diff --git a/.gitmodules b/.gitmodules
index f5677f5c..26e5463e 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -3,7 +3,7 @@
 	url = https://github.com/jtyr/ansible-udev_rename_netiface.git
 [submodule "ansible/roles/network_interface"]
 	path = ansible/roles/network_interface
-	url = https://github.com/mit-scripts/ansible.network_interface.git
+	url = https://github.com/MartinVerges/ansible.network_interface.git
 [submodule "ansible/roles/pacemaker-corosync"]
 	path = ansible/roles/pacemaker-corosync
 	url = https://github.com/mit-scripts/ansible-pacemaker-corosync.git
diff --git a/README b/README
index 67da69c3..0d2ec318 100644
--- a/README
+++ b/README
@@ -1,12 +1,10 @@
+ansible:
+  Ansible configuration for LVS directors and syslog servers (and
+  hopefully everything else, in the future)
+
 host:
   files needed to set up a scripts.mit.edu hypervisor (aka VM host)
 
-locker:
-  files associated with the scripts Athena locker
-
-lvs:
-  files needed to set up a scripts.mit.edu director (aka load balancer)
-
 server:
   files needed to run a scripts.mit.edu server (aka realserver)
 
diff --git a/ansible/.gitignore b/ansible/.gitignore
new file mode 100644
index 00000000..a8b42eb6
--- /dev/null
+++ b/ansible/.gitignore
@@ -0,0 +1 @@
+*.retry
diff --git a/ansible/files/ldirectord.cf b/ansible/files/ldirectord.cf
index 9a511bf9..10a150d6 100644
--- a/ansible/files/ldirectord.cf
+++ b/ansible/files/ldirectord.cf
@@ -6,18 +6,18 @@ quiescent=yes
 
 # iptables rules caused SMTP to use FWM 3
 virtual=3
-        #real=18.181.0.53:25  gate 4096 # old-faithful
-        #real=18.181.0.57:25  gate 4096 # better-mousetrap
-        real=18.181.0.167:25 gate 4096 # bees-knees
-	real=18.181.0.228:25 gate 1024 # cats-whiskers
-	real=18.181.0.234:25 gate 4096 # busy-beaver
-	#real=18.181.0.235:25 gate 4096 # real-mccoy
-	real=18.181.0.237:25 gate 4096 # pancake-bunny
-	#real=18.181.0.236:25 gate 1024 # whole-enchilada
-	real=18.181.0.135:25 gate 4096 # shining-armor
-	#real=18.181.0.141:25 gate 4096 # golden-egg
-	#real=18.181.0.203:25 gate 4096 # miracle-cure
-	#real=18.181.0.204:25 gate 4096 # lucky-star
+	#real=18.4.86.53:25  gate 4096 # old-faithful
+	#real=18.4.86.57:25  gate 4096 # better-mousetrap
+	real=18.4.86.167:25 gate 4096 # bees-knees
+	real=18.4.86.228:25 gate 1024 # cats-whiskers
+	real=18.4.86.234:25 gate 4096 # busy-beaver
+	#real=18.4.86.235:25 gate 4096 # real-mccoy
+	real=18.4.86.237:25 gate 4096 # pancake-bunny
+	#real=18.4.86.236:25 gate 1024 # whole-enchilada
+	real=18.4.86.135:25 gate 4096 # shining-armor
+	#real=18.4.86.141:25 gate 4096 # golden-egg
+	#real=18.4.86.203:25 gate 4096 # miracle-cure
+	#real=18.4.86.204:25 gate 4096 # lucky-star
 	service=http
 	request="heartbeat/smtp"
 	virtualhost="scripts.mit.edu"
@@ -32,18 +32,18 @@ virtual=3
 
 # Apache (80, 443, and 444) uses FWM 2
 virtual=2
-	#real=18.181.0.53  gate 4096 # old-faithful
-	#real=18.181.0.57  gate 4096 # better-mousetrap
-	real=18.181.0.167 gate 4096 # bees-knees
-	real=18.181.0.228 gate 1024 # cats-whiskers
-	real=18.181.0.234 gate 4096 # busy-beaver
-	#real=18.181.0.235 gate 4096 # real-mccoy
-	real=18.181.0.237 gate 4096 # pancake-bunny
-	#real=18.181.0.236 gate 1024 # whole-enchilada
-	real=18.181.0.135 gate 4096 # shining-armor
-	#real=18.181.0.141 gate 4096 # golden-egg 
-	#real=18.181.0.203 gate 4096 # miracle-cure
-	#real=18.181.0.204 gate 4096 # lucky-star
+	#real=18.4.86.53  gate 4096 # old-faithful
+	#real=18.4.86.57  gate 4096 # better-mousetrap
+	real=18.4.86.167 gate 4096 # bees-knees
+	real=18.4.86.228 gate 1024 # cats-whiskers
+	real=18.4.86.234 gate 4096 # busy-beaver
+	#real=18.4.86.235 gate 4096 # real-mccoy
+	real=18.4.86.237 gate 4096 # pancake-bunny
+	#real=18.4.86.236 gate 1024 # whole-enchilada
+	real=18.4.86.135 gate 4096 # shining-armor
+	#real=18.4.86.141 gate 4096 # golden-egg
+	#real=18.4.86.203 gate 4096 # miracle-cure
+	#real=18.4.86.204 gate 4096 # lucky-star
 	fallback=127.0.0.1 gate
 	service=http
 	request="heartbeat/http"
@@ -57,18 +57,18 @@ virtual=2
 
 # Everything else uses FWM 1 and gets sent only to the primary
 virtual=1
-        #real=18.181.0.53  gate "heartbeat/services", "1"  # old-faithful
-        #real=18.181.0.57  gate "heartbeat/services", "2"  # better-mousetrap
-        real=18.181.0.167 gate "heartbeat/services", "3"  # bees-knees
-	real=18.181.0.228 gate "heartbeat/services", "4"  # cats-whiskers
-	real=18.181.0.234 gate "heartbeat/services", "5"  # busy-beaver
-	#real=18.181.0.235 gate "heartbeat/services", "6"  # real-mccoy
-	real=18.181.0.237 gate "heartbeat/services", "7"  # pancake-bunny
-	#real=18.181.0.236 gate "heartbeat/services", "8"  # whole-enchilada
-	real=18.181.0.135 gate "heartbeat/services", "9"  # shining-armor
-	#real=18.181.0.141 gate "heartbeat/services", "10" # golden-egg
-	#real=18.181.0.203 gate "heartbeat/services", "11" # miracle-cure
-	#real=18.181.0.204 gate "heartbeat/services", "12" # lucky-star
+	#real=18.4.86.53  gate "heartbeat/services", "1"  # old-faithful
+	#real=18.4.86.57  gate "heartbeat/services", "2"  # better-mousetrap
+	real=18.4.86.167 gate "heartbeat/services", "3"  # bees-knees
+	real=18.4.86.228 gate "heartbeat/services", "4"  # cats-whiskers
+	real=18.4.86.234 gate "heartbeat/services", "5"  # busy-beaver
+	#real=18.4.86.235 gate "heartbeat/services", "6"  # real-mccoy
+	real=18.4.86.237 gate "heartbeat/services", "7"  # pancake-bunny
+	#real=18.4.86.236 gate "heartbeat/services", "8"  # whole-enchilada
+	real=18.4.86.135 gate "heartbeat/services", "9"  # shining-armor
+	#real=18.4.86.141 gate "heartbeat/services", "10" # golden-egg
+	#real=18.4.86.203 gate "heartbeat/services", "11" # miracle-cure
+	#real=18.4.86.204 gate "heartbeat/services", "12" # lucky-star
 	service=http
         scheduler=wrr
         protocol=fwm
diff --git a/ansible/files/scripts-syslog.conf b/ansible/files/scripts-syslog.conf
index 2855b625..8d9fc0bd 100644
--- a/ansible/files/scripts-syslog.conf
+++ b/ansible/files/scripts-syslog.conf
@@ -19,6 +19,8 @@ if \
         $msg startswith ' PAM service(sshd) ignoring max retries; ' \
         or \
         $msg startswith ' error: maximum authentication attempts exceeded for ' \
+        or \
+        $msg startswith ' error: Received disconnect from ' \
     )) \
 then |/run/zephyr-syslog-private;RSYSLOG_SyslogProtocol23Format
 
diff --git a/ansible/inventory.yml b/ansible/inventory.yml
index 588de87a..355236a3 100644
--- a/ansible/inventory.yml
+++ b/ansible/inventory.yml
@@ -7,6 +7,8 @@ all:
     - username: andersk
     - username: btidor
       root_mail: btidor-scripts@mit.edu
+    - username: cela
+      root_mail: null
     - username: cereslee
     - username: ezyang
     - username: geofft
@@ -18,34 +20,18 @@ all:
     - username: vasilvv
 
     vips:
-    - host: scripts-director.mit.edu
-      ip: 18.181.0.132
-      cidr_netmask: 16
-      nic: vlan181
     - host: scripts-director-new.mit.edu
       ip: 18.4.86.132
       cidr_netmask: 24
       nic: vlan486
-    - host: scripts.mit.edu
-      ip: 18.181.0.43
-      cidr_netmask: 16
-      nic: vlan181
     - host: scripts-new.mit.edu
       ip: 18.4.86.43
       cidr_netmask: 24
       nic: vlan486
-    - host: scripts-cert.mit.edu
-      ip: 18.181.0.50
-      cidr_netmask: 16
-      nic: vlan181
     - host: scripts-cert-new.mit.edu
       ip: 18.4.86.50
       cidr_netmask: 24
       nic: vlan486
-    - host: scripts-vhosts.mit.edu
-      ip: 18.181.0.46
-      cidr_netmask: 16
-      nic: vlan181
     - host: scripts-vhosts-new.mit.edu
       ip: 18.4.86.46
       cidr_netmask: 24
@@ -54,18 +40,10 @@ all:
       ip: 18.4.86.229
       cidr_netmask: 24
       nic: vlan486
-    - host: sipb.mit.edu
-      ip: 18.181.0.29
-      cidr_netmask: 16
-      nic: vlan181
     - host: sipb-new.mit.edu
       ip: 18.4.86.29
       cidr_netmask: 24
       nic: vlan486
-    - host: webzephyr.mit.edu
-      ip: 18.181.0.49
-      cidr_netmask: 16
-      nic: vlan181
 
     rsyslogs:
     - 18.4.86.15  # log-flume
@@ -75,18 +53,12 @@ all:
     scripts-directors:
       hosts:
         george-lucas.mit.edu:
-          vlan181_address: 18.181.0.220
-          vlan181_hwaddr: 00:50:56:87:9b:7d
           vlan486_address: 18.4.86.220
           vlan486_hwaddr: 00:50:56:87:03:c5
         joss-whedon.mit.edu:
-          vlan181_address: 18.181.0.226
-          vlan181_hwaddr: 00:50:56:87:2c:8e
           vlan486_address: 18.4.86.226
           vlan486_hwaddr: 00:50:56:87:c2:23
         christopher-nolan.mit.edu:
-          vlan181_address: 18.181.0.111
-          vlan181_hwaddr: 00:50:56:87:07:a0
           vlan486_address: 18.4.86.111
           vlan486_hwaddr: 00:50:56:87:d4:4e
 
diff --git a/ansible/roles/k5login/handlers/main.yml b/ansible/roles/k5login/handlers/main.yml
new file mode 100644
index 00000000..a5df68bb
--- /dev/null
+++ b/ansible/roles/k5login/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: reload ssh
+  service: name=ssh state=reloaded
diff --git a/ansible/roles/k5login/tasks/main.yml b/ansible/roles/k5login/tasks/main.yml
new file mode 100644
index 00000000..c88cc340
--- /dev/null
+++ b/ansible/roles/k5login/tasks/main.yml
@@ -0,0 +1,19 @@
+- name: Enable GSSAPIAuthentication
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '(?i)^#?\s*GSSAPIAuthentication\s'
+    line: GSSAPIAuthentication yes
+  notify: reload ssh
+- name: Disable PasswordAuthentication
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '(?i)^#?\s*PasswordAuthentication\s'
+    line: PasswordAuthentication no
+  notify: reload ssh
+- name: Update k5login
+  copy:
+    dest: /root/.k5login
+    content: |
+      {% for maintainer in maintainers %}
+      {{ maintainer.username }}/root@ATHENA.MIT.EDU
+      {% endfor %}
diff --git a/ansible/roles/lvs-iptables/files/scripts-iptables.rules.v4 b/ansible/roles/lvs-iptables/files/scripts-iptables.rules.v4
index dff37643..9abb3756 100644
--- a/ansible/roles/lvs-iptables/files/scripts-iptables.rules.v4
+++ b/ansible/roles/lvs-iptables/files/scripts-iptables.rules.v4
@@ -13,13 +13,10 @@
 :scripts - [0:0]
 
 # scripts-vhosts.mit.edu
--A PREROUTING -d 18.181.0.46 -j scripts
 -A PREROUTING -d 18.4.86.46 -j scripts
 # scripts.mit.edu
--A PREROUTING -d 18.181.0.43 -j scripts
 -A PREROUTING -d 18.4.86.43 -j scripts
 # scripts-cert.mit.edu
--A PREROUTING -d 18.181.0.50 -j scripts
 -A PREROUTING -d 18.4.86.50 -j scripts
 
 # Send Apache-bound traffic to FWM 2 (load-balanced)
@@ -31,21 +28,14 @@
 # Send everything else to FWM 1 (primary)
 -A scripts -m mark --mark 0 -j MARK --set-mark 1
 
-# webzephyr.mit.edu is special because its SMTP needs to always go to the primary (FWM 1)
--A PREROUTING -m tcp -m multiport -p tcp -d 18.181.0.49 --dports 80,443,444 -j MARK --set-mark 2
--A PREROUTING -m mark --mark 0 -d 18.181.0.49 -j MARK --set-mark 1
-
 # scripts-primary.mit.edu goes to the primary (FWM 1) on all ports
--A PREROUTING -d 18.181.0.182 -j MARK --set-mark 1
 -A PREROUTING -d 18.4.86.182 -j MARK --set-mark 1
 
 # sipb.mit.edu acts like regular scripts for the web ports, everything else goes to i-hate-penguins.xvm.mit.edu (FWM 4)
--A PREROUTING -m tcp -m multiport -p tcp -d 18.181.0.29 --dports 80,443,444 -j MARK --set-mark 2
 -A PREROUTING -m tcp -m multiport -p tcp -d 18.4.86.29 --dports 80,443,444 -j MARK --set-mark 2
 # Also send port 25 there too because the IP is shared with rtfm.mit.edu (fix this after renaming the machine)
 #-A PREROUTING -m tcp -m multiport -p tcp -d 18.181.0.29 --dports 20,21,25 -j MARK --set-mark 4
 # All else to i-hate-penguins
--A PREROUTING -m mark --mark 0 -d 18.181.0.29 -j MARK --set-mark 4
 -A PREROUTING -m mark --mark 0 -d 18.4.86.29 -j MARK --set-mark 4
 
