u/fanf2/zones.git
3 months agofast.dotat.at: allow updates and auto-dnssec master
Tony Finch [Mon, 22 Jun 2020 16:47:08 +0000 (17:47 +0100)]
fast.dotat.at: allow updates and auto-dnssec

3 months agofast.dotat.at: correct path to zone file
Tony Finch [Mon, 22 Jun 2020 16:40:19 +0000 (17:40 +0100)]
fast.dotat.at: correct path to zone file

3 months agofix sig-validity-interval option name
Tony Finch [Mon, 22 Jun 2020 16:23:05 +0000 (17:23 +0100)]
fix sig-validity-interval option name

3 months agobind config fir fast.dotat.at
Tony Finch [Mon, 22 Jun 2020 15:43:33 +0000 (16:43 +0100)]
bind config fir fast.dotat.at

3 months agoallow decrypting to grey as well
Tony Finch [Mon, 22 Jun 2020 15:43:02 +0000 (16:43 +0100)]
allow decrypting to grey as well

3 months agofast.dotat.at: test zone for signing jitter
Tony Finch [Mon, 22 Jun 2020 15:12:45 +0000 (16:12 +0100)]
fast.dotat.at: test zone for signing jitter

3 months agosignscan: ensure that rndc output is for a primary zone
Tony Finch [Mon, 22 Jun 2020 15:06:33 +0000 (16:06 +0100)]
signscan: ensure that rndc output is for a primary zone

3 months agoDisable RSASHA1 for cb4.eu
Tony Finch [Mon, 17 Feb 2020 15:34:17 +0000 (15:34 +0000)]
Disable RSASHA1 for cb4.eu

3 months agosync zone files
Tony Finch [Mon, 22 Jun 2020 15:41:30 +0000 (16:41 +0100)]
sync zone files

7 months agoupdate zone files
Tony Finch [Mon, 17 Feb 2020 15:33:28 +0000 (15:33 +0000)]
update zone files

7 months agoreally clean up private keys
Tony Finch [Wed, 5 Feb 2020 13:09:48 +0000 (13:09 +0000)]
really clean up private keys

7 months agoclean up private keys after deletion
Tony Finch [Wed, 5 Feb 2020 13:08:44 +0000 (13:08 +0000)]
clean up private keys after deletion

7 months agoRSASHA1 for dotat.at now retired
Tony Finch [Wed, 5 Feb 2020 12:58:54 +0000 (12:58 +0000)]
RSASHA1 for dotat.at now retired

7 months agoDisable RSASHA1 for dotat.at
Tony Finch [Wed, 5 Feb 2020 12:57:14 +0000 (12:57 +0000)]
Disable RSASHA1 for dotat.at

7 months agoAdd a ZSK to dev.dns.cam.ac.uk for safety
Tony Finch [Tue, 4 Feb 2020 19:23:47 +0000 (19:23 +0000)]
Add a ZSK to dev.dns.cam.ac.uk for safety

7 months agoupdate zone files
Tony Finch [Tue, 4 Feb 2020 17:30:09 +0000 (17:30 +0000)]
update zone files

7 months agogitignore decrypted secrets
Tony Finch [Tue, 4 Feb 2020 17:19:42 +0000 (17:19 +0000)]
gitignore decrypted secrets

7 months agoupdate zone files
Tony Finch [Tue, 4 Feb 2020 17:16:28 +0000 (17:16 +0000)]
update zone files

8 months agoupdate zone files
Tony Finch [Mon, 20 Jan 2020 19:10:25 +0000 (19:10 +0000)]
update zone files

8 months agoTTL 24h for all keys
Tony Finch [Mon, 20 Jan 2020 19:03:37 +0000 (19:03 +0000)]
TTL 24h for all keys

8 months agoCDS change for dotat.at and cb4.eu
Tony Finch [Mon, 20 Jan 2020 19:01:52 +0000 (19:01 +0000)]
CDS change for dotat.at and cb4.eu

8 months agoStart algorithm rollover to ECDSAp256
Tony Finch [Mon, 13 Jan 2020 14:44:06 +0000 (14:44 +0000)]
Start algorithm rollover to ECDSAp256

15 months agopopulate ed448
Tony Finch [Fri, 7 Jun 2019 16:03:23 +0000 (17:03 +0100)]
populate ed448

15 months agoconfigure new zone
Tony Finch [Fri, 7 Jun 2019 15:52:19 +0000 (16:52 +0100)]
configure new zone

15 months agoan ed448 test zone
Tony Finch [Fri, 7 Jun 2019 15:50:12 +0000 (16:50 +0100)]
an ed448 test zone

15 months agoHandy script for creaitng an empty zone
Tony Finch [Fri, 7 Jun 2019 15:50:04 +0000 (16:50 +0100)]
Handy script for creaitng an empty zone

