Ryan Malloy
618e9504e7
Adds a second non-HE public secondary that pulls AXFR from dell01 (the
hidden primary at 154.27.180.210) and answers public queries on
ns.supported.systems (64.177.113.227, 2001:19f0:5c00:4daa:5400:6ff:fe2d:38fa).
secondary/
Corefile generated, 84 zones + REFUSED catch-all
docker-compose.yml CoreDNS in host-net mode
Makefile up/down/logs/regen/test/axfr-test
.env / .env.example image pin + bind IPs
scripts/generate-secondary-corefile.sh reads ../zones/*.zone
scripts/notify-he.py → notify-secondaries.py
adds 64.177.113.227 as a second
NOTIFY target alongside HE's
216.218.130.2
Uses CoreDNS's `bind` plugin to avoid colliding with systemd-resolved
on loopback :53. Authoritative-only — non-listed zones get REFUSED, no
recursion. AXFR pull requires opening TCP/53 on dell01's FortiWiFi for
the secondary's IP (manual step, separate from this commit).
30 lines
2.4 KiB
Plaintext
30 lines
2.4 KiB
Plaintext
# AUTO-GENERATED by secondary/scripts/generate-secondary-corefile.sh
|
|
# Source: /home/rpm/claude/coredns/zones/*.zone (84 zones)
|
|
# Re-generated: 2026-05-20T18:37:08-06:00
|
|
# DO NOT EDIT BY HAND — re-run the generator instead.
|
|
|
|
# Public secondary for 84 zones. Pulls AXFR/IXFR from
|
|
# 154.27.180.210 (dell01 hidden primary) and serves the public face.
|
|
# Inbound NOTIFY from the same IP triggers immediate re-poll.
|
|
acrazy.org. automaton.global. automaton.host. blender.bet. blender.cam. blender.partners. blender.quest. blender.systems. cloud-dine.com. context.bet. coopermalloy.com. copper-springs.online. cyberinsuranceapp.com. demostar.app. demostar.click. demostar.io. demostar.net. demo-tube.com. dignity.ink. dope.team. encom.cash. encom.ink. encom.website. encom.wtf. enls.us. enls.video. freemyradicals.com. garage.ceo. garage.christmas. garage.doctor. garage.dog. garage.engineering. garage.makeup. garage.rocks. garage.supply. glennsferry.site. home-inspector.app. home-inspector.pics. home-inspector.site. home-inspector.store. home-inspector.website. homestar.ink. inpect.pro. inspect.monster. inspect.pics. inspects.homes. inspect.systems. jobsite.homes. kg7q.cc. log.doctor. lukascrockett.com. malloys.us. mcpdash.wtf. mcp.website. myhood.us. nielsen-inspections.com. nielsens.world. ourjob.site. paigemalloy.com. paythatway.com. powdercoatedcabinents.com. powdercoatedcabinet.com. powdercotedcabinets.com. prezhub.com. reviewr.guru. rsvp-for.de. ryanmalloy.com. screencast.systems. septic.report. sidejob.pro. spencernewbolt.com. supported.systems. supportedsystems.com. supportedsystems.net. syslog.chat. tatemalloy.com. tateorrtot.games. timber.ink. trackfeeds.cloud. tuckermalloy.com. upc.llc. warehack.ing. westboise.org. zmesh.systems. {
|
|
bind 64.177.113.227 2001:19f0:5c00:4daa:5400:06ff:fe2d:38fa
|
|
secondary {
|
|
transfer from 154.27.180.210
|
|
}
|
|
log
|
|
errors
|
|
# No `cache` plugin — authoritative answers don't need it
|
|
# and caching authoritative responses muddies TTL semantics.
|
|
}
|
|
|
|
# Catch-all block: anything outside the authoritative zone list
|
|
# returns REFUSED. We're not a recursive resolver — public clients
|
|
# asking us to recurse get an explicit no.
|
|
. {
|
|
bind 64.177.113.227 2001:19f0:5c00:4daa:5400:06ff:fe2d:38fa
|
|
errors
|
|
log
|
|
# No plugins that answer — empty chain → REFUSED.
|
|
# (The `errors` + `log` plugins record the attempt for visibility.)
|
|
}
|