 COMMIT
diff --git a/ansible/roles/network_interface b/ansible/roles/network_interface
index 734cc64d..abc5f4e0 160000
--- a/ansible/roles/network_interface
+++ b/ansible/roles/network_interface
@@ -1 +1 @@
-Subproject commit 734cc64d9e96e32ecbbaef68e6868e956c6e3d9f
+Subproject commit abc5f4e04d9ef309f7ca5133f0e0bcc807e926f5
diff --git a/ansible/roles/root-aliases/handlers/main.yml b/ansible/roles/root-aliases/handlers/main.yml
new file mode 100644
index 00000000..6223c95a
--- /dev/null
+++ b/ansible/roles/root-aliases/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: newaliases
+  command: newaliases
diff --git a/ansible/roles/root-aliases/tasks/main.yml b/ansible/roles/root-aliases/tasks/main.yml
new file mode 100644
index 00000000..3021def1
--- /dev/null
+++ b/ansible/roles/root-aliases/tasks/main.yml
@@ -0,0 +1,9 @@
+- name: Update /etc/aliases
+  lineinfile:
+    path: /etc/aliases
+    regexp: '^root:'
+    line: |
+      root: {% for maintainer in maintainers|rejectattr('root_mail', 'none') -%}
+      {{ maintainer.root_mail|default(maintainer.username + '@mit.edu') }}{{ '' if loop.last else ', ' }}
+      {%- endfor %}
+  notify: newaliases
diff --git a/ansible/roles/syslog-client/handlers/main.yml b/ansible/roles/syslog-client/handlers/main.yml
new file mode 100644
index 00000000..ec7373e3
--- /dev/null
+++ b/ansible/roles/syslog-client/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: restart rsyslog
+  service: name=rsyslog state=restarted
diff --git a/ansible/roles/syslog-client/tasks/main.yml b/ansible/roles/syslog-client/tasks/main.yml
new file mode 100644
index 00000000..ce5b6814
--- /dev/null
+++ b/ansible/roles/syslog-client/tasks/main.yml
@@ -0,0 +1,17 @@
+- name: Install rsyslog-relp
+  apt: name=rsyslog-relp state=present
+- name: Configure rsyslog
+  copy:
+    dest: /etc/rsyslog.d/scripts-syslog-client.conf
+    content: |
+      $ModLoad omrelp
+      {% for rsyslog in rsyslogs %}
+      {% if loop.first %}
+      *.info :omrelp:{{ rsyslog }}:2514
+      $ActionExecOnlyWhenPreviousIsSuspended on
+      {% else %}
+      & :omrelp:{{ rsyslog }}:2514
+      {% endif %}
+      {% endfor %}
+      $ActionExecOnlyWhenPreviousIsSuspended off
+  notify: restart rsyslog
diff --git a/ansible/scripts-directors-cib.yml b/ansible/scripts-directors-cib.yml
index 62527bbd..9bd38783 100644
--- a/ansible/scripts-directors-cib.yml
+++ b/ansible/scripts-directors-cib.yml
@@ -1,4 +1,5 @@
 - hosts: scripts-directors[0]
+  serial: 1
 
   vars:
   - dynamic_property_names:
diff --git a/ansible/scripts-directors.yml b/ansible/scripts-directors.yml
index a6425d66..337c60b1 100644
--- a/ansible/scripts-directors.yml
+++ b/ansible/scripts-directors.yml
@@ -1,32 +1,17 @@
 - hosts: scripts-directors
+  serial: 1
   vars:
     network_allow_service_restart: false
     network_ether_interfaces:
-    - device: vlan181
-      hwaddr: "{{ vlan181_hwaddr }}"
-      cidr: "{{ vlan181_address }}/16"
-      gateway: 18.181.0.1
-      dns_nameservers:
-      - 18.70.0.160
-      - 18.72.0.3
-      - 18.71.0.151
-      dns_search: mit.edu
-      options:
-      - metric 1
-      - up ip route add 18.181.0.0/16 table 181 dev vlan181
-      - up ip route add default table 181 via 18.181.0.1 dev vlan181
-      - up ip rule add from 18.181.0.0/16 table 181
-      - down ip rule del table 181
     - device: vlan486
       hwaddr: "{{ vlan486_hwaddr }}"
       cidr: "{{ vlan486_address }}/24"
       gateway: 18.4.86.1
-      options:
-      - metric 2
-      - up ip route add 18.4.86.0/24 table 486 dev vlan486
-      - up ip route add default table 486 via 18.4.86.1 dev vlan486
-      - up ip rule add from 18.4.86.0/24 table 486
-      - down ip rule del table 486
+      dns_nameservers:
+      - 18.0.70.160
+      - 18.0.72.3
+      - 18.0.71.151
+      dns_search: mit.edu
     pacemaker_corosync_ring_interface: vlan486
     pacemaker_corosync_group: scripts-directors
   pre_tasks:
@@ -37,7 +22,6 @@
     with_items:
     - open-vm-tools
     - open-vm-tools-dkms
-    - rsyslog-relp
     - exim4-daemon-light
     - resolvconf
     - mlocate
@@ -63,38 +47,14 @@
       - reconfigure munin-node
       - setup
   roles:
+  - k5login
+  - syslog-client
+  - root-aliases
   - ldirectord-status
   - lvs-iptables
   - lvs-lighttpd
   - munin-node
   tasks:
-  - name: Enable GSSAPIAuthentication
-    lineinfile:
-      path: /etc/ssh/sshd_config
-      regexp: '(?i)^#?\s*GSSAPIAuthentication\s'
-      line: GSSAPIAuthentication yes
-    notify: reload ssh
-  - name: Disable PasswordAuthentication
-    lineinfile:
-      path: /etc/ssh/sshd_config
-      regexp: '(?i)^#?\s*PasswordAuthentication\s'
-      line: PasswordAuthentication no
-    notify: reload ssh
-  - name: Configure rsyslog
-    copy:
-      dest: /etc/rsyslog.d/scripts-syslog-client.conf
-      content: |
-        $ModLoad omrelp
-        {% for rsyslog in rsyslogs %}
-        {% if loop.first %}
-        *.info :omrelp:{{ rsyslog }}:2514
-        $ActionExecOnlyWhenPreviousIsSuspended on
-        {% else %}
-        & :omrelp:{{ rsyslog }}:2514
-        {% endif %}
-        {% endfor %}
-        $ActionExecOnlyWhenPreviousIsSuspended off
-    notify: restart rsyslog
   - name: Install munin cps plugin
     copy:
       dest: /etc/munin/plugins/cps_1_0
@@ -126,22 +86,6 @@
       dest: /etc/nagios/nrpe_local.cfg
       src: files/nrpe_local.cfg
     notify: restart nrpe
-  - name: Update k5login
-    copy:
-      dest: /root/.k5login
-      content: |
-        {% for maintainer in maintainers %}
-        {{ maintainer.username }}/root@ATHENA.MIT.EDU
-        {% endfor %}
-  - name: Update /etc/aliases
-    lineinfile:
-      path: /etc/aliases
-      regexp: '^root:'
-      line: |
-        root: {% for maintainer in maintainers|rejectattr('root_mail', 'none') -%}
-        {{ maintainer.root_mail|default(maintainer.username + '@mit.edu') }}{{ '' if loop.last else ', ' }}
-        {%- endfor %}
-    notify: newaliases
   - name: Load IPVS modules
     copy:
       dest: /etc/modules-load.d/lvs.conf
@@ -194,12 +138,6 @@
       dest: /etc/ha.d/ldirectord.cf
       src: files/ldirectord.cf
   handlers:
-  - name: reload ssh
-    service: name=ssh state=reloaded
-  - name: restart rsyslog
-    service: name=rsyslog state=restarted
-  - name: newaliases
-    command: newaliases
   - name: load modules
     service: name=systemd-modules-load state=restarted
   - name: reload sysctl
diff --git a/ansible/scripts-syslog.yml b/ansible/scripts-syslog.yml
index 39475f36..f5bdb33e 100644
--- a/ansible/scripts-syslog.yml
+++ b/ansible/scripts-syslog.yml
@@ -1,4 +1,8 @@
 - hosts: scripts-syslogs
+  serial: 1
+  roles:
+  - k5login
+  - root-aliases
   tasks:
   - name: Configure Kerberos
     debconf: name=krb5-config question=krb5-config/default_realm vtype=string value=ATHENA.MIT.EDU
@@ -16,34 +20,6 @@
     - libzephyr4-krb5
     - zephyr-clients
     - aptitude
-  - name: Update k5login
-    copy:
-      dest: /root/.k5login
-      content: |
-        {% for maintainer in maintainers %}
-        {{ maintainer.username }}/root@ATHENA.MIT.EDU
-        {% endfor %}
-  - name: Enable GSSAPIAuthentication
-    lineinfile:
-      path: /etc/ssh/sshd_config
-      regexp: '(?i)^#?\s*GSSAPIAuthentication\s'
-      line: GSSAPIAuthentication yes
-    notify: reload ssh
-  - name: Disable PasswordAuthentication
-    lineinfile:
-      path: /etc/ssh/sshd_config
-      regexp: '(?i)^#?\s*PasswordAuthentication\s'
-      line: PasswordAuthentication no
-    notify: reload ssh
-  - name: Update /etc/aliases
-    lineinfile:
-      path: /etc/aliases
-      regexp: '^root:'
-      line: |
-        root: {% for maintainer in maintainers|rejectattr('root_mail', 'none') -%}
-        {{ maintainer.root_mail|default(maintainer.username + '@mit.edu') }}{{ '' if loop.last else ', ' }}
-        {%- endfor %}
-    notify: newaliases
   - name: Start zhm
     service: name=zhm state=started
   - name: Install zephyr-syslog
@@ -103,10 +79,6 @@
     notify: restart rsyslog
 
   handlers:
-  - name: reload ssh
-    service: name=ssh state=reloaded
-  - name: newaliases
-    command: newaliases
   - name: reload systemd
     systemd: daemon_reload=yes
   - name: restart zephyr-syslog@public.service
diff --git a/host/debian/scripts-vm-host/debian/changelog b/host/debian/scripts-vm-host/debian/changelog
index 3362751f..c64b87c2 100644
--- a/host/debian/scripts-vm-host/debian/changelog
+++ b/host/debian/scripts-vm-host/debian/changelog
@@ -1,3 +1,9 @@
+scripts-vm-host (0.9) UNRELEASED; urgency=medium
+
+  * Update SIPB-NOC addresses.
+
+ -- Anders Kaseorg <andersk@mit.edu>  Wed, 25 Apr 2018 01:52:41 -0400
+
 scripts-vm-host (0.8) wheezy; urgency=low
 
   * Take into account config-package-dev now needs .transform files
diff --git a/host/debian/scripts-vm-host/debian/transform_munin-node.conf.scripts b/host/debian/scripts-vm-host/debian/transform_munin-node.conf.scripts
index 404c91ce..934ad942 100644
--- a/host/debian/scripts-vm-host/debian/transform_munin-node.conf.scripts
+++ b/host/debian/scripts-vm-host/debian/transform_munin-node.conf.scripts
@@ -3,7 +3,6 @@
 cat
 cat <<EOF
 allow ^127\.0\.0\.1$
-allow ^18\.187\.1\.128$
-allow ^18\.181\.0\.65$
-allow ^18\.181\.0\.51$
+allow ^18\.4\.60\.65$
+allow ^18\.4\.60\.51$
 EOF
diff --git a/ldap/el/config/etc/dirsrv/slapd-scripts/schema/98scripts-vhost.ldif b/ldap/el/config/etc/dirsrv/slapd-scripts/schema/98scripts-vhost.ldif
index 88e4e398..318b7ea0 100644
--- a/ldap/el/config/etc/dirsrv/slapd-scripts/schema/98scripts-vhost.ldif
+++ b/ldap/el/config/etc/dirsrv/slapd-scripts/schema/98scripts-vhost.ldif
@@ -26,5 +26,11 @@ attributeTypes: ( 1.2.840.113554.4.2.1.4 NAME 'scriptsVhostAccount' DESC 'User a
 attributeTypes: ( 1.2.840.113554.4.2.1.5 NAME 'scriptsVhostCertificate' DESC 'Certificate chain, as a space-separated list of base64 encoded DER' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
 attributeTypes: ( 1.2.840.113554.4.2.1.6 NAME 'scriptsVhostCertificateKeyFile' DESC 'Filename of certificate private key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
 attributeTypes: ( 1.2.840.113554.4.2.1.7 NAME 'scriptsMailboxCommand' DESC 'Command to use when delivering mail' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
-objectClasses: ( 1.2.840.113554.4.2.2.1 NAME 'scriptsVhost' DESC 'Configuration for a Scripts virtual host' SUP top AUXILIARY MUST ( scriptsVhostName $ scriptsVhostDirectory $ scriptsVhostAccount ) MAY ( scriptsVhostAlias $ scriptsVhostCertificate $ scriptsVhostCertificateKeyFile ) X-ORIGIN 'scripts.mit.edu' )
-objectClasses: ( 1.2.840.113554.4.2.2.2 NAME 'scriptsAccount' DESC 'Configuration for a Scripts account' SUP posixAccount AUXILIARY MAY ( scriptsMailboxCommand ) X-ORIGIN 'scripts.mit.edu' )
+attributeTypes: ( 1.2.840.113554.4.2.1.8 NAME 'scriptsBlockMailSubmit' DESC 'Block outgoing mail' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
+attributeTypes: ( 1.2.840.113554.4.2.1.9 NAME 'scriptsVhostPoolIPv4' DESC 'IP for load balancer pool' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
+attributeTypes: ( 1.2.840.113554.4.2.1.10 NAME 'scriptsVhostPoolDNSRecordType' DESC 'DNS record type for scriptsVhostPoolIPv4' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
+attributeTypes: ( 1.2.840.113554.4.2.1.11 NAME 'scriptsVhostPoolTTL' DESC 'TTL for DNS record' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
+attributeTypes: ( 1.2.840.113554.4.2.1.12 NAME 'scriptsVhostPoolUserSelectable' DESC 'Determines if user may select this pool' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
+objectClasses: ( 1.2.840.113554.4.2.2.1 NAME 'scriptsVhost' DESC 'Configuration for a Scripts virtual host' SUP top AUXILIARY MUST ( scriptsVhostName $ scriptsVhostDirectory $ scriptsVhostAccount ) MAY ( scriptsVhostAlias $ scriptsVhostCertificate $ scriptsVhostCertificateKeyFile $ scriptsVhostPoolIPv4 $ scriptsVhostPoolDNSRecordType $ scriptsVhostPoolTTL ) X-ORIGIN 'scripts.mit.edu' )
+objectClasses: ( 1.2.840.113554.4.2.2.2 NAME 'scriptsAccount' DESC 'Configuration for a Scripts account' SUP posixAccount AUXILIARY MAY ( scriptsMailboxCommand $ scriptsBlockMailSubmit $ ntUserComment ) X-ORIGIN 'scripts.mit.edu' )
+objectClasses: ( 1.2.840.113554.4.2.2.3 NAME 'scriptsVhostPool' DESC 'Configuration for Scripts Vhost Pool' SUP top AUXILIARY MUST ( scriptsVhostPoolIPv4 $ cn $ description $ scriptsVhostPoolUserSelectable ) X-ORIGIN 'scripts.mit.edu' )
diff --git a/ldap/el/config/etc/krb5.conf b/ldap/el/config/etc/krb5.conf
index 1449b6bd..e0636dc0 100644
--- a/ldap/el/config/etc/krb5.conf
+++ b/ldap/el/config/etc/krb5.conf
@@ -1,9 +1,13 @@
+# Other applications require this directory to perform krb5 configuration.
+includedir /etc/krb5.conf.d/
+
 [libdefaults]
 	allow_weak_crypto = false
 	default_realm = ATHENA.MIT.EDU
 # The following krb5.conf variables are only for MIT Kerberos.
 	krb4_config = /etc/krb.conf
 	krb4_realms = /etc/krb.realms
+	ignore_acceptor_hostname = true
 	kdc_timesync = 1
 	ccache_type = 4
 	forwardable = true
diff --git a/ldap/el/config/etc/nagios/check_ldap_mmr.real b/ldap/el/config/etc/nagios/check_ldap_mmr.real
index 6fbb3dcf..385f9cd8 100755
--- a/ldap/el/config/etc/nagios/check_ldap_mmr.real
+++ b/ldap/el/config/etc/nagios/check_ldap_mmr.real
@@ -46,7 +46,7 @@ foreach my $entr ( @entries ) {
 }
 print "$nl";
 
-$result=LDAPSearch($ldap,"nsds5ReplConflict=*",["nsds5ReplConflict"],$replicatedBase);
+$result=LDAPSearch($ldap,"(&(objectClass=ldapSubEntry)(nsds5ReplConflict=*))",["nsds5ReplConflict"],$replicatedBase);
 @entries = $result->entries;
 foreach my $entr ( @entries ) {
     my $conflictingDN=$entr->dn();
diff --git a/ldap/el/config/etc/nagios/nrpe.cfg b/ldap/el/config/etc/nagios/nrpe.cfg
index 819e7daa..c6f45810 100644
--- a/ldap/el/config/etc/nagios/nrpe.cfg
+++ b/ldap/el/config/etc/nagios/nrpe.cfg
@@ -76,7 +76,7 @@ nrpe_group=nrpe
 #
 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
 
-allowed_hosts=18.181.0.61,18.181.0.65,18.181.0.51
+allowed_hosts=18.4.60.61,18.4.60.65,18.4.60.51
  
 
 
@@ -122,7 +122,7 @@ dont_blame_nrpe=0
 # syslog facility.
 # Values: 0=debugging off, 1=debugging on
 
-debug=0
+debug=1
 
 
 
@@ -209,14 +209,10 @@ connection_timeout=300
 # config file is set to '1'.  This poses a potential security risk, so
 # make sure you read the SECURITY file before doing this.
 
