From 2dbd6d7840f3cbbd634ab0def9b80763f4502213 Mon Sep 17 00:00:00 2001 From: Ben Harris Date: Mon, 30 Dec 2019 11:47:59 -0500 Subject: use acl and master lists --- named.conf.local | 90 +++++++++++++++++++++++++++++++------------------------- 1 file changed, 50 insertions(+), 40 deletions(-) (limited to 'named.conf.local') diff --git a/named.conf.local b/named.conf.local index 07b6cb3..2fd1700 100644 --- a/named.conf.local +++ b/named.conf.local @@ -19,12 +19,22 @@ include "/etc/bind/bsd.tilde.team.key"; server 89.163.145.170 { keys { tilde_msT; }; }; // ns1.envs.net server 78.31.64.115 { keys { tilde_msT; }; }; // ns2.envs.net +masters "notifylist" { + 167.114.154.31; + 89.163.145.170; + 78.31.64.115; +}; + +acl "transferto" { + 167.114.154.31; + key tilde_msT; +}; zone "tildeverse.net" { type master; file "/etc/bind/zones/db.tildeverse.net"; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; - allow-transfer { 167.114.154.31; key tilde_msT;}; + also-notify { "notifylist"; }; + allow-transfer { "transferto";}; update-policy { grant certbot name _acme-challenge.tildeverse.net. txt; }; @@ -33,8 +43,8 @@ zone "tildeverse.net" { zone "tildeverse.org" { type master; file "/etc/bind/zones/db.tildeverse.org"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tildeverse.org. txt; }; @@ -43,8 +53,8 @@ zone "tildeverse.org" { zone "fuckup.club" { type master; file "/etc/bind/zones/db.fuckup.club"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.fuckup.club. txt; }; @@ -53,8 +63,8 @@ zone "fuckup.club" { zone "nand.sh" { type master; file "/etc/bind/zones/db.nand.sh"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.nand.sh. txt; }; @@ -63,8 +73,8 @@ zone "nand.sh" { zone "tild3.org" { type master; file "/etc/bind/zones/db.tild3.org"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tild3.org. txt; }; @@ -73,8 +83,8 @@ zone "tild3.org" { zone "tilde.chat" { type master; file "/etc/bind/zones/db.tilde.chat"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tilde.chat. txt; }; @@ -83,8 +93,8 @@ zone "tilde.chat" { zone "tildegit.org" { type master; file "/etc/bind/zones/db.tildegit.org"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tildegit.org. txt; }; @@ -93,8 +103,8 @@ zone "tildegit.org" { zone "tilde.life" { type master; file "/etc/bind/zones/db.tilde.life"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tilde.life. txt; }; @@ -103,8 +113,8 @@ zone "tilde.life" { zone "tildenet.org" { type master; file "/etc/bind/zones/db.tildenet.org"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tildenet.org. txt; }; @@ -113,8 +123,8 @@ zone "tildenet.org" { zone "tilde.news" { type master; file "/etc/bind/zones/db.tilde.news"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tilde.news. txt; }; @@ -123,8 +133,8 @@ zone "tilde.news" { zone "tilde.ninja" { type master; file "/etc/bind/zones/db.tilde.ninja"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tilde.ninja. txt; }; @@ -133,8 +143,8 @@ zone "tilde.ninja" { zone "tilde.pizza" { type master; file "/etc/bind/zones/db.tilde.pizza"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tilde.pizza. txt; }; @@ -143,8 +153,8 @@ zone "tilde.pizza" { zone "tilderadio.org" { type master; file "/etc/bind/zones/db.tilderadio.org"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tilderadio.org. txt; }; @@ -153,8 +163,8 @@ zone "tilderadio.org" { zone "tilde.site" { type master; file "/etc/bind/zones/db.tilde.site"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tilde.site. txt; }; @@ -163,8 +173,8 @@ zone "tilde.site" { zone "tilde.team" { type master; file "/etc/bind/zones/db.tilde.team"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tilde.team. txt; grant bsd.tilde.team name _acme-challenge.bsd.tilde.team. txt; @@ -174,8 +184,8 @@ zone "tilde.team" { zone "tildeteam.org" { type master; file "/etc/bind/zones/db.tildeteam.org"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tildeteam.org. txt; }; @@ -184,8 +194,8 @@ zone "tildeteam.org" { zone "tildeteam.net" { type master; file "/etc/bind/zones/db.tildeteam.net"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tildeteam.net. txt; }; @@ -194,8 +204,8 @@ zone "tildeteam.net" { zone "tilde.wiki" { type master; file "/etc/bind/zones/db.tilde.wiki"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tilde.wiki. txt; }; @@ -204,8 +214,8 @@ zone "tilde.wiki" { zone "tilde.zone" { type master; file "/etc/bind/zones/db.tilde.zone"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.tilde.zone. txt; }; @@ -214,8 +224,8 @@ zone "tilde.zone" { zone "ttm.sh" { type master; file "/etc/bind/zones/db.ttm.sh"; - allow-transfer { 167.114.154.31; key tilde_msT; }; - also-notify { 167.114.154.31; 89.163.145.170; 78.31.64.115; }; + allow-transfer { "transferto"; }; + also-notify { "notifylist"; }; update-policy { grant certbot name _acme-challenge.ttm.sh. txt; }; -- cgit 1.4.1