15 months agocurrent zone state
Tony Finch [Fri, 7 Jun 2019 15:47:22 +0000 (16:47 +0100)]
current zone state

17 months agoSync zones - delegation fixes
Tony Finch [Mon, 29 Apr 2019 18:46:31 +0000 (19:46 +0100)]
Sync zones - delegation fixes

17 months agoSend notifies from grey to gratisdns
Tony Finch [Mon, 29 Apr 2019 18:28:34 +0000 (19:28 +0100)]
Send notifies from grey to gratisdns

17 months agoAllow primary/secondary synonyms when generating named.static-stub
Tony Finch [Mon, 29 Apr 2019 17:55:36 +0000 (18:55 +0100)]
Allow primary/secondary synonyms when generating named.static-stub

17 months agoMake grey a secondary of onyx
Tony Finch [Mon, 29 Apr 2019 17:30:20 +0000 (18:30 +0100)]
Make grey a secondary of onyx

I think onyx is working enough that I can get grey to secondary from
it, and external secondaries will continue to get zones from grey
while onyx doesn't have port 53 access.

17 months agoDo not include journals when converting zones for diffing
Tony Finch [Mon, 29 Apr 2019 17:46:59 +0000 (18:46 +0100)]
Do not include journals when converting zones for diffing

If we are running git log --patch then old revisions of the
zone will not correspond to the current journal. So, just
rely on running rndc sync before committing modified zones.

17 months agoMake it easy to append .gitconfig to .git/config
Tony Finch [Mon, 29 Apr 2019 17:46:48 +0000 (18:46 +0100)]
Make it easy to append .gitconfig to .git/config

17 months agoKeep NS records pointing at grey for now
Tony Finch [Mon, 29 Apr 2019 17:45:32 +0000 (18:45 +0100)]
Keep NS records pointing at grey for now

The CUDN port 53 block means onyx can't quite take over yet

17 months agoUpdate NS and SOA to point to onyx
Tony Finch [Mon, 29 Apr 2019 14:20:20 +0000 (15:20 +0100)]
Update NS and SOA to point to onyx

17 months agodelete unused zones
Tony Finch [Fri, 26 Apr 2019 20:35:51 +0000 (21:35 +0100)]
delete unused zones

17 months agobin/setup: create static-stub config file and set perms
Tony Finch [Fri, 26 Apr 2019 20:25:48 +0000 (21:25 +0100)]
bin/setup: create static-stub config file and set perms

17 months agodecrypt-receiver: correct permissions
Tony Finch [Fri, 26 Apr 2019 20:25:30 +0000 (21:25 +0100)]
decrypt-receiver: correct permissions

17 months agoscripts for installing decrypted keys
Tony Finch [Fri, 26 Apr 2019 19:53:28 +0000 (20:53 +0100)]
scripts for installing decrypted keys

17 months agoauto-dnssec maintain needs to be per zone not a main option
Tony Finch [Fri, 26 Apr 2019 19:53:03 +0000 (20:53 +0100)]
auto-dnssec maintain needs to be per zone not a main option

17 months agogreat renaming
Tony Finch [Fri, 26 Apr 2019 19:24:44 +0000 (20:24 +0100)]
great renaming

Flatten the directory structure and defragment the configuration

Remove some cruft, such as cb4.blue (which is hosted by Fastmail)
and some unused keys.

17 months agoworking directory no longer needed
Tony Finch [Fri, 26 Apr 2019 18:49:09 +0000 (19:49 +0100)]
working directory no longer needed

17 months agocurrent versions of zones
Tony Finch [Fri, 26 Apr 2019 16:56:19 +0000 (17:56 +0100)]
current versions of zones

17 months agoexperimental dnssec-keymgr policy
Tony Finch [Fri, 26 Apr 2019 16:15:53 +0000 (17:15 +0100)]
experimental dnssec-keymgr policy

17 months agoan empty zone
Tony Finch [Fri, 26 Apr 2019 15:34:26 +0000 (16:34 +0100)]
an empty zone

17 months agorandom scripts for analysing the zone signing process
Tony Finch [Fri, 26 Apr 2019 15:33:54 +0000 (16:33 +0100)]
random scripts for analysing the zone signing process

17 months agocb4.blue backup domain
Tony Finch [Fri, 26 Apr 2019 14:51:35 +0000 (15:51 +0100)]
cb4.blue backup domain

17 months agoexperimental config for faster key rollovers on fanf2.ucam.org
Tony Finch [Fri, 26 Apr 2019 14:49:59 +0000 (15:49 +0100)]
experimental config for faster key rollovers on fanf2.ucam.org

17 months agoprune working servers from noedns list
Tony Finch [Fri, 26 Apr 2019 14:47:39 +0000 (15:47 +0100)]
prune working servers from noedns list