-command[check_users]=/usr/lib64/nagios/plugins/check_users -w 25 -c 50
 command[check_load]=/usr/lib64/nagios/plugins/check_load -w 50:50:50 -c 100:50:50
 command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w 10% -c 5% -A -i ^/mnt -i ^/sys
 command[check_procs_cpu]=/usr/lib64/nagios/plugins/check_procs -w 4 -c 6 -P 50
-command[check_procs_crond]=/usr/lib64/nagios/plugins/check_procs -w 1: -c 1: -C crond
-command[check_procs_nscd]=/usr/lib64/nagios/plugins/check_procs -w 1:256 -c 1:512 -u nscd
 command[check_procs_postfix]=/usr/lib64/nagios/plugins/check_procs -w 1:128 -c 1:256 -u postfix
 command[check_postfix_mailq]=/usr/lib64/nagios/plugins/check_mailq -w 500 -c 1000 -M postfix
-command[check_cron_working]=/etc/nagios/check_cron_working
 command[check_ldap_mmr]=/etc/nagios/check_ldap_mmr
 command[check_kern_taint]=/etc/nagios/check_kern_taint
diff --git a/ldap/el/config/etc/sysconfig/dirsrv b/ldap/el/config/etc/sysconfig/dirsrv
index 86983636..c25bab96 100644
--- a/ldap/el/config/etc/sysconfig/dirsrv
+++ b/ldap/el/config/etc/sysconfig/dirsrv
@@ -7,38 +7,36 @@
 
 # This file is in systemd EnvironmentFile format - see man systemd.exec
 
-# In order to make more file descriptors available
-# to the directory server, first make sure the system
-# hard limits are raised, then use ulimit - uncomment
-# out the following line and change the value to the
-# desired value
-# ulimit -n 8192
-# note - if using systemd, ulimit won't work -  you must edit
-# the systemd unit file for directory server to add the 
-# LimitNOFILE option - see man systemd.exec for more info
-
-# A per instance keytab does not make much sense for servers.
-# Kerberos clients use the machine FQDN to obtain a ticket like ldap/FQDN, there
-# is nothing that can make a client understand how to get a per-instance ticket.
-# Therefore by default a keytab should be considered a per server option.
-
-# Also this file is sourced for all instances, so again all
-# instances would ultimately get the same keytab.
+# In order to make more file descriptors available to the directory server,
+# first make sure the system hard limits are raised, then use ulimit -
+# uncomment out the following line and change the value to the desired value
+#ulimit -n 8192
+# note - if using systemd, ulimit won't work -  you must edit the systemd unit
+# file for directory server to add the LimitNOFILE option - see "man
+# systemd.exec" for more info
 
+# A per instance keytab does not make much sense for servers.  Kerberos clients
+# use the machine FQDN to obtain a ticket like ldap/FQDN, there is nothing that
+# can make a client understand how to get a per-instance ticket.  Therefore by
+# default a keytab should be considered a per server option.
+#
+# Also this file is sourced for all instances, so again all instances would
+# ultimately get the same keytab.
+#
 # Finally a keytab is normally named either krb5.keytab or <service>.keytab
+#
+# In order to use SASL/GSSAPI (Kerberos) the directory server needs to know
+# where to find its keytab file - uncomment the following line and set the
+# path and filename appropriately.
+# If using systemd, omit the "; export VARNAME" at the end.
+#KRB5_KTNAME=/etc/dirsrv/myname.keytab ; export KRB5_KTNAME
 
-# In order to use SASL/GSSAPI (Kerberos) the directory
-# server needs to know where to find its keytab
-# file - uncomment the following line and set
-# the path and filename appropriately
-# if using systemd, omit the "; export VARNAME" at the end
-# KRB5_KTNAME=/etc/dirsrv/myname.keytab ; export KRB5_KTNAME
-
-# how many seconds to wait for the startpid file to show
-# up before we assume there is a problem and fail to start
-# if using systemd, omit the "; export VARNAME" at the end
+# How many seconds to wait for the startpid file to show up before we assume
+# there is a problem and fail to start.
+# If using systemd, omit the "; export STARTPID_TIME" at the end.
 #STARTPID_TIME=10 ; export STARTPID_TIME
-# how many seconds to wait for the pid file to show
-# up before we assume there is a problem and fail to start
-# if using systemd, omit the "; export VARNAME" at the end
+
+# How many seconds to wait for the pid file to show up before we assume there
+# is a problem and fail to start.
+# If using systemd, omit the "; export PID_TIME" at the end.
 #PID_TIME=600 ; export PID_TIME
diff --git a/lvs/debian/config/etc/iproute2/rt_tables b/lvs/debian/config/etc/iproute2/rt_tables
deleted file mode 100644
index 0d240a6f..00000000
--- a/lvs/debian/config/etc/iproute2/rt_tables
+++ /dev/null
@@ -1,12 +0,0 @@
-#
-# reserved values
-#
-255	local
-254	main
-253	default
-0	unspec
-#
-# local
-#
-#1	inr.ruhep
-10	sipb
diff --git a/lvs/doc/install-howto b/lvs/doc/install-howto
deleted file mode 100644
index 7d1fe5b2..00000000
--- a/lvs/doc/install-howto
+++ /dev/null
@@ -1,31 +0,0 @@
-- TO TEMPORARILY DISABLE HEARTBEAT: on an existing node, run
-  crm_attribute -n is_managed_default -v false
-- confirm that the change occurred with crm_attribute -n is_managed_default -G
-- Install Debian 4.0 from a minimal Debian install CD
-- aptitude install openssh-server krb5-user krb5-clients
-- dpkg-reconfigure krb5-config
-- Set GSSAPIAuthentication yes in /etc/ssh/sshd_config
-- Add keytab and .k5login
-- Edit lvs/debian/config/etc/ha.d/ha.cf in SVN to add "node foo", where foo is the new machine's hostname as reported by uname -n
-- Synchronize /etc out of SVN by running
-svn co https://scripts.mit.edu:1111/lvs/config/etc /etc
-and moving files/directories out of the way as it checks out.
-- aptitude update; aptitude install heartbeat ldirectord lighttpd-mod-magnet; # should install version >= 2.1.2
-- aptitude install munin-node
-- Copy /etc/ha.d/authkeys from an existing LVS node
-- svn up on each existing LVS node and then run /etc/init.d/heartbeat reload
-- If the node will run LVS, run "dpkg-reconfigure ipvsadm" and configure it to run "both" daemons on the correct network interface
-- Run /etc/init.d/heartbeat start on the new node
-- No services will be allocated to this node. To allocate scripts_LVS to it, run
-cibadmin -M -X '
-       <rsc_location id="rsc_location_scripts_LVS_all" rsc="scripts_LVS">
-         <rule id="prefered_rsc_location_scripts_LVS_all" score="-INFINITY" boolean_op="and">
-           <expression attribute="#uname" id="733286ca-cde9-4941-bab0-59af8bd6b55a" operation="ne" value="rack-forward"/>
-           <expression attribute="#uname" id="55373ba0-9e5e-43de-adf6-ac77bfe5bac6" operation="ne" value="not-backward"/>
-	   <expression attribute="#uname" id="UNIQUE_ID" operation="ne" value="new-node"/>
-         </rule>
-       </rsc_location>
-'
-- TO REENABLE HEARTBEAT, run crm_attribute -n is_managed_default -v true
-- Watch /var/log/messages and /var/log/syslog to make sure heartbeat is working
-- Add machine to noc/munin/munin.conf (syn:/etc/munin/munin.conf)
diff --git a/server/common/oursrc/accountadm/mbash.in b/server/common/oursrc/accountadm/mbash.in
index 8ba0fe98..4b8a3468 100644
--- a/server/common/oursrc/accountadm/mbash.in
+++ b/server/common/oursrc/accountadm/mbash.in
@@ -1,3 +1,132 @@
-#!/bin/sh
+#!/usr/bin/env python
 
-exec @bash_path@ --rcfile /usr/local/etc/mbashrc "$@"
+from __future__ import (absolute_import, division, print_function)
+
+import getpass
+import os
+import subprocess
+import sys
+
+BASE_DN = 'dc=scripts,dc=mit,dc=edu'
+
+def get_pool(username):
+    """
+    Check what pool(s) a locker is on.
+
+    Returns: (default vhost pool IP, [(pool name, vhost name)] if multiple pools)
+    """
+    import ldap
+    import ldap.filter
+
+    ldap_uri = ldap.get_option(ldap.OPT_URI)
+
+    ll = ldap.initialize(ldap_uri)
+
+    users = ll.search_s(
+        BASE_DN,
+        ldap.SCOPE_SUBTREE,
+        ldap.filter.filter_format('(&(objectClass=posixAccount)(uid=%s))', [username]),
+        [],
+    )
+    if not users:
+        return None, None
+    user_dn = users[0][0]
+
+    pool_ips = set()
+    vhost_pools = {}
+    for _, attrs in ll.search_s(
+            BASE_DN,
+            ldap.SCOPE_SUBTREE,
+            ldap.filter.filter_format(
+                '(&(objectClass=scriptsVhost)(scriptsVhostAccount=%s))',
+                [user_dn]),
+            ['scriptsVhostName', 'scriptsVhostPoolIPv4'],
+    ):
+        vhost_pools[attrs['scriptsVhostName'][0]] = attrs['scriptsVhostPoolIPv4'][0]
+        pool_ips.add(attrs['scriptsVhostPoolIPv4'][0])
+
+    pool_names = {}
+    for dn, attrs in ll.search_s(
+            BASE_DN,
+            ldap.SCOPE_SUBTREE,
+            '(&(objectClass=scriptsVhostPool)(|'+''.join(
+                ldap.filter.filter_format('(scriptsVhostPoolIPv4=%s)', [ip])
+                for ip in pool_ips
+            )+'))',
+            ['cn', 'scriptsVhostPoolIPv4'],
+    ):
+        pool_names[attrs['scriptsVhostPoolIPv4'][0]] = attrs['cn'][0]
+
+    main_pool = vhost_pools.get(username + '.scripts.mit.edu')
+    other_pools = None
+    if len(pool_ips) > 1:
+        other_pools = sorted(
+            (pool_names.get(pool, pool), vhost)
+            for vhost, pool in vhost_pools.items()
+        )
+    return main_pool, other_pools
+
+def should_forward():
+    """Check if we were invoked by ssh on a vip that requires forwarding."""
+    ssh_connection = os.environ.get('SSH_CONNECTION')
+    if not ssh_connection:
+        return False
+    _, _, laddr, _ = ssh_connection.split(' ')
+    try:
+        with open('/etc/scripts/mbash-vips') as f:
+            if laddr in [l.strip() for l in f]:
+                return True
+    except IOError:
+        return False
+    return False
+
+def has_pool(ip):
+    """Check if the current machine is binding a vip."""
+    return len(subprocess.check_output(['/sbin/ip', 'addr', 'show', 'to', ip])) > 0
+
+def maybe_forward():
+    """
+    Forward the invocation if appropriate.
+
+    exec's when forwarding, so returning means we should run locally.
+    """
+    if not should_forward():
+        return
+    command = None
+    if len(sys.argv) == 3 and sys.argv[1] == '-c':
+        command = sys.argv[2]
+    elif len(sys.argv) != 1:
+        print("Unexpected shell invocation; not forwarding.", file=sys.stderr)
+        return
+    user = getpass.getuser()
+    main_pool, other_pools = get_pool(user)
+    forward = main_pool and not has_pool(main_pool)
+    if forward:
+        print("Forwarding to the server for %s.scripts.mit.edu." % (user,), file=sys.stderr)
+    if other_pools:
+        print("Your account has virtual hosts on multiple server pools; "
+              "to connect to a server for a particular host, "
+              "connect to a specific server:", file=sys.stderr)
+        print(file=sys.stderr)
+        for name, vhost in other_pools:
+            print("%s - ssh %s" % (vhost, name), file=sys.stderr)
+        print(file=sys.stderr)
+    if forward:
+        args = [
+            'ssh',
+            '-F', '/etc/ssh/ssh_config',
+            '-o', 'IdentityFile=none',
+            '-o', 'UserKnownHostsFile=none',
+            main_pool,
+        ]
+        if os.isatty(sys.stdin.fileno()):
+            args.append('-t')
+        if command is not None:
+            args.append('--')
+            args.append(command)
+        os.execv('/usr/bin/ssh', args)
+
+if __name__ == '__main__':
+    maybe_forward()
+
+    os.execv("@bash_path@", ["bash", "--rcfile", "/usr/local/etc/mbashrc"] + sys.argv[1:])
diff --git a/server/common/oursrc/httpdmods/mod_vhost_ldap.c b/server/common/oursrc/httpdmods/mod_vhost_ldap.c
index 32c85a71..7fabfab3 100644
--- a/server/common/oursrc/httpdmods/mod_vhost_ldap.c
+++ b/server/common/oursrc/httpdmods/mod_vhost_ldap.c
@@ -661,11 +661,6 @@ static int mod_vhost_ldap_translate_name(request_rec *r)
 	return HTTP_INTERNAL_SERVER_ERROR;
     }
 
-    if ((code = reconfigure_directive(
-             r->pool, server, "ServerName",
-             apr_pstrcat(r->pool, "'", escape(r->pool, reqc->name), "'", (const char *)NULL))) != 0)
-	return code;
-
     char *docroot =
 	strcmp(reqc->directory, ".") == 0 ?
 	apr_pstrcat(r->pool, reqc->home, "/web_scripts", (const char *)NULL) :
diff --git a/server/common/patches/openafs-scripts.patch b/server/common/patches/openafs-scripts.patch
index 7d082c86..88403fe3 100644
--- a/server/common/patches/openafs-scripts.patch
+++ b/server/common/patches/openafs-scripts.patch
@@ -5,6 +5,7 @@
 # and Edward Z. Yang <ezyang@mit.edu>
 # and Benjamin Kaduk <kaduk@mit.edu>
 # and Alexander Chernyakhovsky <achernya@mit.edu>
+# and Mitchell Berger <mitchb@mit.edu>
 #
 # This file is available under both the MIT license and the GPL.
 #
@@ -119,6 +120,24 @@ index 0087073..df3e4ef 100644
  	return ((fileBits & arights) == arights);	/* true if all rights bits are on */
      }
  }
+@@ -305,7 +329,16 @@ afs_access(OSI_VC_DECL(avc), afs_int32 amode,
+ 			if ((avc->f.m.Mode & 0100) == 0)
+ 			    code = 0;
+ 		} else if (avc->f.m.Mode & 0100)
+-		    code = 1;
++		    /* [scripts] Stock AFS sets code to 1 here and allows an
++		     * attempt at execution even if the AFS permissions don't
++		     * allow reading.  If the read permission is really
++		     * missing, the server would prevent this.  Because we
++		     * return 0 from afs_AccessOK when the read permission is
++		     * present but the UID doesn't match the VID, setting code
++		     * to 1 here would allow any user to execute (and
++		     * therefore read) any program Scripts can read, even if
++		     * it's in the wrong volume. */
++		    ;
+ 	    }
+ 	    if (code && (amode & VWRITE)) {
+ 		code = afs_AccessOK(avc, PRSFS_WRITE, treq, CHECK_MODE_BITS);
 diff --git a/src/afs/VNOPS/afs_vnop_attrs.c b/src/afs/VNOPS/afs_vnop_attrs.c
 index 2eb228f..d5d6e4a 100644
 --- a/src/afs/VNOPS/afs_vnop_attrs.c
diff --git a/server/fedora/config/etc/aliases b/server/fedora/config/etc/aliases
index 14940037..40541d6c 100644
--- a/server/fedora/config/etc/aliases
+++ b/server/fedora/config/etc/aliases
@@ -88,7 +88,7 @@ hostmaster:	root
 decode:		root
 
