projects / sysconfig / bind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Set up DNS for evora (internal)
[sysconfig/bind.git] / named.conf.local
diff --git a/named.conf.local b/named.conf.local
index 99714d1808f4c10818dae7a3da20e45d856b2287..1cf559faedaf47be0cb93cdb2e6c471ac8f2b512 100644 (file)
--- a/named.conf.local
+++ b/named.conf.local
@@ -12,24 +12,74 @@
 #        notify no;
 #};
 
+// Unfortunately, AFAICT we need to list the Linode IPs as an ACL (so they
+// can make the requests) *and* as masters (so they get the notify).
+acl "linode" {
+    // Linode
+    // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#operate-as-a-secondary-read-only-dns-service
+    104.237.137.10;
+    45.79.109.10;
+    74.207.225.10;
+    207.192.70.10;
+    109.74.194.10;
+    2600:3c00::a;
+    2600:3c01::a;
+    2600:3c02::a;
+    2600:3c03::a;
+    2a01:7e00::a;
+    // Import
+    // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#import-a-dns-zone
+    96.126.114.97;
+    96.126.114.98;
+    2600:3c00::5e;
+    2600:3c00::5f;
+};
+
+masters "linode" {
+    // Linode
+    // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#operate-as-a-secondary-read-only-dns-service
+    104.237.137.10;
+    45.79.109.10;
+    74.207.225.10;
+    207.192.70.10;
+    109.74.194.10;
+    2600:3c00::a;
+    2600:3c01::a;
+    2600:3c02::a;
+    2600:3c03::a;
+    2a01:7e00::a;
+    // Import
+    // https://www.linode.com/docs/products/networking/dns-manager/guides/incoming-dns-zone-transfers/#import-a-dns-zone
+    96.126.114.97;
+    96.126.114.98;
+    2600:3c00::5e;
+    2600:3c00::5f;
+};
+
+// The actual ACL building blocks
 acl "transfer-allowed" {
-       localhost;
-       207.29.250.54;  // ???
-       18.4.60.36;     // charon
-       18.49.3.1;      // charon4
-       18.25.131.1;    // charon4
-       74.207.246.137; // arctic
-       66.92.29.156;   // copan
-       18.18.208.12;   // olinda
-       18.25.129.162;  // adehnert3.xvm
+    localhost;
+    207.29.250.54;  // ???
+    18.4.60.36;     // charon
+    18.49.3.1;      // charon4
+    18.25.131.1;    // charon4
+    74.207.246.137; // arctic
+    66.92.29.156;   // copan
+    18.18.208.12;   // olinda
+    18.25.129.162;  // adehnert3.xvm
+    130.44.166.3;   // DD
+    18.18.208.22;   // chankillo
+    "linode";
 };
 
 masters "primary-ns" {
-       18.18.208.12;   // olinda
+    18.18.208.22;   // chankillo
 };
 
 masters "secondary-ns" {
-       18.25.129.162;  // adehnert3.xvm
+    18.25.129.162;  // adehnert3.xvm
+    18.18.208.12;   // olinda
+    linode;
 };
 
 include "/etc/bind/named.conf.per-host";
@@ -59,7 +109,7 @@ zone "dehnerts.com" IN {
         allow-update { none; };
        allow-transfer { "transfer-allowed"; };
        allow-query { any; };
-       //notify no;
+       also-notify { "secondary-ns"; };
 };
 
 logging {