From 2dbd6d7840f3cbbd634ab0def9b80763f4502213 Mon Sep 17 00:00:00 2001 From: Ben Harris Date: Mon, 30 Dec 2019 11:47:59 -0500 Subject: use acl and master lists --- named.conf.mydomains | 43 +++++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 20 deletions(-) (limited to 'named.conf.mydomains') diff --git a/named.conf.mydomains b/named.conf.mydomains index 499bb4e..f87382e 100644 --- a/named.conf.mydomains +++ b/named.conf.mydomains @@ -1,11 +1,14 @@ // my domains include "/etc/bind/pi.key"; +acl ns2 { 167.114.154.31; }; +masters ns2 { 167.114.154.31; }; + zone "benharri.com" { type master; file "/etc/bind/zones/mydomains/db.benharri.com"; - allow-transfer { 167.114.154.31; }; - also-notify { 167.114.154.31; }; + allow-transfer { ns2; }; + also-notify { ns2; }; update-policy { grant certbot name _acme-challenge.benharri.com. txt; }; @@ -14,8 +17,8 @@ zone "benharri.com" { zone "benharr.is" { type master; file "/etc/bind/zones/mydomains/db.benharr.is"; - allow-transfer { 167.114.154.31; }; - also-notify { 167.114.154.31; }; + allow-transfer { ns2; }; + also-notify { ns2; }; update-policy { grant certbot name _acme-challenge.benharr.is. txt; }; @@ -24,8 +27,8 @@ zone "benharr.is" { zone "ben.o" { type master; file "/etc/bind/zones/mydomains/db.ben.o"; - allow-transfer { 167.114.154.31; }; - also-notify { 167.114.154.31; }; + allow-transfer { ns2; }; + also-notify { ns2; }; update-policy { grant certbot name _acme-challenge.ben.o. txt; }; @@ -34,8 +37,8 @@ zone "ben.o" { zone "benharri.dev" { type master; file "/etc/bind/zones/mydomains/db.benharri.dev"; - allow-transfer { 167.114.154.31; }; - also-notify { 167.114.154.31; }; + allow-transfer { ns2; }; + also-notify { ns2; }; update-policy { grant certbot name _acme-challenge.benharri.dev. txt; }; @@ -44,8 +47,8 @@ zone "benharri.dev" { zone "benhh.com" { type master; file "/etc/bind/zones/mydomains/db.benhh.com"; - allow-transfer { 167.114.154.31; }; - also-notify { 167.114.154.31; }; + allow-transfer { ns2; }; + also-notify { ns2; }; update-policy { grant certbot name _acme-challenge.benhh.com. txt; }; @@ -54,8 +57,8 @@ zone "benhh.com" { zone "bhh.sh" { type master; file "/etc/bind/zones/mydomains/db.bhh.sh"; - allow-transfer { 167.114.154.31; }; - also-notify { 167.114.154.31; }; + allow-transfer { ns2; }; + also-notify { ns2; }; update-policy { grant certbot name _acme-challenge.bhh.sh. txt; grant pi name pi.bhh.sh. A; @@ -65,8 +68,8 @@ zone "bhh.sh" { zone "esthersedibles.net" { type master; file "/etc/bind/zones/mydomains/db.esthersedibles.net"; - allow-transfer { 167.114.154.31; }; - also-notify { 167.114.154.31; }; + allow-transfer { ns2; }; + also-notify { ns2; }; update-policy { grant certbot name _acme-challenge.esthersedibles.net. txt; }; @@ -75,8 +78,8 @@ zone "esthersedibles.net" { zone "harris.team" { type master; file "/etc/bind/zones/mydomains/db.harris.team"; - allow-transfer { 167.114.154.31; }; - also-notify { 167.114.154.31; }; + allow-transfer { ns2; }; + also-notify { ns2; }; update-policy { grant certbot name _acme-challenge.harris.team. txt; }; @@ -85,8 +88,8 @@ zone "harris.team" { zone "itsreallynot.com" { type master; file "/etc/bind/zones/mydomains/db.itsreallynot.com"; - allow-transfer { 167.114.154.31; }; - also-notify { 167.114.154.31; }; + allow-transfer { ns2; }; + also-notify { ns2; }; update-policy { grant certbot name _acme-challenge.itsreallynot.com. txt; }; @@ -95,8 +98,8 @@ zone "itsreallynot.com" { zone "hmm.st" { type master; file "/etc/bind/zones/mydomains/db.hmm.st"; - allow-transfer { 167.114.154.31; }; - also-notify { 167.114.154.31; }; + allow-transfer { ns2; }; + also-notify { ns2; }; update-policy { grant certbot name _acme-challenge.hmm.st. txt; }; -- cgit 1.4.1