 # Person who should get root's mail
-root:		andersk@mit.edu, quentin@mit.edu, mitchb@mit.edu, ezyang@mit.edu, xavid@mit.edu, adehnert-sipb@mit.edu, achernya@mit.edu, glasgall@mit.edu, tboning@mit.edu, cereslee@mit.edu, btidor-scripts@mit.edu, vasilvv@mit.edu
+# root: (moved to /etc/scripts/root-procmailrc so this mail gets spam filtered)
 
 scripts:	root
 signup:		root
diff --git a/server/fedora/config/etc/default/grub b/server/fedora/config/etc/default/grub
index 394dcc40..18fbbdcf 100644
--- a/server/fedora/config/etc/default/grub
+++ b/server/fedora/config/etc/default/grub
@@ -3,4 +3,4 @@ GRUB_DISTRIBUTOR="Fedora"
 GRUB_DEFAULT=saved
 GRUB_TERMINAL="serial console"
 GRUB_SERIAL_COMMAND="serial"
-GRUB_CMDLINE_LINUX="rd.md=0 rd.lvm=0 rd.dm=0 KEYTABLE=us rd.luks=0 SYSFONT=True LANG=en_US.UTF-8 net.ifnames=0 crashkernel=128M"
+GRUB_CMDLINE_LINUX="rd.md=0 rd.lvm=0 rd.dm=0 KEYTABLE=us rd.luks=0 SYSFONT=True LANG=en_US.UTF-8 crashkernel=128M"
diff --git a/server/fedora/config/etc/dirsrv/slapd-scripts/schema/98scripts-vhost.ldif b/server/fedora/config/etc/dirsrv/slapd-scripts/schema/98scripts-vhost.ldif
index 88e4e398..318b7ea0 100644
--- a/server/fedora/config/etc/dirsrv/slapd-scripts/schema/98scripts-vhost.ldif
+++ b/server/fedora/config/etc/dirsrv/slapd-scripts/schema/98scripts-vhost.ldif
@@ -26,5 +26,11 @@ attributeTypes: ( 1.2.840.113554.4.2.1.4 NAME 'scriptsVhostAccount' DESC 'User a
 attributeTypes: ( 1.2.840.113554.4.2.1.5 NAME 'scriptsVhostCertificate' DESC 'Certificate chain, as a space-separated list of base64 encoded DER' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
 attributeTypes: ( 1.2.840.113554.4.2.1.6 NAME 'scriptsVhostCertificateKeyFile' DESC 'Filename of certificate private key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
 attributeTypes: ( 1.2.840.113554.4.2.1.7 NAME 'scriptsMailboxCommand' DESC 'Command to use when delivering mail' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
-objectClasses: ( 1.2.840.113554.4.2.2.1 NAME 'scriptsVhost' DESC 'Configuration for a Scripts virtual host' SUP top AUXILIARY MUST ( scriptsVhostName $ scriptsVhostDirectory $ scriptsVhostAccount ) MAY ( scriptsVhostAlias $ scriptsVhostCertificate $ scriptsVhostCertificateKeyFile ) X-ORIGIN 'scripts.mit.edu' )
-objectClasses: ( 1.2.840.113554.4.2.2.2 NAME 'scriptsAccount' DESC 'Configuration for a Scripts account' SUP posixAccount AUXILIARY MAY ( scriptsMailboxCommand ) X-ORIGIN 'scripts.mit.edu' )
+attributeTypes: ( 1.2.840.113554.4.2.1.8 NAME 'scriptsBlockMailSubmit' DESC 'Block outgoing mail' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
+attributeTypes: ( 1.2.840.113554.4.2.1.9 NAME 'scriptsVhostPoolIPv4' DESC 'IP for load balancer pool' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
+attributeTypes: ( 1.2.840.113554.4.2.1.10 NAME 'scriptsVhostPoolDNSRecordType' DESC 'DNS record type for scriptsVhostPoolIPv4' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
+attributeTypes: ( 1.2.840.113554.4.2.1.11 NAME 'scriptsVhostPoolTTL' DESC 'TTL for DNS record' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
+attributeTypes: ( 1.2.840.113554.4.2.1.12 NAME 'scriptsVhostPoolUserSelectable' DESC 'Determines if user may select this pool' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'scripts.mit.edu' )
+objectClasses: ( 1.2.840.113554.4.2.2.1 NAME 'scriptsVhost' DESC 'Configuration for a Scripts virtual host' SUP top AUXILIARY MUST ( scriptsVhostName $ scriptsVhostDirectory $ scriptsVhostAccount ) MAY ( scriptsVhostAlias $ scriptsVhostCertificate $ scriptsVhostCertificateKeyFile $ scriptsVhostPoolIPv4 $ scriptsVhostPoolDNSRecordType $ scriptsVhostPoolTTL ) X-ORIGIN 'scripts.mit.edu' )
+objectClasses: ( 1.2.840.113554.4.2.2.2 NAME 'scriptsAccount' DESC 'Configuration for a Scripts account' SUP posixAccount AUXILIARY MAY ( scriptsMailboxCommand $ scriptsBlockMailSubmit $ ntUserComment ) X-ORIGIN 'scripts.mit.edu' )
+objectClasses: ( 1.2.840.113554.4.2.2.3 NAME 'scriptsVhostPool' DESC 'Configuration for Scripts Vhost Pool' SUP top AUXILIARY MUST ( scriptsVhostPoolIPv4 $ cn $ description $ scriptsVhostPoolUserSelectable ) X-ORIGIN 'scripts.mit.edu' )
diff --git a/server/fedora/config/etc/hosts b/server/fedora/config/etc/hosts
index ad732f2d..6d1d16d6 100644
--- a/server/fedora/config/etc/hosts
+++ b/server/fedora/config/etc/hosts
@@ -3,25 +3,26 @@
 127.0.0.1	localhost.localdomain localhost
 ::1		localhost.localdomain localhost
 
-18.181.0.43	scripts.mit.edu scripts
-18.181.0.46	scripts-vhosts.mit.edu scripts-vhosts
-18.181.0.50	scripts-cert.mit.edu scripts-cert
-18.181.0.52	sql.mit.edu sql
-18.181.0.229	scripts-test.mit.edu scripts-test
+18.4.60.52	sql.mit.edu sql
 
-18.181.0.57	better-mousetrap.mit.edu better-mousetrap scripts1.mit.edu scripts1
-18.181.0.53	old-faithful.mit.edu old-faithful scripts2.mit.edu scripts2
-18.181.0.167	bees-knees.mit.edu bees-knees sx-blade-4.mit.edu sx-blade-4 scripts3.mit.edu scripts3
-18.181.0.228	cats-whiskers.mit.edu cats-whiskers scripts4.mit.edu scripts4
-18.181.0.236	whole-enchilada.mit.edu whole-enchilada scripts5.mit.edu scripts5
-18.181.0.237	pancake-bunny.mit.edu pancake-bunny scripts6.mit.edu scripts6
-18.181.0.234	busy-beaver.mit.edu busy-beaver scripts7.mit.edu scripts7
-18.181.0.235	real-mccoy.mit.edu real-mccoy scripts8.mit.edu scripts8
-18.181.0.135	shining-armor.mit.edu shining-armor scripts9.mit.edu scripts9
-18.181.0.141	golden-egg.mit.edu golden-egg scripts10.mit.edu scripts10
-18.181.0.203	miracle-cure.mit.edu miracle-cure scripts11.mit.edu scripts11
-18.181.0.204	lucky-star.mit.edu lucky-star scripts12.mit.edu scripts12
-18.181.0.55	not-backward.mit.edu not-backward
+18.4.86.43	scripts.mit.edu scripts
+18.4.86.46	scripts-vhosts.mit.edu scripts-vhosts
+18.4.86.50	scripts-cert.mit.edu scripts-cert
+18.4.86.229	scripts-test.mit.edu scripts-test
+18.4.86.22	scripts-f20.mit.edu scripts-f20
+
+18.4.86.57	better-mousetrap.mit.edu better-mousetrap scripts1.mit.edu scripts1
+18.4.86.53	old-faithful.mit.edu old-faithful scripts2.mit.edu scripts2
+18.4.86.167	bees-knees.mit.edu bees-knees scripts3.mit.edu scripts3
+18.4.86.228	cats-whiskers.mit.edu cats-whiskers scripts4.mit.edu scripts4
+18.4.86.236	whole-enchilada.mit.edu whole-enchilada scripts5.mit.edu scripts5
+18.4.86.237	pancake-bunny.mit.edu pancake-bunny scripts6.mit.edu scripts6
+18.4.86.234	busy-beaver.mit.edu busy-beaver scripts7.mit.edu scripts7
+18.4.86.235	real-mccoy.mit.edu real-mccoy scripts8.mit.edu scripts8
+18.4.86.135	shining-armor.mit.edu shining-armor scripts9.mit.edu scripts9
+18.4.86.141	golden-egg.mit.edu golden-egg scripts10.mit.edu scripts10
+18.4.86.203	miracle-cure.mit.edu miracle-cure scripts11.mit.edu scripts11
+18.4.86.204	lucky-star.mit.edu lucky-star scripts12.mit.edu scripts12
 
 172.21.0.57	better-mousetrap.mit.edu
 172.21.0.53	old-faithful.mit.edu
@@ -35,4 +36,3 @@
 172.21.0.141	golden-egg.mit.edu
 172.21.0.203	miracle-cure.mit.edu
 172.21.0.204	lucky-star.mit.edu
-172.21.0.55	not-backward.mit.edu
diff --git a/server/fedora/config/etc/httpd/conf.d/scripts-special.conf b/server/fedora/config/etc/httpd/conf.d/scripts-special.conf
index d3d985c2..b5872ecc 100644
--- a/server/fedora/config/etc/httpd/conf.d/scripts-special.conf
+++ b/server/fedora/config/etc/httpd/conf.d/scripts-special.conf
@@ -53,5 +53,5 @@ ErrorDocument 403 /__scripts/forbidden.shtml
     ErrorDocument 403 /__scripts/disabled.html
 </Directory>
 
-# Generated from http://kb.mit.edu/confluence/x/F4DCAg, 2017-06-27
-SetEnvIf REMOTE_ADDR ^(10|18\.(\d\d?|1([0-2]\d|3[1-57-9]|4[0-369]|5[024-9]|6[135-9]|7[0-46-8]|8[013679]|9[02389])|2(29|3[089]|4[0-578]|5[0-245]))|128\.(3[01]|52))\. SCRIPTS_REMOTE_MITNET
+# Generated from https://whois.arin.net/rest/org/MIT-2/nets, 2019-08-09
+SetEnvIf REMOTE_ADDR ^(10|18\.(0\d?|1(0[012]?|1[0345]?|2[3457]?|[3-9])?|2\d?|3[0-48]?|4[02579]?|5[013-68]?|6[0-39]?|7[0124-9]?|8[0-35789]?|9[035]?)|128\.(3[01]|52))\. SCRIPTS_REMOTE_MITNET
diff --git a/server/fedora/config/etc/httpd/conf.d/scripts-vhost-names.conf b/server/fedora/config/etc/httpd/conf.d/scripts-vhost-names.conf
index 94884ac7..9114fab5 100644
--- a/server/fedora/config/etc/httpd/conf.d/scripts-vhost-names.conf
+++ b/server/fedora/config/etc/httpd/conf.d/scripts-vhost-names.conf
@@ -1,18 +1,20 @@
 ServerName scripts.mit.edu
 ServerAlias \
-    scripts 18.181.0.43 \
-    scripts-vhosts.mit.edu scripts-vhosts 18.181.0.46 \
-    scripts-test.mit.edu scripts-test 18.181.0.229 \
-    better-mousetrap.mit.edu better-mousetrap b-m.mit.edu b-m scripts1.mit.edu scripts1 18.181.0.57 \
-    old-faithful.mit.edu old-faithful o-f.mit.edu o-f scripts2.mit.edu scripts2 18.181.0.53 \
-    bees-knees.mit.edu bees-knees b-k.mit.edu b-k sx-blade-4.mit.edu sx-blade-4 scripts3.mit.edu scripts3 18.181.0.167 \
-    cats-whiskers.mit.edu cats-whiskers c-w.mit.edu c-w scripts4.mit.edu scripts4 18.181.0.228 \
-    whole-enchilada.mit.edu whole-enchilada w-e.mit.edu w-e scripts5.mit.edu scripts5 18.181.0.236 \
-    pancake-bunny.mit.edu pancake-bunny p-b.mit.edu p-b scripts6.mit.edu scripts6 18.181.0.237 \
-    busy-beaver.mit.edu busy-beaver b-b.mit.edu b-b scripts7.mit.edu scripts7 18.181.0.234 \
-    real-mccoy.mit.edu real-mccoy r-m.mit.edu r-m scripts8.mit.edu scripts8 18.181.0.235 \
-    shining-armor.mit.edu shining-armor s-a.mit.edu s-a scripts9.mit.edu scripts9 18.181.0.135 \
-    golden-egg.mit.edu golden-egg g-e.mit.edu g-e scripts10.mit.edu scripts10 18.181.0.141 \
-    miracle-cure.mit.edu miracle-cure m-c.mit.edu m-c scripts11.mit.edu scripts11 18.181.0.203 \
-    lucky-star.mit.edu lucky-star l-s.mit.edu l-s scripts12.mit.edu scripts12 18.181.0.204 \
+    scripts 18.4.86.43 \
+    scripts-vhosts.mit.edu scripts-vhosts 18.4.86.46 \
+    scripts-f20.mit.edu scripts-f20 18.4.86.22 \
+    scripts-f30.mit.edu scripts-f30 18.4.86.30 \
+    scripts-test.mit.edu scripts-test 18.4.86.229 \
+    better-mousetrap.mit.edu better-mousetrap b-m.mit.edu b-m scripts1.mit.edu scripts1 18.4.86.57 \
+    old-faithful.mit.edu old-faithful o-f.mit.edu o-f scripts2.mit.edu scripts2 18.4.86.53 \
+    bees-knees.mit.edu bees-knees b-k.mit.edu b-k scripts3.mit.edu scripts3 18.4.86.167 \
+    cats-whiskers.mit.edu cats-whiskers c-w.mit.edu c-w scripts4.mit.edu scripts4 18.4.86.228 \
+    whole-enchilada.mit.edu whole-enchilada w-e.mit.edu w-e scripts5.mit.edu scripts5 18.4.86.236 \
+    pancake-bunny.mit.edu pancake-bunny p-b.mit.edu p-b scripts6.mit.edu scripts6 18.4.86.237 \
+    busy-beaver.mit.edu busy-beaver b-b.mit.edu b-b scripts7.mit.edu scripts7 18.4.86.234 \
+    real-mccoy.mit.edu real-mccoy r-m.mit.edu r-m scripts8.mit.edu scripts8 18.4.86.235 \
+    shining-armor.mit.edu shining-armor s-a.mit.edu s-a scripts9.mit.edu scripts9 18.4.86.135 \
+    golden-egg.mit.edu golden-egg g-e.mit.edu g-e scripts10.mit.edu scripts10 18.4.86.141 \
+    miracle-cure.mit.edu miracle-cure m-c.mit.edu m-c scripts11.mit.edu scripts11 18.4.86.203 \
+    lucky-star.mit.edu lucky-star l-s.mit.edu l-s scripts12.mit.edu scripts12 18.4.86.204 \
     localhost 127.0.0.1 ::1
diff --git a/server/fedora/config/etc/httpd/conf/httpd.conf b/server/fedora/config/etc/httpd/conf/httpd.conf
index 00ecd641..2764ed6a 100644
--- a/server/fedora/config/etc/httpd/conf/httpd.conf
+++ b/server/fedora/config/etc/httpd/conf/httpd.conf
@@ -110,6 +110,13 @@ UserDir disabled
 <Directory />
     AllowOverride None
     Options FollowSymLinks IncludesNoExec
+
+    # Block some (self-identifying) bots, by giving them a 403.
+    # The proxy servers should catch these (/etc/haproxy/blacklist-agent.txt),
+    # but it can only look at HTTP traffic.  This was added primarily for HTTPS
+    # traffic.
+    Require expr %{HTTP_USER_AGENT} !~ /Bytespider|Bytedance|ClaudeBot/
+
     # The new syntax wasn't added until 2.4,
     # so there's simply no way any deployed sites
     # are already using the new syntax.
@@ -273,15 +280,9 @@ ProxyRequests Off
     ErrorDocument 404 "No favicon.ico.
 </Location>
 
-<VirtualHost 18.181.0.50:80>
-    ServerName scripts-cert.mit.edu
-    ServerAlias scripts-cert
-    Include conf.d/scripts-vhost.conf
-    Include conf.d/vhosts-common.conf
-</VirtualHost>
-
 # LDAP vhost, w00t w00t
 <VirtualHost *:80>
+    ServerName localhost
     Include conf.d/vhost_ldap.conf
     Include conf.d/vhosts-common.conf
 </VirtualHost>
@@ -292,6 +293,15 @@ ProxyRequests Off
     Include conf.d/vhosts-common.conf
 </VirtualHost>
 
