dynamic-acls: all-masters: generator: servers internal-keys: generator: keys filter: "*-internal" external-keys: generator: keys filter: "*-external" static-acls: internal-nets: - 172.16.0.0/16 # SEA1 (and AWS) - 172.17.0.0/16 # SEA2 - 172.18.0.0/16 # FKL1 - 172.19.0.0/16 # SEA4 - 172.20.0.0/16 # ORD1 - 172.21.0.0/16 # Mobile Network - 23.149.16.0/24 # Pomona ARIN Delegation - 192.168.255.0/24 # Local Docker Bridge - 2602:0803:4000::/40 # Pomona ARIN Delegation - 2600:1f14:f39:e000::/56 # PDX1 - 2600:1f16:33:500::/56 # CMH1 - 2a05:d01c:7ba:b800::/56 # LHR1 servers: 172.16.18.52: # PDX1 Legacy Primary type: primary ips: - 50.112.45.116 # PDX1 Gateway External Legacy - 54.148.70.70 # PDX1 Gateway External - 172.16.18.73 # PDX1 Gateway Internal Legacy - 2600:1f14:f39:e000:9fb5:8745:4eec:28b8 # PDX1 Gateway forwarders: amazonaws.com: - 172.16.16.2 internal: - 172.16.16.2 172.20.0.53: # ORD1 Secondary type: secondary key: ord1-transfer 172.16.35.10: # CMH1 Legacy Secondary type: secondary key: us-east-2-transfer forwarders: amazonaws.com: - 172.16.32.2 internal: - 172.16.32.2 172.16.66.181: # LHR1 Legacy Secondary type: secondary key: eu-west-2-transfer views: external: match-clients: - external-keys - "!internal-keys" - "!internal-nets" - any raw-include: | rate-limit { responses-per-second 15; exempt-clients { internal-nets; }; }; internal: match-clients: - "!external-keys" - internal-nets - internal-keys - localhost raw-include: | response-policy { zone "dns-policy.crute.me" log true; }; # https://www.mail-archive.com/bind-users@lists.isc.org/msg25350.html server 63.150.72.5 { send-cookie no; }; # sauthns1.qwest.net server 208.44.130.121 { send-cookie no; }; # sauthns2.qwest.net. zones: - name: amazonaws.com type: forward-only master-views: - internal in-views: - internal - name: internal type: forward-only master-views: - internal in-views: - internal # 2602:0803:4000::/40 - name: 0.4.3.0.8.0.2.0.6.2.ip6.arpa master-views: - external allow-update-keys: - as398223-net - crute-me # 24.149.16.0/24 - name: 16.149.23.in-addr.arpa master-views: - external allow-update-keys: - as398223-net # Global IPv4 Reverse Zone # 172.16.0.0/16 - name: 16.172.in-addr.arpa master-views: - internal in-views: - internal allow-update-keys: - crute-me - sea1-dhcpd-key # FKL1 IPv4 Reverse Zone # 172.18.0.0/16 - name: 18.172.in-addr.arpa master-views: - internal in-views: - internal allow-update-keys: - fkl1-crute-me - fkl1-dhcpd-key # SEA4 IPv4 Reverse Zone # 172.19.0.0/16 - name: 19.172.in-addr.arpa master-views: - internal in-views: - internal allow-update-keys: - crute-me - name: dns-policy.crute.me master-views: - internal in-views: - internal # This is an RPZ policy zone, nothing should be querying it # except BIND internals. Also the zone most be manually # updated and reloaded to allow leaving comments and # preventing errors. allow-query: - none - name: crute.us master-views: - external allow-update-keys: - crute-us - name: crute.me master-views: - external - internal allow-update-keys: - crute-me - name: sea1.crute.me master-views: - internal in-views: - internal allow-update-keys: - sea1-crute-me - crute-me - sea1-dhcpd-key - name: fkl1.crute.me master-views: - internal in-views: - internal allow-update-keys: - fkl1-crute-me - fkl1-dhcpd-key - name: crute.org master-views: - external allow-update-keys: - crute-org - name: crute.dev master-views: - external allow-update-keys: - crute-dev - name: softgroupcorp.com master-views: - external allow-update-keys: - softgroupcorp-com - name: pomonaconsulting.com master-views: - external allow-update-keys: - pomonaconsulting-com - name: pomonaconsulting.net master-views: - external allow-update-keys: - pomonaconsulting-net - name: as398223.net master-views: - external allow-update-keys: - as398223-net - name: 59erdiner.com master-views: - external allow-update-keys: - 59erdiner-com - name: leavenworthsnowmobilerentals.com master-views: - external allow-update-keys: - leavenworthsnowmobilerentals-com - name: lakewenatcheecabins.net master-views: - external allow-update-keys: - lakewenatcheecabins-net - name: frompythonimportpodcast.com master-views: - external allow-update-keys: - frompythonimportpodcast-com