Gateway | ||
36 | forwarders: | ||
37 | amazonaws.com: | ||
38 | - 172.16.16.2 | ||
39 | internal: | ||
40 | - 172.16.16.2 | ||
41 | |||
42 | 172.20.0.53: # ORD1 Secondary | ||
43 | type: secondary | ||
44 | key: ord1-transfer | ||
45 | |||
46 | 172.16.35.10: # CMH1 Legacy Secondary | ||
47 | type: secondary | ||
48 | key: us-east-2-transfer | ||
49 | forwarders: | ||
50 | amazonaws.com: | ||
51 | - 172.16.32.2 | ||
52 | internal: | ||
53 | - 172.16.32.2 | ||
54 | |||
55 | 172.16.66.181: # LHR1 Legacy Secondary | ||
56 | type: secondary | ||
57 | key: eu-west-2-transfer | ||
58 | |||
59 | views: | ||
60 | external: | ||
61 | match-clients: | ||
62 | - external-keys | ||
63 | - "!internal-keys" | ||
64 | - "!internal-nets" | ||
65 | - any | ||
66 | |||
67 | raw-include: | | ||
68 | rate-limit { | ||
69 | responses-per-second 15; | ||
70 | exempt-clients { | ||
71 | internal-nets; | ||
72 | }; | ||
73 | }; | ||
74 | |||
75 | internal: | ||
76 | match-clients: | ||
77 | - "!external-keys" | ||
78 | - internal-nets | ||
79 | - internal-keys | ||
80 | - localhost | ||
81 | |||
82 | raw-include: | | ||
83 | response-policy { | ||
84 | zone "dns-policy.crute.me" log true; | ||
85 | }; | ||
86 | |||
87 | # https://www.mail-archive.com/bind-users@lists.isc.org/msg25350.html | ||
88 | server 63.150.72.5 { send-cookie no; }; # sauthns1.qwest.net | ||
89 | server 208.44.130.121 { send-cookie no; }; # sauthns2.qwest.net. | ||
90 | |||
91 | zones: | ||
92 | - name: amazonaws.com | ||
93 | type: forward-only | ||
94 | master-views: | ||
95 | - internal | ||
96 | in-views: | ||
97 | - internal | ||
98 | |||
99 | - name: internal | ||
100 | type: forward-only | ||
101 | master-views: | ||
102 | - internal | ||
103 | in-views: | ||
104 | - internal | ||
105 | |||
106 | # 2602:0803:4000::/40 | ||
107 | - name: 0.4.3.0.8.0.2.0.6.2.ip6.arpa | ||
108 | master-views: | ||
109 | - external | ||
110 | allow-update-keys: | ||
111 | - as398223-net | ||
112 | - crute-me | ||
113 | |||
114 | # 24.149.16.0/24 | ||
115 | - name: 16.149.23.in-addr.arpa | ||
116 | master-views: | ||
117 | - external | ||
118 | allow-update-keys: | ||
119 | - as398223-net | ||
120 | |||
121 | # Global IPv4 Reverse Zone | ||
122 | # 172.16.0.0/16 | ||
123 | - name: 16.172.in-addr.arpa | ||
124 | master-views: | ||
125 | - internal | ||
126 | in-views: | ||
127 | - internal | ||
128 | allow-update-keys: | ||
129 | - crute-me | ||
130 | - sea1-dhcpd-key | ||
131 | |||
132 | # FKL1 IPv4 Reverse Zone | ||
133 | # 172.18.0.0/16 | ||
134 | - name: 18.172.in-addr.arpa | ||
135 | master-views: | ||
136 | - internal | ||
137 | in-views: | ||
138 | - internal | ||
139 | allow-update-keys: | ||
140 | - fkl1-crute-me | ||
141 | - fkl1-dhcpd-key | ||
142 | |||
143 | # SEA4 IPv4 Reverse Zone | ||
144 | # 172.19.0.0/16 | ||
145 | - name: 19.172.in-addr.arpa | ||
146 | master-views: | ||
147 | - internal | ||
148 | in-views: | ||
149 | - internal | ||
150 | allow-update-keys: | ||
151 | - crute-me | ||
152 | |||
153 | - name: dns-policy.crute.me | ||
154 | master-views: | ||
155 | - internal | ||
156 | in-views: | ||
157 | - internal | ||
158 | |||
159 | # This is an RPZ policy zone, nothing should be querying it | ||
160 | # except BIND internals. Also the zone most be manually | ||
161 | # updated and reloaded to allow leaving comments and | ||
162 | # preventing errors. | ||
163 | allow-query: | ||
164 | - none | ||
165 | |||
166 | - name: crute.us | ||
167 | master-views: | ||
168 | - external | ||
169 | allow-update-keys: | ||
170 | - crute-us | ||
171 | |||
172 | - name: crute.me | ||
173 | master-views: | ||
174 | - external | ||
175 | - internal | ||
176 | allow-update-keys: | ||
177 | - crute-me | ||
178 | |||
179 | - name: sea1.crute.me | ||
180 | master-views: | ||
181 | - internal | ||
182 | in-views: | ||
183 | - internal | ||
184 | allow-update-keys: | ||
185 | - sea1-crute-me | ||
186 | - crute-me | ||
187 | - sea1-dhcpd-key | ||
188 | |||
189 | - name: fkl1.crute.me | ||
190 | master-views: | ||
191 | - internal | ||
192 | in-views: | ||
193 | - internal | ||
194 | allow-update-keys: | ||
195 | - fkl1-crute-me | ||
196 | - fkl1-dhcpd-key | ||
197 | |||
198 | - name: crute.org | ||
199 | master-views: | ||
200 | - external | ||
201 | allow-update-keys: | ||
202 | - crute-org | ||
203 | |||
204 | - name: crute.dev | ||
205 | master-views: | ||
206 | - external | ||
207 | allow-update-keys: | ||
208 | - crute-dev | ||
209 | |||
210 | - name: softgroupcorp.com | ||
211 | master-views: | ||
212 | - external | ||
213 | allow-update-keys: | ||
214 | - softgroupcorp-com | ||
215 | |||
216 | - name: pomonaconsulting.com | ||
217 | master-views: | ||
218 | - external | ||
219 | allow-update-keys: | ||
220 | - pomonaconsulting-com | ||
221 | |||
222 | - name: pomonaconsulting.net | ||
223 | master-views: | ||
224 | - external | ||
225 | allow-update-keys: | ||
226 | - pomonaconsulting-net | ||
227 | |||
228 | - name: as398223.net | ||
229 | master-views: | ||
230 | - external | ||
231 | allow-update-keys: | ||
232 | - as398223-net | ||
233 | |||
234 | - name: 59erdiner.com | ||
235 | master-views: | ||
236 | - external | ||
237 | allow-update-keys: | ||
238 | - 59erdiner-com | ||
239 | |||
240 | - name: leavenworthsnowmobilerentals.com | ||
241 | master-views: | ||
242 | - external | ||
243 | allow-update-keys: | ||
244 | - leavenworthsnowmobilerentals-com | ||
245 | |||
246 | - name: lakewenatcheecabins.net | ||
247 | master-views: | ||
248 | - external | ||
249 | allow-update-keys: | ||
250 | - lakewenatcheecabins-net | ||
251 | |||
252 | - name: frompythonimportpodcast.com | ||
253 | master-views: | ||
254 | - external | ||
255 | allow-update-keys: | ||
256 | - frompythonimportpodcast-com | ||