+# scripts-cert.mit.edu; must be listed below the default vhost
+<VirtualHost 18.4.86.50:80 *:80>
+    ServerName scripts-cert.mit.edu
+    ServerAlias scripts-cert
+    ServerAlias 18.4.86.50
+    Include conf.d/scripts-vhost.conf
+    Include conf.d/vhosts-common.conf
+</VirtualHost>
+
 <IfModule ssl_module>
     Listen 443
     Listen 444
@@ -320,23 +330,14 @@ ProxyRequests Off
     SSLHonorCipherOrder on
     SSLCompression off
 
-    <VirtualHost 18.181.0.50:443 18.181.0.50:444>
-        ServerName scripts-cert.mit.edu
-        ServerAlias scripts-cert
-        Include conf.d/scripts-vhost.conf
-        Include conf.d/vhosts-common-ssl.conf
-        SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
-        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
-        Include conf.d/vhosts-common-ssl-cert.conf
-    </VirtualHost>
-    <VirtualHost 18.181.0.43:443>
+    <VirtualHost 18.4.86.43:443>
         Include conf.d/scripts-vhost-names.conf
         Include conf.d/scripts-vhost.conf
         Include conf.d/vhosts-common-ssl.conf
         SSLCertificateFile /etc/pki/tls/certs/scripts.pem
         SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
     </VirtualHost>
-    <VirtualHost 18.181.0.43:444>
+    <VirtualHost 18.4.86.43:444>
         Include conf.d/scripts-vhost-names.conf
         Include conf.d/scripts-vhost.conf
         Include conf.d/vhosts-common-ssl.conf
@@ -376,6 +377,17 @@ ProxyRequests Off
         Include conf.d/vhosts-common-ssl.conf
         Include conf.d/vhosts-common-ssl-cert.conf
     </VirtualHost>
+    # scripts-cert.mit.edu; must be listed below the default vhost
+    <VirtualHost 18.4.86.50:443 18.4.86.50:444 *:443 *:444>
+        ServerName scripts-cert.mit.edu
+        ServerAlias scripts-cert
+        ServerAlias 18.4.86.50
+        Include conf.d/scripts-vhost.conf
+        Include conf.d/vhosts-common-ssl.conf
+        SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
+        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
+        Include conf.d/vhosts-common-ssl-cert.conf
+    </VirtualHost>
     Include /var/lib/scripts-certs/vhosts.conf
 </IfModule>
 
@@ -387,7 +399,7 @@ AddHandler fcgid-script fcgi
 SocketPath /var/run/mod_fcgid
 SharememPath /var/run/mod_fcgid/fcgid_shm
 IPCCommTimeout 300
-FcgidMaxRequestLen 209715200
+FcgidMaxRequestLen 419430400
 FcgidIdleTimeout 600
 FcgidMaxProcessesPerClass 10
 FcgidMinProcessesPerClass 0
diff --git a/server/fedora/config/etc/httpd/export-scripts-certs b/server/fedora/config/etc/httpd/export-scripts-certs
index af577348..4002928e 100755
--- a/server/fedora/config/etc/httpd/export-scripts-certs
+++ b/server/fedora/config/etc/httpd/export-scripts-certs
@@ -4,6 +4,7 @@ import base64
 import errno
 import fcntl
 import hashlib
+import itertools
 import ldap
 import os
 import subprocess
@@ -87,8 +88,8 @@ def conf(vhost):
             cert_file.write(certs_pem)
         os.rename(cert_path + '.new', cert_path)
 
-    for port in 443, 444:
-        yield '<VirtualHost *:{}>\n'.format(port)
+    for ip, port in itertools.product(['*'], [443, 444]):
+        yield '<VirtualHost {}:{}>\n'.format(ip, port)
         yield '\tServerName {}\n'.format(name)
         if aliases:
             yield '\tServerAlias {}\n'.format(' '.join(aliases))
diff --git a/server/fedora/config/etc/httpd/scripts-special/hostname b/server/fedora/config/etc/httpd/scripts-special/hostname
new file mode 120000
index 00000000..48980ad5
--- /dev/null
+++ b/server/fedora/config/etc/httpd/scripts-special/hostname
@@ -0,0 +1 @@
+/etc/hostname
\ No newline at end of file
diff --git a/server/fedora/config/etc/httpd/scripts-special/server.shtml b/server/fedora/config/etc/httpd/scripts-special/server.shtml
new file mode 100644
index 00000000..3d1bba98
--- /dev/null
+++ b/server/fedora/config/etc/httpd/scripts-special/server.shtml
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="UTF-8" />
+    <title>scripts.mit.edu connection information</title>
+    <style>
+      html { background: #2050A0; }
+      body { margin: 1em auto; border: 1px solid black; background: #FFF; max-width: 60em; padding: 1em; font: 80% 'Lucida Grande', 'Lucida Sans Unicode', Verdana, sans-serif; }
+      summary { cursor: pointer; }
+      pre { white-space: pre-wrap; }
+    </style>
+  </head>
+  <body>
+    <p>Your connection to <!--#echo var="REQUEST_SCHEME" -->://<!--#echo var="HTTP_HOST" --> on <!--#echo var="SERVER_ADDR" -->:<!--#echo var="SERVER_PORT" --> is currently served by <strong><!--#include file="hostname" --></strong> (as of <!--#echo var="DATE_GMT" -->).</p>
+    <details>
+      <summary>Server variables</summary>
+      <pre>
+<!--#printenv --></pre>
+    </details>
+  </body>
+</html>
diff --git a/server/fedora/config/etc/httpd/scripts-special/unauthorized.html b/server/fedora/config/etc/httpd/scripts-special/unauthorized.html
index 87ccf372..ab7651ee 100644
--- a/server/fedora/config/etc/httpd/scripts-special/unauthorized.html
+++ b/server/fedora/config/etc/httpd/scripts-special/unauthorized.html
@@ -1,97 +1,12 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head>
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rel="stylesheet" href="//scripts.mit.edu/style.css" type="text/css" />
-<link rel="stylesheet" href="//scripts.mit.edu/server.css" type="text/css" />
-<title>scripts.mit.edu: 401 Authorization Required</title>
-</head>
-<body>
-<div id="farouter">
-    <div id="outer">
-            <div id="masthead">
-
-                <h1 id="header"><a rel="home" href="http://scripts.mit.edu/">scripts.mit.edu</a></h1>
-                <h2 id="tagline">MIT SIPB Script Services for Athena</h2>
-            </div>
-            <div id="hmenu">
-                <div id="hnav">
-                    <ul id="navlist">
-                        <li><a href="http://scripts.mit.edu/">home</a></li>
-
-    <li><a href="http://scripts.mit.edu/start/">quick-start</a></li>
-                        <li><a href="http://scripts.mit.edu/web/">web scripts</a></li>
-                        <li><a href="http://scripts.mit.edu/mysql/">mysql databases</a></li>
-                        <li><a href="http://scripts.mit.edu/mail/">mail scripts</a></li>
-                        <li><a href="http://scripts.mit.edu/cron/">cron</a></li>
-                        <li><a href="http://scripts.mit.edu/news/">blog</a></li>
-    <li><a href="http://scripts.mit.edu/faq/">faq</a></li>
-
-                    </ul>
-                </div>
-            </div>
-        <div id="rap">
-            <div id="main">
-                <div id="content">
-
-<h3 class="storytitle"><a>Authorization Required</a></h3>
-    <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p>
-<div class="feedback">
-</div>
-<div align="center"><img src="//scripts.mit.edu/images/1.gif" style="height:1px;width:400px" class="divider" alt="" /></div>
-
-
-
-<p>
-
-
-</p>
-
-
-
-                </div>
-                <div id="menu">
-
-                    <div id="nav">
-
-
-
-
-
-
-
-                        <h2>Contact</h2>
-                        <ul><li><a href="mailto:scripts@mit.edu">scripts@mit.edu</a></li>
-                        </ul>
-
-Feel free to contact us with any questions, comments, or suggestions.
-                        <h2>Search</h2>
-                        <ul>
-                            <li><form action="//scripts.mit.edu/" method="get"><p>Search<br /><input type="text" name="q" value="" size="15" /></p></form></li>
-                        </ul>
-                        <h2>Feeds</h2>
-                        <ul>
-                            <li><a href="http://scripts.mit.edu/rss/?section=special" title="RSS Feed">RSS</a></li> <li><a href="http://scripts.mit.edu/atom/?section=special" title="Atom Feed">Atom</a></li>
-
-                        </ul>
-
-<a class="nobutt" href="//scripts.mit.edu/faq/45/"><img src="//scripts.mit.edu/media/powered_by-trans.gif" alt="Powered by scripts" /></a>
-
-                    </div>
-                </div>
-		    <div id="clearer">&nbsp;</div>
-            </div>
-        </div>
-        <div id="foot">&nbsp;</div>
-
-<!--
-        <div id="footer">
-            <p class="credit">Originally "Blue Horizon" by <a href="http://kaushalsheth.com">Kaushal Sheth</a>. Mangled for scripts.mit.edu by <a href="/~presbrey/">Joe Presbrey</a><br />
-            </p>
-        </div>
--->
-    </div>
-</div>
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+<html><head>
+<title>401 Unauthorized</title>
+</head><body>
+<h1>Unauthorized</h1>
+<p>This server could not verify that you
+are authorized to access the document
+requested.  Either you supplied the wrong
+credentials (e.g., bad password), or your
+browser doesn't understand how to supply
+the credentials required.</p>
+</body></html>
diff --git a/server/fedora/config/etc/httpd/statistics_log_mitonly.sh b/server/fedora/config/etc/httpd/statistics_log_mitonly.sh
index 1f9a5e6a..8a03ce56 100755
--- a/server/fedora/config/etc/httpd/statistics_log_mitonly.sh
+++ b/server/fedora/config/etc/httpd/statistics_log_mitonly.sh
@@ -1,11 +1,11 @@
 #!/bin/sh
 perl -ne 'BEGIN { $| = 1 }
 next unless /^18\./;
-next if /^18\.181\./;
+next if /^18\.181\.|^18\.4\.86\./;
 chomp; split;
 if ($_[1] eq "scripts.mit.edu" && $_[2] =~ m|/(~[^/]+)/|) {
 print "$1\n";
 } else {
 print "$_[1]\n";
 }' >> /var/log/httpd/statistics_log
-#awk '/^18\./ && ! /^18.181/ { print $2; fflush() }' >> /var/log/httpd/statistics_log
+#awk '/^18\./ && ! /^18\.181\.|^18\.4\.86\./ { print $2; fflush() }' >> /var/log/httpd/statistics_log
diff --git a/server/fedora/config/etc/logwatch/conf/services/kernel.conf b/server/fedora/config/etc/logwatch/conf/services/kernel.conf
new file mode 100644
index 00000000..67028cc9
--- /dev/null
+++ b/server/fedora/config/etc/logwatch/conf/services/kernel.conf
@@ -0,0 +1,44 @@
+###########################################################################
+# $Id: kernel.conf 149 2013-06-18 22:18:12Z mtremaine $
+###########################################################################
+
+# You can put comments anywhere you want to.  They are effective for the
+# rest of the line.
+
+# this is in the format of <name> = <value>.  Whitespace at the beginning
+# and end of the lines is removed.  Whitespace before and after the = sign
+# is removed.  Everything is case *insensitive*.
+
+# Yes = True  = On  = 1
+# No  = False = Off = 0
+
+Title = "Kernel"
+
+# Which logfile group...
+LogFile = messages
+
+# Only give lines pertaining to the kernel service...
+*OnlyService = (kernel|SUNW,[-\w]+?)
+*RemoveHeaders
+
+# Remove kernel timestamp
+*RemoveHeaders = "^(: )?\[ *\d+\.\d+\]:? "
+
+# Ignore segfaults and general protection faults in the listed programs
+# The value is a regular expression that the executable name is matched
+# against.  Separate multiple executables with |
+# $ignore_faults = npviewer.bin
+
+# Ignore Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server
+# messages which often occur when kerberos tickets expire
+# $ignore_rpcsec_expired = Yes
+
+########################################################
+# This was written and is maintained by:
+#    Kirk Bauer <kirk@kaybee.org>
+#
+# Please send all comments, suggestions, bug reports,
+#    etc, to kirk@kaybee.org.
+########################################################
+
+# vi: shiftwidth=3 tabstop=3 et
diff --git a/server/fedora/config/etc/modules-load.d/iptables.conf b/server/fedora/config/etc/modules-load.d/iptables.conf
index 76183f1c..b8c5696f 100644
--- a/server/fedora/config/etc/modules-load.d/iptables.conf
+++ b/server/fedora/config/etc/modules-load.d/iptables.conf
@@ -5,3 +5,5 @@ ip6_tables
 ip6table_filter
 ip6t_REJECT
 nf_log_ipv6
+ipt_MARK
+ipt_dscp
diff --git a/server/fedora/config/etc/munin/munin-node.conf b/server/fedora/config/etc/munin/munin-node.conf
index ba29c40f..7d025cac 100644
--- a/server/fedora/config/etc/munin/munin-node.conf
+++ b/server/fedora/config/etc/munin/munin-node.conf
@@ -33,8 +33,7 @@ ignore_file \.pod$
 # the allow line as many times as you'd like
 
 allow ^127\.0\.0\.1$
-allow ^18\.187\.1\.128$
-allow ^18\.181\.0\.65$
+allow ^18\.4\.60\.65$
 
 # Which address to bind to;
 host *
diff --git a/server/fedora/config/etc/nagios/check_afs b/server/fedora/config/etc/nagios/check_afs
index dd6c8828..eb3cea73 100755
--- a/server/fedora/config/etc/nagios/check_afs
+++ b/server/fedora/config/etc/nagios/check_afs
@@ -16,7 +16,7 @@ STATUS=$?
 $ECHO "$CHECKS"
 
 if [ $STATUS -gt 0 ]; then
-    if $ECHO "$CHECKS" | grep -i STYX >/dev/null; then
+    if $ECHO "$CHECKS" | grep -i ARTEMIS >/dev/null; then
 	exit $STATE_CRITICAL;
     else
 	exit $STATE_WARNING;
diff --git a/server/fedora/config/etc/nagios/check_mail_dnsrbl b/server/fedora/config/etc/nagios/check_mail_dnsrbl
index 5c809880..b17ad9da 100755
--- a/server/fedora/config/etc/nagios/check_mail_dnsrbl
+++ b/server/fedora/config/etc/nagios/check_mail_dnsrbl
@@ -44,7 +44,6 @@ serverlist = [
     "0spam.fusionzero.com",
     "access.redhawk.org",
     "b.barracudacentral.org",
-    "bhnc.njabl.org",
     "bl.deadbeef.com",
     "bl.spamcannibal.org",
     "bl.spamcop.net",
@@ -65,7 +64,6 @@ serverlist = [
     "dnsbl.cyberlogic.net",
     "dnsbl.inps.de",
     "dnsbl.kempt.net",
-    "dnsbl.njabl.org",
     "dnsbl.solid.net",
     "dnsbl.sorbs.net",
     "drone.abuse.ch",
diff --git a/server/fedora/config/etc/nagios/nrpe.cfg b/server/fedora/config/etc/nagios/nrpe.cfg
index 3e2ede68..31edbc11 100644
--- a/server/fedora/config/etc/nagios/nrpe.cfg
+++ b/server/fedora/config/etc/nagios/nrpe.cfg
@@ -76,7 +76,7 @@ nrpe_group=nrpe
 #
 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd
 
-allowed_hosts=18.181.0.61,18.181.0.65,18.181.0.51
+allowed_hosts=18.4.60.61,18.4.60.65,18.4.60.51
  
 
 
diff --git a/server/fedora/config/etc/named.mit.zones b/server/fedora/config/etc/named.mit.zones
index 4d13cc9f..0b27a202 100644
--- a/server/fedora/config/etc/named.mit.zones
+++ b/server/fedora/config/etc/named.mit.zones
@@ -1,1190 +1,524 @@
 zone "mit.edu" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/mit.edu.stub";
 };
 
 zone "0.4.3.0.6.2.ip6.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/0.4.3.0.6.2.ip6.arpa.stub";
 };
 
 zone "10.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/10.in-addr.arpa.stub";
 };
 