17 months agokill old key
Tony Finch [Fri, 26 Apr 2019 14:13:00 +0000 (15:13 +0100)]
kill old key

17 months agowhoops, accidental key rollover
Tony Finch [Fri, 26 Apr 2019 14:12:30 +0000 (15:12 +0100)]
whoops, accidental key rollover

17 months agobetter static-stub generation
Tony Finch [Fri, 26 Apr 2019 13:48:49 +0000 (14:48 +0100)]
better static-stub generation

sort the file so it is in a consistent order,
and trim trailing dots off zone names

17 months ago10.in-addr.arpa is in the catalog zone now
Tony Finch [Fri, 26 Apr 2019 13:44:55 +0000 (14:44 +0100)]
10.in-addr.arpa is in the catalog zone now

17 months agocorrect rpz block target
Tony Finch [Fri, 26 Apr 2019 13:41:28 +0000 (14:41 +0100)]
correct rpz block target

17 months agoremove deny-answer experiment
Tony Finch [Fri, 26 Apr 2019 13:41:03 +0000 (14:41 +0100)]
remove deny-answer experiment

17 months agofriendly probing has moved
Tony Finch [Fri, 26 Apr 2019 13:40:43 +0000 (14:40 +0100)]
friendly probing has moved

17 months agorrset-order is random now bug is fixed
Tony Finch [Fri, 26 Apr 2019 13:40:09 +0000 (14:40 +0100)]
rrset-order is random now bug is fixed

17 months agostop nsid noise
Tony Finch [Fri, 26 Apr 2019 13:39:41 +0000 (14:39 +0100)]
stop nsid noise

17 months agovalidation is auto by default now
Tony Finch [Fri, 26 Apr 2019 13:39:14 +0000 (14:39 +0100)]
validation is auto by default now

17 months agonamed.conf: experiments with deny-answer-{aliases,addresses}
Tony Finch [Wed, 22 Aug 2018 13:07:39 +0000 (14:07 +0100)]
named.conf: experiments with deny-answer-{aliases,addresses}

17 months agonamed.conf: new CUDN IPv6 prefix
Tony Finch [Wed, 22 Aug 2018 13:07:20 +0000 (14:07 +0100)]
named.conf: new CUDN IPv6 prefix

17 months agonamed.conf: tweak whitespace
Tony Finch [Wed, 22 Aug 2018 13:07:08 +0000 (14:07 +0100)]
named.conf: tweak whitespace

17 months agonamed.conf: use TTL units in response-policy clause
Tony Finch [Wed, 13 Jun 2018 10:04:36 +0000 (11:04 +0100)]
named.conf: use TTL units in response-policy clause

17 months agonamed.conf: enable nsid in outgoing queries
Tony Finch [Wed, 13 Jun 2018 10:04:07 +0000 (11:04 +0100)]
named.conf: enable nsid in outgoing queries

17 months agonamed.conf: more precise recursion ACLs
Tony Finch [Wed, 13 Jun 2018 10:03:32 +0000 (11:03 +0100)]
named.conf: more precise recursion ACLs

17 months agonamed: drop spamhaus zones
Tony Finch [Tue, 27 Mar 2018 16:27:26 +0000 (17:27 +0100)]
named: drop spamhaus zones

17 months agonamed: remove spamhaus zones which will be going away
Tony Finch [Mon, 26 Mar 2018 17:15:50 +0000 (18:15 +0100)]
named: remove spamhaus zones which will be going away

17 months agoEnable serve-stale and rrset-order random and sort options
Tony Finch [Tue, 20 Feb 2018 16:51:58 +0000 (16:51 +0000)]
Enable serve-stale and rrset-order random and sort options

17 months agoimprove formatting of the versions summary
Tony Finch [Wed, 31 Jan 2018 18:00:52 +0000 (18:00 +0000)]
improve formatting of the versions summary

17 months agoanother set of entries for the nocookie list
Tony Finch [Wed, 31 Jan 2018 18:00:34 +0000 (18:00 +0000)]
another set of entries for the nocookie list

17 months agoadd LSB init metadata
Tony Finch [Wed, 31 Jan 2018 17:59:40 +0000 (17:59 +0000)]
add LSB init metadata

17 months agouse relative path for catz
Tony Finch [Wed, 31 Jan 2018 17:58:42 +0000 (17:58 +0000)]
use relative path for catz

17 months agoadd dev.dns.cam.ac.uk
Tony Finch [Wed, 31 Jan 2018 17:58:28 +0000 (17:58 +0000)]
add dev.dns.cam.ac.uk

17 months agodev zone for work
Tony Finch [Tue, 12 Dec 2017 14:33:17 +0000 (14:33 +0000)]
dev zone for work

17 months agolocal rpz test
Tony Finch [Tue, 31 Oct 2017 12:34:30 +0000 (12:34 +0000)]
local rpz test