 // List of *.18.in-addr.arpa zones generated from
-// http://kb.mit.edu/confluence/x/F4DCAg (2017-06-27)
+// https://whois.arin.net/rest/org/MIT-2/nets (2019-08-09)
 
 zone "0.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/0.18.in-addr.arpa.stub";
 };
 
 zone "1.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/1.18.in-addr.arpa.stub";
 };
 
 zone "2.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/2.18.in-addr.arpa.stub";
 };
 
 zone "3.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/3.18.in-addr.arpa.stub";
 };
 
 zone "4.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/4.18.in-addr.arpa.stub";
 };
 
 zone "5.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/5.18.in-addr.arpa.stub";
 };
 
 zone "6.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/6.18.in-addr.arpa.stub";
 };
 
 zone "7.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/7.18.in-addr.arpa.stub";
 };
 
 zone "8.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/8.18.in-addr.arpa.stub";
 };
 
 zone "9.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/9.18.in-addr.arpa.stub";
 };
 
 zone "10.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/10.18.in-addr.arpa.stub";
 };
 
 zone "11.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/11.18.in-addr.arpa.stub";
 };
 
 zone "12.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/12.18.in-addr.arpa.stub";
 };
 
 zone "13.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/13.18.in-addr.arpa.stub";
 };
 
 zone "14.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/14.18.in-addr.arpa.stub";
 };
 
 zone "15.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/15.18.in-addr.arpa.stub";
 };
 
 zone "16.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/16.18.in-addr.arpa.stub";
 };
 
 zone "17.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/17.18.in-addr.arpa.stub";
 };
 
 zone "18.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/18.18.in-addr.arpa.stub";
 };
 
 zone "19.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/19.18.in-addr.arpa.stub";
 };
 
 zone "20.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/20.18.in-addr.arpa.stub";
 };
 
 zone "21.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/21.18.in-addr.arpa.stub";
 };
 
 zone "22.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/22.18.in-addr.arpa.stub";
 };
 
 zone "23.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/23.18.in-addr.arpa.stub";
 };
 
 zone "24.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/24.18.in-addr.arpa.stub";
 };
 
 zone "25.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/25.18.in-addr.arpa.stub";
 };
 
 zone "26.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/26.18.in-addr.arpa.stub";
 };
 
 zone "27.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/27.18.in-addr.arpa.stub";
 };
 
 zone "28.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/28.18.in-addr.arpa.stub";
 };
 
 zone "29.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/29.18.in-addr.arpa.stub";
 };
 
 zone "30.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/30.18.in-addr.arpa.stub";
 };
 
 zone "31.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/31.18.in-addr.arpa.stub";
 };
 
 zone "32.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/32.18.in-addr.arpa.stub";
 };
 
 zone "33.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/33.18.in-addr.arpa.stub";
 };
 
 zone "34.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/34.18.in-addr.arpa.stub";
 };
 
-zone "35.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/35.18.in-addr.arpa.stub";
-};
-
-zone "36.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/36.18.in-addr.arpa.stub";
-};
-
-zone "37.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/37.18.in-addr.arpa.stub";
-};
-
 zone "38.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/38.18.in-addr.arpa.stub";
 };
 
-zone "39.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/39.18.in-addr.arpa.stub";
-};
-
 zone "40.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/40.18.in-addr.arpa.stub";
 };
 
-zone "41.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/41.18.in-addr.arpa.stub";
-};
-
 zone "42.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/42.18.in-addr.arpa.stub";
 };
 
-zone "43.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/43.18.in-addr.arpa.stub";
-};
-
-zone "44.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/44.18.in-addr.arpa.stub";
-};
-
 zone "45.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/45.18.in-addr.arpa.stub";
 };
 
-zone "46.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/46.18.in-addr.arpa.stub";
-};
-
 zone "47.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/47.18.in-addr.arpa.stub";
 };
 
-zone "48.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/48.18.in-addr.arpa.stub";
-};
-
 zone "49.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/49.18.in-addr.arpa.stub";
 };
 
 zone "50.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/50.18.in-addr.arpa.stub";
 };
 
 zone "51.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/51.18.in-addr.arpa.stub";
 };
 
-zone "52.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/52.18.in-addr.arpa.stub";
-};
-
 zone "53.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/53.18.in-addr.arpa.stub";
 };
 
 zone "54.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/54.18.in-addr.arpa.stub";
 };
 
 zone "55.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/55.18.in-addr.arpa.stub";
 };
 
 zone "56.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/56.18.in-addr.arpa.stub";
 };
 
-zone "57.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/57.18.in-addr.arpa.stub";
-};
-
 zone "58.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/58.18.in-addr.arpa.stub";
 };
 
-zone "59.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/59.18.in-addr.arpa.stub";
-};
-
 zone "60.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/60.18.in-addr.arpa.stub";
 };
 
 zone "61.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/61.18.in-addr.arpa.stub";
 };
 
 zone "62.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/62.18.in-addr.arpa.stub";
 };
 
 zone "63.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/63.18.in-addr.arpa.stub";
 };
 
-zone "64.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/64.18.in-addr.arpa.stub";
-};
-
-zone "65.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/65.18.in-addr.arpa.stub";
-};
-
-zone "66.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/66.18.in-addr.arpa.stub";
-};
-
-zone "67.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/67.18.in-addr.arpa.stub";
-};
-
-zone "68.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/68.18.in-addr.arpa.stub";
-};
-
 zone "69.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/69.18.in-addr.arpa.stub";
 };
 
 zone "70.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/70.18.in-addr.arpa.stub";
 };
 
 zone "71.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/71.18.in-addr.arpa.stub";
 };
 
 zone "72.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/72.18.in-addr.arpa.stub";
 };
 
-zone "73.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/73.18.in-addr.arpa.stub";
-};
-
 zone "74.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/74.18.in-addr.arpa.stub";
 };
 
 zone "75.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/75.18.in-addr.arpa.stub";
 };
 
 zone "76.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/76.18.in-addr.arpa.stub";
 };
 
 zone "77.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/77.18.in-addr.arpa.stub";
 };
 
 zone "78.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/78.18.in-addr.arpa.stub";
 };
 
 zone "79.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/79.18.in-addr.arpa.stub";
 };
 
 zone "80.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/80.18.in-addr.arpa.stub";
 };
 
 zone "81.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/81.18.in-addr.arpa.stub";
 };
 
 zone "82.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/82.18.in-addr.arpa.stub";
 };
 
 zone "83.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/83.18.in-addr.arpa.stub";
 };
 
-zone "84.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/84.18.in-addr.arpa.stub";
-};
-
 zone "85.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/85.18.in-addr.arpa.stub";
 };
 
-zone "86.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/86.18.in-addr.arpa.stub";
-};
-
 zone "87.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/87.18.in-addr.arpa.stub";
 };
 
 zone "88.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/88.18.in-addr.arpa.stub";
 };
 
 zone "89.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/89.18.in-addr.arpa.stub";
 };
 
 zone "90.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/90.18.in-addr.arpa.stub";
 };
 
-zone "91.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/91.18.in-addr.arpa.stub";
-};
-
-zone "92.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/92.18.in-addr.arpa.stub";
-};
-
 zone "93.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/93.18.in-addr.arpa.stub";
 };
 
-zone "94.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/94.18.in-addr.arpa.stub";
-};
-
 zone "95.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/95.18.in-addr.arpa.stub";
 };
 
-zone "96.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/96.18.in-addr.arpa.stub";
-};
-
-zone "97.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/97.18.in-addr.arpa.stub";
-};
-
-zone "98.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/98.18.in-addr.arpa.stub";
-};
-
-zone "99.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/99.18.in-addr.arpa.stub";
-};
-
 zone "100.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/100.18.in-addr.arpa.stub";
 };
 
 zone "101.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/101.18.in-addr.arpa.stub";
 };
 
 zone "102.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/102.18.in-addr.arpa.stub";
 };
 
-zone "103.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/103.18.in-addr.arpa.stub";
-};
-
-zone "104.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/104.18.in-addr.arpa.stub";
-};
-
-zone "105.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/105.18.in-addr.arpa.stub";
-};
-
-zone "106.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/106.18.in-addr.arpa.stub";
-};
-
-zone "107.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/107.18.in-addr.arpa.stub";
-};
-
-zone "108.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/108.18.in-addr.arpa.stub";
-};
-
-zone "109.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/109.18.in-addr.arpa.stub";
-};
-
 zone "110.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/110.18.in-addr.arpa.stub";
 };
 
-zone "111.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/111.18.in-addr.arpa.stub";
-};
-
-zone "112.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/112.18.in-addr.arpa.stub";
-};
-
 zone "113.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/113.18.in-addr.arpa.stub";
 };
 
 zone "114.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/114.18.in-addr.arpa.stub";
 };
 
 zone "115.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/115.18.in-addr.arpa.stub";
 };
 
-zone "116.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/116.18.in-addr.arpa.stub";
-};
-
-zone "117.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/117.18.in-addr.arpa.stub";
-};
-
-zone "118.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/118.18.in-addr.arpa.stub";
-};
-
-zone "119.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/119.18.in-addr.arpa.stub";
-};
-
-zone "120.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/120.18.in-addr.arpa.stub";
-};
-
-zone "121.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/121.18.in-addr.arpa.stub";
-};
-
-zone "122.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/122.18.in-addr.arpa.stub";
-};
-
 zone "123.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/123.18.in-addr.arpa.stub";
 };
 
 zone "124.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/124.18.in-addr.arpa.stub";
 };
 
 zone "125.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/125.18.in-addr.arpa.stub";
 };
 
-zone "126.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/126.18.in-addr.arpa.stub";
-};
-
 zone "127.18.in-addr.arpa" IN {
 	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
+	masters { 18.0.70.160; 18.0.71.151; 18.0.72.3; };
 	file "slaves/127.18.in-addr.arpa.stub";
 };
-
-zone "128.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/128.18.in-addr.arpa.stub";
-};
-
-zone "129.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/129.18.in-addr.arpa.stub";
-};
-
-zone "131.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/131.18.in-addr.arpa.stub";
-};
-
-zone "132.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/132.18.in-addr.arpa.stub";
-};
-
-zone "133.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/133.18.in-addr.arpa.stub";
-};
-
-zone "134.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/134.18.in-addr.arpa.stub";
-};
-
-zone "135.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/135.18.in-addr.arpa.stub";
-};
-
-zone "137.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/137.18.in-addr.arpa.stub";
-};
-
-zone "138.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/138.18.in-addr.arpa.stub";
-};
-
-zone "139.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/139.18.in-addr.arpa.stub";
-};
-
-zone "140.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/140.18.in-addr.arpa.stub";
-};
-
-zone "141.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/141.18.in-addr.arpa.stub";
-};
-
-zone "142.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/142.18.in-addr.arpa.stub";
-};
-
-zone "143.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/143.18.in-addr.arpa.stub";
-};
-
-zone "146.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/146.18.in-addr.arpa.stub";
-};
-
-zone "149.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/149.18.in-addr.arpa.stub";
-};
-
-zone "150.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/150.18.in-addr.arpa.stub";
-};
-
-zone "152.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/152.18.in-addr.arpa.stub";
-};
-
-zone "154.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/154.18.in-addr.arpa.stub";
-};
-
-zone "155.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/155.18.in-addr.arpa.stub";
-};
-
-zone "156.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/156.18.in-addr.arpa.stub";
-};
-
-zone "157.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/157.18.in-addr.arpa.stub";
-};
-
-zone "158.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/158.18.in-addr.arpa.stub";
-};
-
-zone "159.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/159.18.in-addr.arpa.stub";
-};
-
-zone "161.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/161.18.in-addr.arpa.stub";
-};
-
-zone "163.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/163.18.in-addr.arpa.stub";
-};
-
-zone "165.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/165.18.in-addr.arpa.stub";
-};
-
-zone "166.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/166.18.in-addr.arpa.stub";
-};
-
-zone "167.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/167.18.in-addr.arpa.stub";
-};
-
-zone "168.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/168.18.in-addr.arpa.stub";
-};
-
-zone "169.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/169.18.in-addr.arpa.stub";
-};
-
-zone "170.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/170.18.in-addr.arpa.stub";
-};
-
-zone "171.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/171.18.in-addr.arpa.stub";
-};
-
-zone "172.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/172.18.in-addr.arpa.stub";
-};
-
-zone "173.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/173.18.in-addr.arpa.stub";
-};
-
-zone "174.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/174.18.in-addr.arpa.stub";
-};
-
-zone "176.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/176.18.in-addr.arpa.stub";
-};
-
-zone "177.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/177.18.in-addr.arpa.stub";
-};
-
-zone "178.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/178.18.in-addr.arpa.stub";
-};
-
-zone "180.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/180.18.in-addr.arpa.stub";
-};
-
-zone "181.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/181.18.in-addr.arpa.stub";
-};
-
-zone "183.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/183.18.in-addr.arpa.stub";
-};
-
-zone "186.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/186.18.in-addr.arpa.stub";
-};
-
-zone "187.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/187.18.in-addr.arpa.stub";
-};
-
-zone "189.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/189.18.in-addr.arpa.stub";
-};
-
-zone "190.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/190.18.in-addr.arpa.stub";
-};
-
-zone "192.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/192.18.in-addr.arpa.stub";
-};
-
-zone "193.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/193.18.in-addr.arpa.stub";
-};
-
-zone "198.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/198.18.in-addr.arpa.stub";
-};
-
-zone "199.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/199.18.in-addr.arpa.stub";
-};
-
-zone "229.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/229.18.in-addr.arpa.stub";
-};
-
-zone "230.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/230.18.in-addr.arpa.stub";
-};
-
-zone "238.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/238.18.in-addr.arpa.stub";
-};
-
-zone "239.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/239.18.in-addr.arpa.stub";
-};
-
-zone "240.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/240.18.in-addr.arpa.stub";
-};
-
-zone "241.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/241.18.in-addr.arpa.stub";
-};
-
-zone "242.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/242.18.in-addr.arpa.stub";
-};
-
-zone "243.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/243.18.in-addr.arpa.stub";
-};
-
-zone "244.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/244.18.in-addr.arpa.stub";
-};
-
-zone "245.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/245.18.in-addr.arpa.stub";
-};
-
-zone "247.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/247.18.in-addr.arpa.stub";
-};
-
-zone "248.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/248.18.in-addr.arpa.stub";
-};
-
-zone "250.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/250.18.in-addr.arpa.stub";
-};
-
-zone "251.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/251.18.in-addr.arpa.stub";
-};
-
-zone "252.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/252.18.in-addr.arpa.stub";
-};
-
-zone "254.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/254.18.in-addr.arpa.stub";
-};
-
-zone "255.18.in-addr.arpa" IN {
-	type stub;
-	masters { 18.70.0.160; 18.71.0.151; 18.72.0.3; };
-	file "slaves/255.18.in-addr.arpa.stub";
-};
diff --git a/server/fedora/config/etc/openafs/NetRestrict b/server/fedora/config/etc/openafs/NetRestrict
index 308ae359..dd464417 100644
--- a/server/fedora/config/etc/openafs/NetRestrict
+++ b/server/fedora/config/etc/openafs/NetRestrict
@@ -1,7 +1,8 @@
-18.181.0.46
-18.181.0.50
-18.181.0.49
-18.181.0.43
+18.4.86.46
+18.4.86.50
+18.4.86.43
+18.4.86.29
+18.4.86.22
 172.21.0.57
 172.21.0.53
 172.21.0.167
@@ -10,3 +11,7 @@
 172.21.0.237
 172.21.0.234
 172.21.0.235
+172.21.0.135
+172.21.0.141
+172.21.0.203
+172.21.0.204
diff --git a/server/fedora/config/etc/pki/tls/certs/check.pl b/server/fedora/config/etc/pki/tls/certs/check.pl
index 363b06a7..29dc57b8 100755
--- a/server/fedora/config/etc/pki/tls/certs/check.pl
+++ b/server/fedora/config/etc/pki/tls/certs/check.pl
@@ -18,6 +18,7 @@
 
 use constant WARNING => 60*60*24*14; # Warn if a cert is expiring within 14 days
 
+my @expired;
 foreach my $cert (glob("*.pem"), glob("/var/lib/scripts-certs/*.pem")) {
   open(CERT, "<", $cert);
   my $ins = do {local $/; <CERT>};
@@ -40,10 +41,16 @@
     my $time = str2time($exp);
 