17 months agotest ed25519 zone
Tony Finch [Tue, 31 Oct 2017 12:33:53 +0000 (12:33 +0000)]
test ed25519 zone

17 months agoupdate masters
Tony Finch [Tue, 31 Oct 2017 12:33:12 +0000 (12:33 +0000)]
update masters

17 months agogitignore zone list
Tony Finch [Tue, 31 Oct 2017 12:32:57 +0000 (12:32 +0000)]
gitignore zone list

17 months agoRelative paths so named-checkconf does not need root
Tony Finch [Tue, 31 Oct 2017 12:32:14 +0000 (12:32 +0000)]
Relative paths so named-checkconf does not need root

17 months agoInclude non-catz zones in static-stub list
Tony Finch [Tue, 31 Oct 2017 12:29:12 +0000 (12:29 +0000)]
Include non-catz zones in static-stub list

17 months agodpkg --compare-versions is better than ls -v
Tony Finch [Wed, 13 Sep 2017 19:29:35 +0000 (20:29 +0100)]
dpkg --compare-versions is better than ls -v

17 months agoRPZ zones must be slave not static-stub
Tony Finch [Mon, 11 Sep 2017 18:43:28 +0000 (19:43 +0100)]
RPZ zones must be slave not static-stub

17 months agoDrop builtin zone hackery
Tony Finch [Mon, 11 Sep 2017 18:26:11 +0000 (19:26 +0100)]
Drop builtin zone hackery

17 months agoNo more static master files
Tony Finch [Wed, 6 Sep 2017 22:46:50 +0000 (23:46 +0100)]
No more static master files

17 months agoUse catz.arpa.cam.ac.uk
Tony Finch [Wed, 6 Sep 2017 22:46:19 +0000 (23:46 +0100)]
Use catz.arpa.cam.ac.uk

17 months agoEDNS blocklist
Tony Finch [Wed, 6 Sep 2017 17:42:47 +0000 (18:42 +0100)]
EDNS blocklist

17 months agoActually, drop the remaining empty zones too.
Tony Finch [Wed, 6 Sep 2017 17:40:07 +0000 (18:40 +0100)]
Actually, drop the remaining empty zones too.

as112.arpa is a built-in empty zone, and localhost queries
should be handled by the stub not the recursive server.

17 months agoRFC 8198 cheese shop means we don't need all these empty zones.
Tony Finch [Wed, 6 Sep 2017 17:37:47 +0000 (18:37 +0100)]
RFC 8198 cheese shop means we don't need all these empty zones.

17 months agoAdd qwest to EDNS badlist. Bad EDNS! No cookie!
Tony Finch [Tue, 11 Jul 2017 15:31:21 +0000 (16:31 +0100)]
Add qwest to EDNS badlist. Bad EDNS! No cookie!

17 months agoCorrect order of arguments to ln -s, sigh
Tony Finch [Fri, 7 Jul 2017 19:06:02 +0000 (20:06 +0100)]
Correct order of arguments to ln -s, sigh

17 months agoBetter minimal-responses config
Tony Finch [Fri, 7 Jul 2017 19:05:41 +0000 (20:05 +0100)]
Better minimal-responses config

17 months agoVerisign cookie problem fixed
Tony Finch [Fri, 7 Jul 2017 19:05:18 +0000 (20:05 +0100)]
Verisign cookie problem fixed

17 months agoProper deny-except ACL syntax
Tony Finch [Mon, 3 Jul 2017 16:38:53 +0000 (17:38 +0100)]
Proper deny-except ACL syntax

17 months agoMitigation for CVE-2017-3143
Tony Finch [Fri, 30 Jun 2017 11:55:39 +0000 (12:55 +0100)]
Mitigation for CVE-2017-3143

17 months agoWork around problems with whois.verisign-grs.com
Tony Finch [Fri, 16 Jun 2017 16:29:10 +0000 (17:29 +0100)]
Work around problems with whois.verisign-grs.com

17 months agoetc: prune outdated comment
Tony Finch [Thu, 13 Apr 2017 10:03:34 +0000 (11:03 +0100)]
etc: prune outdated comment

17 months agoetc: rc.named help
Tony Finch [Thu, 13 Apr 2017 10:03:22 +0000 (11:03 +0100)]
etc: rc.named help

17 months agoResync zones
Tony Finch [Mon, 3 Apr 2017 13:15:22 +0000 (14:15 +0100)]
Resync zones

17 months agoSupport rc.named reconfig as well as reload
Tony Finch [Mon, 3 Apr 2017 13:13:30 +0000 (14:13 +0100)]
Support rc.named reconfig as well as reload

17 months agoSecondary root zone from K since F moved to Cloudflare
Tony Finch [Mon, 3 Apr 2017 13:10:03 +0000 (14:10 +0100)]
Secondary root zone from K since F moved to Cloudflare