     if ($verbose || ($time - $now) <= WARNING) {
-      printf "Certificate expiring in %.2f days: %s for ", (($time - $now) / (60.0*60*24)), $cert;
-      open(IN, '|-', qw(openssl x509 -subject -noout));
-      print IN $in;
-      close(IN);
+      push @expired, [$time - $now, $cert, $in];
     }
   }
 }
+
+@expired = reverse sort {$a->[0] <=> $b->[0]} @expired;
+foreach my $expired_cert (@expired) {
+  my ($age, $cert, $in) = @$expired_cert;
+  printf "Certificate expiring in %.2f days: %s for ", ($age / (60.0*60*24)), $cert;
+  open(IN, '|-', qw(openssl x509 -subject -noout));
+  print IN $in;
+  close(IN);
+}
diff --git a/server/fedora/config/etc/pki/tls/certs/req-scripts-infra-certs.sh b/server/fedora/config/etc/pki/tls/certs/req-scripts-infra-certs.sh
new file mode 100644
index 00000000..e7a1f056
--- /dev/null
+++ b/server/fedora/config/etc/pki/tls/certs/req-scripts-infra-certs.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -euf
+set -x
+
+while read HOST FILE; do
+    yes "" | openssl req -key /etc/pki/tls/private/scripts-2048.key -new -sha256 -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[req_distinguished_name]\ncommonName_default=$HOST\n[SAN]\nsubjectAltName=DNS:$HOST\n")) -out $FILE.csr
+done <<EOF
+scripts.mit.edu          scripts
+scripts-cert.mit.edu     scripts-cert
+*.scripts.mit.edu        star.scripts
+EOF
diff --git a/server/fedora/config/etc/pki/tls/certs/scripts-cert.pem b/server/fedora/config/etc/pki/tls/certs/scripts-cert.pem
index 619cf235..8e79cee4 100644
--- a/server/fedora/config/etc/pki/tls/certs/scripts-cert.pem
+++ b/server/fedora/config/etc/pki/tls/certs/scripts-cert.pem
@@ -1,99 +1,107 @@
 -----BEGIN CERTIFICATE-----
-MIIFrjCCBJagAwIBAgIRAJXnIJdmkRa2S6lxzTTbNucwDQYJKoZIhvcNAQELBQAw
-djELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3Ix
-EjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5Db21tb24xHzAdBgNVBAMT
-FkluQ29tbW9uIFJTQSBTZXJ2ZXIgQ0EwHhcNMTcxMDA2MDAwMDAwWhcNMjAxMDA1
-MjM1OTU5WjCB4jELMAkGA1UEBhMCVVMxDjAMBgNVBBETBTAyMTM5MRYwFAYDVQQI
-Ew1NYXNzYWNodXNldHRzMRIwEAYDVQQHEwlDYW1icmlkZ2UxHTAbBgNVBAkTFDc3
-IE1hc3NhY2h1c2V0dHMgQXZlMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3Rp
-dHV0ZSBvZiBUZWNobm9sb2d5MSkwJwYDVQQLDCBJbmZvcm1hdGlvbiBTeXN0ZW1z
-ICYgVGVjaG5vbG9neTEdMBsGA1UEAxMUc2NyaXB0cy1jZXJ0Lm1pdC5lZHUwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEmjwcPrd6LWamQ0ZBW/fBdcat
-BSIM43UWGwnqJiIIWbGY4o28Wyw+VDjy4gEkE0KouHwSSaeZ5xIjmQM+UMbL+ura
-VkLs6tJ9yw3NM/19ceLmS9ig5Lpe5W4t//IOCWntP/upysw9dfgoENxogucQf1jw
-t6DxQFV/bEaBIX497rahNHsFfz6D1NRSnql3Jx3CvokLAlpEqeiTKzYKSxjI6VV0
-5kHJXRlUdmNULi47CfvYZ8skR2eLvBhnvq2BZdbZzWXePT3AvjsF8G0Ordb1JOR7
-kdLZJG9aH9Ta0MsjM76bMFHWauST6CzxcYL3X2MVdDMGoM2uZSau1PpitIAfAgMB
-AAGjggHIMIIBxDAfBgNVHSMEGDAWgBQeBaN3j2yW4luHS6a0hqxxAAznODAdBgNV
-HQ4EFgQU+6gmNOIMhks3Q8zr8o3tqTIHDWQwDgYDVR0PAQH/BAQDAgWgMAwGA1Ud
-EwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGcGA1UdIARg
-MF4wUgYMKwYBBAGuIwEEAwEBMEIwQAYIKwYBBQUHAgEWNGh0dHBzOi8vd3d3Lmlu
-Y29tbW9uLm9yZy9jZXJ0L3JlcG9zaXRvcnkvY3BzX3NzbC5wZGYwCAYGZ4EMAQIC
-MEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwuaW5jb21tb24tcnNhLm9yZy9J
-bkNvbW1vblJTQVNlcnZlckNBLmNybDB1BggrBgEFBQcBAQRpMGcwPgYIKwYBBQUH
-MAKGMmh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9JbkNvbW1vblJTQVNlcnZlckNB
-XzIuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMB8G
-A1UdEQQYMBaCFHNjcmlwdHMtY2VydC5taXQuZWR1MA0GCSqGSIb3DQEBCwUAA4IB
-AQBWmcsNXk6HkzmdziAilLJpnsMUwSJ+gysG61e9COVraXZahcqfLbkpa8TXz0ew
-sjCWaGxbl42Xow2bttQeAoAQajFdk157SU17ykmSy+/QEj8O9BGQG5yebtXXm+T/
-ZPMaYlXs9sWzvXu8d8cjZAyU/YA0fghHhF26x+/yWrFKfm/HLogfI4TERk4614cI
-TJjiNr7TvwRXaHDR6lkGpiueU08SvViRSsGwjp1W/m2ycAbgx1ptofGgtpDbzAsw
-P9J1BqWNvNnBbWUD27RuGuntZdyMzdj58d6aTBvzaDH3rHRq9IiTygQQSmEk4E2Y
-IUYcBNzw295YzcXyzoSMHbUI
+MIIG6TCCBVGgAwIBAgIQTQ9yBROoRXob2XUsxRVXPTANBgkqhkiG9w0BAQsFADBE
+MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMSEwHwYDVQQDExhJbkNv
+bW1vbiBSU0EgU2VydmVyIENBIDIwHhcNMjUwODE4MDAwMDAwWhcNMjYwOTE4MjM1
+OTU5WjB0MQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEuMCwG
+A1UEChMlTWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neTEdMBsG
+A1UEAxMUc2NyaXB0cy1jZXJ0Lm1pdC5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDEmjwcPrd6LWamQ0ZBW/fBdcatBSIM43UWGwnqJiIIWbGY4o28
+Wyw+VDjy4gEkE0KouHwSSaeZ5xIjmQM+UMbL+uraVkLs6tJ9yw3NM/19ceLmS9ig
+5Lpe5W4t//IOCWntP/upysw9dfgoENxogucQf1jwt6DxQFV/bEaBIX497rahNHsF
+fz6D1NRSnql3Jx3CvokLAlpEqeiTKzYKSxjI6VV05kHJXRlUdmNULi47CfvYZ8sk
+R2eLvBhnvq2BZdbZzWXePT3AvjsF8G0Ordb1JOR7kdLZJG9aH9Ta0MsjM76bMFHW
+auST6CzxcYL3X2MVdDMGoM2uZSau1PpitIAfAgMBAAGjggMlMIIDITAfBgNVHSME
+GDAWgBTvTACSpvt2Ll6V4slfhxsZ1U3i2TAdBgNVHQ4EFgQU+6gmNOIMhks3Q8zr
+8o3tqTIHDWQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYw
+FAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAmcw
+JTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIC
+MEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9jcmwuc2VjdGlnby5jb20vSW5Db21t
+b25SU0FTZXJ2ZXJDQTIuY3JsMHAGCCsGAQUFBwEBBGQwYjA7BggrBgEFBQcwAoYv
+aHR0cDovL2NydC5zZWN0aWdvLmNvbS9JbkNvbW1vblJTQVNlcnZlckNBMi5jcnQw
+IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMB8GA1UdEQQYMBaC
+FHNjcmlwdHMtY2VydC5taXQuZWR1MIIBgAYKKwYBBAHWeQIEAgSCAXAEggFsAWoA
+dwDYCVU7lE96/8gWGW+UT4WrsPj8XodVJg8V0S5yu0VLFAAAAZi9q8XTAAAEAwBI
+MEYCIQCIUujqXuKn0/RwXyHTpcLmbGpo0qHXVpXvzxjuLHZIpQIhAIon6iakNmt+
+LROvscXzuk4BlN1f1jWzJEW0zTGRw+bfAHYArKswcGzr7IQx9BPS9JFfER5CJEOx
+8qaMTzwrO6ceAsMAAAGYvavFkQAABAMARzBFAiAcYCj382gqlYdqB1Stp5SSxLkV
+Z2zFFYjwpAsZkbT1wQIhAKnkilMf8ydzVAvLZiMJaVmkirVBT/wMdC2s5HDARFIx
+AHcA1219ENGn9XfCx+lf1wC/+YLJM1pl4dCzAXMXwMjFaXcAAAGYvavFVgAABAMA
+SDBGAiEAuf2pCLYtWczlinZAbhV9khZiaWPW1vBdr32797OmcbkCIQCutWRg1TGG
+LYPwSVwb1k6R0eF0vXxVHpaR2bW3btN73TANBgkqhkiG9w0BAQsFAAOCAYEAIHYL
+VeADJWHBPFJoy5i4QULOasNfqtqssWzcQ2b7Mq7RMN/HbaKiXj7Af7skVO90NE9l
+0d4oCrbj0foMXdriCH20HPQmnrFXxOlsHMVRL7YKv0qv3fSm4ziRxx3uKdlO3zxM
+HP9F1V/izXb0tEv7pNof1d56wR4TksI2Lib+EKz4y7LBnpknVd9Hsgk0bsxFO3UA
+OrzQ+nwA6enlSZYLjvw4YlKyRm3NPa0si3zQchX4mv5XrAhQOzsBOEWICVOp2cPs
+ZmurkMpx8O3Nw6A7TATj7IEfvLc8HTlN1hUKzAVjOlsporBHbCLqSeYrL7j3Wr43
+Y8g+IQabp7QM+ZudsXu5LA+MjsNgV1tvhmxv/ER8R7FOmjuwZiwsAA+uBJwrArMQ
+r1l2t9QmzkhBX66d2dRCa9mwPkGALCPBHMwOKZ8tQlcBMt8d4gH1lChS9C7ta2Ui
+HtB+wURbflVQGTRrAdTqbK62nXEV+NUujS6lwr17PjwLAp7HaknQzv/OUpyY
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB
-iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
-cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
-BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx
-MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE
-CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw
-DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD
-QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e
-xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v
-HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP
-iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl
-qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT
-eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML
-fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL
-MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw
-EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB
-hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh
-dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo
-dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j
-cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
-hvcNAQEMBQADggIBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU
-11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZQPwZsHURKsISNrqOcooGTie3jVgU0W+0
-+Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74fzYefbZ/VS29fR
-5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72
-hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo
-RCASN18JyfsD5PVldJbtyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED
-Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3PvzdhssvbORDwBZByogQ9xL2LUZFI/i
-eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJnvujbXEnGa
-nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b
-oJ8ifsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH
-OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
-MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
-ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
-eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
+MIIGSjCCBDKgAwIBAgIRAINbdhUgbS1uCX4LbkCf78AwDQYJKoZIhvcNAQEMBQAw
 gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
 ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
-VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
-BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
-UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
-tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
-jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
-8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
-AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
-Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
-N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
-qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
-HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
-+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
-HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
-A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
-BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
-HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
-dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
-dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
-lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
-RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
-YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
-Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
-Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
-0fKtirOMxyHNwu8=
+VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIy
+MTExNjAwMDAwMFoXDTMyMTExNTIzNTk1OVowRDELMAkGA1UEBhMCVVMxEjAQBgNV
+BAoTCUludGVybmV0MjEhMB8GA1UEAxMYSW5Db21tb24gUlNBIFNlcnZlciBDQSAy
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAifBcxDi60DRXr5dVoPQi
+Q/w+GBE62216UiEGMdbUt7eSiIaFj/iZ/xiFop0rWuH4BCFJ3kSvQF+aIhEsOnuX
+R6mViSpUx53HM5ApIzFIVbd4GqY6tgwaPzu/XRI/4Dmz+hoLW/i/zD19iXvS95qf
+NU8qP7/3/USf2/VNSUNmuMKlaRgwkouue0usidYK7V8W3ze+rTFvWR2JtWKNTInc
+NyWD3GhVy/7G09PwTAu7h0qqRyTkETLf+z7FWtc8c12f+SfvmKHKFVqKpNPtgMkr
+wqwaOgOOD4Q00AihVT+UzJ6MmhNPGg+/Xf0BavmXKCGDTv5uzQeOdD35o/Zw16V4
+C4J4toj1WLY7hkVhrzKG+UWJiSn8Hv3dUTj4dkneJBNQrUfcIfTHV3gCtKwXn1eX
+mrxhH+tWu9RVwsDegRG0s28OMdVeOwljZvYrUjRomutNO5GzynveVxJVCn3Cbn7a
+c4L+5vwPNgs04DdOAGzNYdG5t6ryyYPosSLH2B8qDNzxAgMBAAGjggFwMIIBbDAf
+BgNVHSMEGDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQU70wAkqb7
+di5eleLJX4cbGdVN4tkwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCIGA1UdIAQbMBkwDQYL
+KwYBBAGyMQECAmcwCAYGZ4EMAQICMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9j
+cmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9y
+aXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcnQu
+dXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBQUFDQS5jcnQwJQYIKwYBBQUHMAGG
+GWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggIBACaA
+DTTkHq4ivq8+puKE+ca3JbH32y+odcJqgqzDts5bgsapBswRYypjmXLel11Q2U6w
+rySldlIjBRDZ8Ah8NOs85A6MKJQLaU9qHzRyG6w2UQTzRwx2seY30Mks3ZdIe9rj
+s5rEYliIOh9Dwy8wUTJxXzmYf/A1Gkp4JJp0xIhCVR1gCSOX5JW6185kwid242bs
+Lm0vCQBAA/rQgxvLpItZhC9US/r33lgtX/cYFzB4jGOd+Xs2sEAUlGyu8grLohYh
+kgWN6hqyoFdOpmrl8yu7CSGV7gmVQf9viwVBDIKm+2zLDo/nhRkk8xA0Bb1BqPzy
+bPESSVh4y5rZ5bzB4Lo2YN061HV9+HDnnIDBffNIicACdv4JGyGfpbS6xsi3UCN1
+5ypaG43PJqQ0UnBQDuR60io1ApeSNkYhkaHQ9Tk/0C4A+EM3MW/KFuU53eHLVlX9
+ss1iG2AJfVktaZ2l/SbY7py8JUYMkL/jqZBRjNkD6srsmpJ6utUMmAlt7m1+cTX8
+6/VEBc5Dp9VfuD6hNbNKDSg7YxyEVaBqBEtN5dppj4xSiCrs6LxLHnNo3rG8VJRf
+NVQdgFbMb7dOIBokklzfmU69lS0kgyz2mZMJmW2G/hhEdddJWHh3FcLi2MaeYiOV
+RFrLHtJvXEdf2aEaZ0LOb2Xo3zO6BJvjXldv2woN
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
+MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
+VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
+AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
+MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
+MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
+ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
+s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
+vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
+Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
+IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
+tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
+xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
+icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
+D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
+WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
+5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
+KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
+EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
+ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
+BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
+L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
+BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
+A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
+rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
+/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
+CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
+zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
+vGp4z7h/jnZymQyd/teRCBaho1+V
 -----END CERTIFICATE-----
diff --git a/server/fedora/config/etc/pki/tls/certs/scripts.pem b/server/fedora/config/etc/pki/tls/certs/scripts.pem
index 1daeb107..8e2769c6 100644
--- a/server/fedora/config/etc/pki/tls/certs/scripts.pem
+++ b/server/fedora/config/etc/pki/tls/certs/scripts.pem
@@ -1,99 +1,107 @@
 -----BEGIN CERTIFICATE-----
-MIIFozCCBIugAwIBAgIQSX1zBsEKwqwAwpl2eUXc7TANBgkqhkiG9w0BAQsFADB2
-MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES
-MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW
-SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0xNzEwMDUwMDAwMDBaFw0yMDEwMDQy
-MzU5NTlaMIHdMQswCQYDVQQGEwJVUzEOMAwGA1UEERMFMDIxMzkxFjAUBgNVBAgT
-DU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcTCUNhbWJyaWRnZTEdMBsGA1UECRMUNzcg
-TWFzc2FjaHVzZXR0cyBBdmUxLjAsBgNVBAoTJU1hc3NhY2h1c2V0dHMgSW5zdGl0
-dXRlIG9mIFRlY2hub2xvZ3kxKTAnBgNVBAsMIEluZm9ybWF0aW9uIFN5c3RlbXMg
-JiBUZWNobm9sb2d5MRgwFgYDVQQDEw9zY3JpcHRzLm1pdC5lZHUwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEmjwcPrd6LWamQ0ZBW/fBdcatBSIM43UW
-GwnqJiIIWbGY4o28Wyw+VDjy4gEkE0KouHwSSaeZ5xIjmQM+UMbL+uraVkLs6tJ9
-yw3NM/19ceLmS9ig5Lpe5W4t//IOCWntP/upysw9dfgoENxogucQf1jwt6DxQFV/
-bEaBIX497rahNHsFfz6D1NRSnql3Jx3CvokLAlpEqeiTKzYKSxjI6VV05kHJXRlU
-dmNULi47CfvYZ8skR2eLvBhnvq2BZdbZzWXePT3AvjsF8G0Ordb1JOR7kdLZJG9a
-H9Ta0MsjM76bMFHWauST6CzxcYL3X2MVdDMGoM2uZSau1PpitIAfAgMBAAGjggHD
-MIIBvzAfBgNVHSMEGDAWgBQeBaN3j2yW4luHS6a0hqxxAAznODAdBgNVHQ4EFgQU
-+6gmNOIMhks3Q8zr8o3tqTIHDWQwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC
-MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGcGA1UdIARgMF4wUgYM
-KwYBBAGuIwEEAwEBMEIwQAYIKwYBBQUHAgEWNGh0dHBzOi8vd3d3LmluY29tbW9u
-Lm9yZy9jZXJ0L3JlcG9zaXRvcnkvY3BzX3NzbC5wZGYwCAYGZ4EMAQICMEQGA1Ud
-HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwuaW5jb21tb24tcnNhLm9yZy9JbkNvbW1v
-blJTQVNlcnZlckNBLmNybDB1BggrBgEFBQcBAQRpMGcwPgYIKwYBBQUHMAKGMmh0
-dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9JbkNvbW1vblJTQVNlcnZlckNBXzIuY3J0
-MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMBoGA1UdEQQT
-MBGCD3NjcmlwdHMubWl0LmVkdTANBgkqhkiG9w0BAQsFAAOCAQEAZsb1PNl/QrYU
-P/E6LmGpViz+t41wat8sJJIczKQwqx5vxWJJ3Z7BhDw0C7pXmNcz4EUefyRoCGxC
-gl+FztD4L9GjsTU4EMHtak655hzW8I5dBVVuXrbOZlit+6WHGotd8etSbYeGHUM9
-pHw/bVqfwsog/QQTwViayKlDx0xWsomTwDJkurFvKDwi9fMiSSqJt4XktY40j2gD
-nJx350NZF6EbpIakhXxX1hjGYZ5Mz14PNwWeHxIsdDtnL06dEkLKOfvozpR9Vvsw
-qt6mwW/F4M5+1evm4vJN/btgxUoh/6oSgWDNorWDgA22e6wIbSkIqekkX6ouDQGL
-yHVj/3Ztfw==
+MIIG3jCCBUagAwIBAgIQJyQdLfa79k+DLilfEkimyDANBgkqhkiG9w0BAQsFADBE
+MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMSEwHwYDVQQDExhJbkNv
+bW1vbiBSU0EgU2VydmVyIENBIDIwHhcNMjUwODE4MDAwMDAwWhcNMjYwOTE4MjM1
+OTU5WjBvMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czEuMCwG
+A1UEChMlTWFzc2FjaHVzZXR0cyBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neTEYMBYG
+A1UEAxMPc2NyaXB0cy5taXQuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAxJo8HD63ei1mpkNGQVv3wXXGrQUiDON1FhsJ6iYiCFmxmOKNvFssPlQ4
+8uIBJBNCqLh8EkmnmecSI5kDPlDGy/rq2lZC7OrSfcsNzTP9fXHi5kvYoOS6XuVu
+Lf/yDglp7T/7qcrMPXX4KBDcaILnEH9Y8Leg8UBVf2xGgSF+Pe62oTR7BX8+g9TU
+Up6pdycdwr6JCwJaRKnokys2CksYyOlVdOZByV0ZVHZjVC4uOwn72GfLJEdni7wY
+Z76tgWXW2c1l3j09wL47BfBtDq3W9STke5HS2SRvWh/U2tDLIzO+mzBR1mrkk+gs
+8XGC919jFXQzBqDNrmUmrtT6YrSAHwIDAQABo4IDHzCCAxswHwYDVR0jBBgwFoAU
+70wAkqb7di5eleLJX4cbGdVN4tkwHQYDVR0OBBYEFPuoJjTiDIZLN0PM6/KN7aky
+Bw1kMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgJnMCUwIwYI
+KwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECAjBABgNV
+HR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnNlY3RpZ28uY29tL0luQ29tbW9uUlNB
+U2VydmVyQ0EyLmNybDBwBggrBgEFBQcBAQRkMGIwOwYIKwYBBQUHMAKGL2h0dHA6
+Ly9jcnQuc2VjdGlnby5jb20vSW5Db21tb25SU0FTZXJ2ZXJDQTIuY3J0MCMGCCsG
+AQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAaBgNVHREEEzARgg9zY3Jp
+cHRzLm1pdC5lZHUwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2ANgJVTuUT3r/
+yBYZb5RPhauw+Pxeh1UmDxXRLnK7RUsUAAABmL2rUgEAAAQDAEcwRQIgEDOitqjN
+GiDPOsTAuQw6EmOjUXtvUW1fgRi6x6EBkwkCIQDqNPRvhUF31aDicDoOHoV3+Aqi
+zTkBzEGJUiH8gp7IGwB2AKyrMHBs6+yEMfQT0vSRXxEeQiRDsfKmjE88KzunHgLD
+AAABmL2rUeYAAAQDAEcwRQIgYiO+VAq8l8trksdp4TFHrg/WvPE6qh014m0Xu2PJ
+vs4CIQCuancsFYIEYDn8Jayt1n8ZeEqbrBDDa4qXtbMbe6SSdQB3ANdtfRDRp/V3
+wsfpX9cAv/mCyTNaZeHQswFzF8DIxWl3AAABmL2rUg0AAAQDAEgwRgIhAOUPrRAt
+yTTtq5HeROTupcMMwpzXsJ28vkTFf9KhhmFTAiEA9OgZuVaTwadS6/b6GaUOIbGE
+4TZJnq0BZ14fZyLsPMUwDQYJKoZIhvcNAQELBQADggGBAH+K8rlGkuWryJyTY8Q6
+yT55d9glFnt3D+CWo2j3itYB0X+BJdIP0HqFxE80JfVbdtKloDPSc/gvm9wBizBS
+UW+3RzRHTcCtjRtFRxAVBnLHmuQrJoLR/DHv973fToGNJ3FqJrrK9gPJWInq+44B
+V3/J7BmcqT7kOzeuZa5wyaFS/7OwED5HN/GBtTWCaHdcEuDBjicHcT9HWBAkTaSM
+nEHRRUZBnpHBvCsU1Nf09di0RYDjJC9Au5F8C/4N0Fv3Zu2n2ygj7eWcRVBM/oRq
+KNL+E1A1BcdSBLzwTLENNO2SBhnX7DHzBft7ZDiAyxi3Wngmgks7QSikeUnZJnTX
+6uZk4+P4r/U0OOq2O5QcvnC60N9eKkEihl0mNvYOLYG4exYBoRGtUe7ZrlVpGjS5
+2ibuOLnFcOScIGoV+N4hUjDEVyGKk5DhrqDFPDh4mC2rdizc92kbhsDnQUPNg0ZM
+OYo2tk9tTQeP806qhg48Dl7O9D74O7SoyZN0ol5HOLkioA==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB
-iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
-cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
-BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx
-MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE
-CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw
-DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD
-QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e
-xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v
-HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP
-iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl
-qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT
-eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML
-fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL
-MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw
-EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB
-hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh
-dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo
-dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j
-cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
-hvcNAQEMBQADggIBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU
-11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZQPwZsHURKsISNrqOcooGTie3jVgU0W+0
-+Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74fzYefbZ/VS29fR
-5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72
-hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo
-RCASN18JyfsD5PVldJbtyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED
-Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3PvzdhssvbORDwBZByogQ9xL2LUZFI/i
-eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJnvujbXEnGa
-nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b
-oJ8ifsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH
-OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
-MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
-ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
-eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
+MIIGSjCCBDKgAwIBAgIRAINbdhUgbS1uCX4LbkCf78AwDQYJKoZIhvcNAQEMBQAw
 gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
 ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
-VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
-BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
-UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
-tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
-jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
-8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
-AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
-Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
-N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
-qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
-HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
-+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
-HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
-A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
-BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
-HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
-dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
-dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
-lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
-RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
-YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
-Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
-Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
-0fKtirOMxyHNwu8=
+VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIy
+MTExNjAwMDAwMFoXDTMyMTExNTIzNTk1OVowRDELMAkGA1UEBhMCVVMxEjAQBgNV
+BAoTCUludGVybmV0MjEhMB8GA1UEAxMYSW5Db21tb24gUlNBIFNlcnZlciBDQSAy
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAifBcxDi60DRXr5dVoPQi
+Q/w+GBE62216UiEGMdbUt7eSiIaFj/iZ/xiFop0rWuH4BCFJ3kSvQF+aIhEsOnuX
+R6mViSpUx53HM5ApIzFIVbd4GqY6tgwaPzu/XRI/4Dmz+hoLW/i/zD19iXvS95qf
+NU8qP7/3/USf2/VNSUNmuMKlaRgwkouue0usidYK7V8W3ze+rTFvWR2JtWKNTInc
+NyWD3GhVy/7G09PwTAu7h0qqRyTkETLf+z7FWtc8c12f+SfvmKHKFVqKpNPtgMkr
+wqwaOgOOD4Q00AihVT+UzJ6MmhNPGg+/Xf0BavmXKCGDTv5uzQeOdD35o/Zw16V4
+C4J4toj1WLY7hkVhrzKG+UWJiSn8Hv3dUTj4dkneJBNQrUfcIfTHV3gCtKwXn1eX
+mrxhH+tWu9RVwsDegRG0s28OMdVeOwljZvYrUjRomutNO5GzynveVxJVCn3Cbn7a
+c4L+5vwPNgs04DdOAGzNYdG5t6ryyYPosSLH2B8qDNzxAgMBAAGjggFwMIIBbDAf
+BgNVHSMEGDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQU70wAkqb7
+di5eleLJX4cbGdVN4tkwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCIGA1UdIAQbMBkwDQYL
+KwYBBAGyMQECAmcwCAYGZ4EMAQICMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9j
+cmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9y
+aXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcnQu
+dXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBQUFDQS5jcnQwJQYIKwYBBQUHMAGG
+GWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggIBACaA
+DTTkHq4ivq8+puKE+ca3JbH32y+odcJqgqzDts5bgsapBswRYypjmXLel11Q2U6w
+rySldlIjBRDZ8Ah8NOs85A6MKJQLaU9qHzRyG6w2UQTzRwx2seY30Mks3ZdIe9rj
+s5rEYliIOh9Dwy8wUTJxXzmYf/A1Gkp4JJp0xIhCVR1gCSOX5JW6185kwid242bs
+Lm0vCQBAA/rQgxvLpItZhC9US/r33lgtX/cYFzB4jGOd+Xs2sEAUlGyu8grLohYh
+kgWN6hqyoFdOpmrl8yu7CSGV7gmVQf9viwVBDIKm+2zLDo/nhRkk8xA0Bb1BqPzy
+bPESSVh4y5rZ5bzB4Lo2YN061HV9+HDnnIDBffNIicACdv4JGyGfpbS6xsi3UCN1
+5ypaG43PJqQ0UnBQDuR60io1ApeSNkYhkaHQ9Tk/0C4A+EM3MW/KFuU53eHLVlX9
+ss1iG2AJfVktaZ2l/SbY7py8JUYMkL/jqZBRjNkD6srsmpJ6utUMmAlt7m1+cTX8
+6/VEBc5Dp9VfuD6hNbNKDSg7YxyEVaBqBEtN5dppj4xSiCrs6LxLHnNo3rG8VJRf
+NVQdgFbMb7dOIBokklzfmU69lS0kgyz2mZMJmW2G/hhEdddJWHh3FcLi2MaeYiOV
+RFrLHtJvXEdf2aEaZ0LOb2Xo3zO6BJvjXldv2woN
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
+MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
+VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
+AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
+MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
+MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
+ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
+s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
+vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
+Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
+IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
+tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
+xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
+icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
+D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
+WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
+5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
+KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
+EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
+ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
+BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
+L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
+BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
+A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
+rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
+/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
+CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
+zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
+vGp4z7h/jnZymQyd/teRCBaho1+V
 -----END CERTIFICATE-----
diff --git a/server/fedora/config/etc/pki/tls/certs/star.scripts.pem b/server/fedora/config/etc/pki/tls/certs/star.scripts.pem
index 9544a7e6..2b187de2 100644
--- a/server/fedora/config/etc/pki/tls/certs/star.scripts.pem
+++ b/server/fedora/config/etc/pki/tls/certs/star.scripts.pem
@@ -1,99 +1,107 @@
 -----BEGIN CERTIFICATE-----
-MIIFpzCCBI+gAwIBAgIQMx1Pzz2yUuH8l8h7iIwGHDANBgkqhkiG9w0BAQsFADB2
-MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjES
-MBAGA1UEChMJSW50ZXJuZXQyMREwDwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMW
-SW5Db21tb24gUlNBIFNlcnZlciBDQTAeFw0xNzEwMDUwMDAwMDBaFw0yMDEwMDQy
-MzU5NTlaMIHfMQswCQYDVQQGEwJVUzEOMAwGA1UEERMFMDIxMzkxFjAUBgNVBAgT
-DU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcTCUNhbWJyaWRnZTEdMBsGA1UECRMUNzcg
-TWFzc2FjaHVzZXR0cyBBdmUxLjAsBgNVBAoTJU1hc3NhY2h1c2V0dHMgSW5zdGl0
-dXRlIG9mIFRlY2hub2xvZ3kxKTAnBgNVBAsMIEluZm9ybWF0aW9uIFN5c3RlbXMg
-JiBUZWNobm9sb2d5MRowGAYDVQQDDBEqLnNjcmlwdHMubWl0LmVkdTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSaPBw+t3otZqZDRkFb98F1xq0FIgzj
-dRYbCeomIghZsZjijbxbLD5UOPLiASQTQqi4fBJJp5nnEiOZAz5Qxsv66tpWQuzq
-0n3LDc0z/X1x4uZL2KDkul7lbi3/8g4Jae0/+6nKzD11+CgQ3GiC5xB/WPC3oPFA
-VX9sRoEhfj3utqE0ewV/PoPU1FKeqXcnHcK+iQsCWkSp6JMrNgpLGMjpVXTmQcld
-GVR2Y1QuLjsJ+9hnyyRHZ4u8GGe+rYFl1tnNZd49PcC+OwXwbQ6t1vUk5HuR0tkk
-b1of1NrQyyMzvpswUdZq5JPoLPFxgvdfYxV0Mwagza5lJq7U+mK0gB8CAwEAAaOC
-AcUwggHBMB8GA1UdIwQYMBaAFB4Fo3ePbJbiW4dLprSGrHEADOc4MB0GA1UdDgQW
-BBT7qCY04gyGSzdDzOvyje2pMgcNZDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/
-BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwZwYDVR0gBGAwXjBS
-BgwrBgEEAa4jAQQDAQEwQjBABggrBgEFBQcCARY0aHR0cHM6Ly93d3cuaW5jb21t
-b24ub3JnL2NlcnQvcmVwb3NpdG9yeS9jcHNfc3NsLnBkZjAIBgZngQwBAgIwRAYD
-VR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC5pbmNvbW1vbi1yc2Eub3JnL0luQ29t
-bW9uUlNBU2VydmVyQ0EuY3JsMHUGCCsGAQUFBwEBBGkwZzA+BggrBgEFBQcwAoYy
-aHR0cDovL2NydC51c2VydHJ1c3QuY29tL0luQ29tbW9uUlNBU2VydmVyQ0FfMi5j
-cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wHAYDVR0R
-BBUwE4IRKi5zY3JpcHRzLm1pdC5lZHUwDQYJKoZIhvcNAQELBQADggEBAIzQbUx7
-K6ZZ1MHmvEw3aX9UYh+Rp+vM5TxJFj4z8XnhrL27RhAlDcFpF9vEWxUN+MrRNrtM
-AGCtZSlJMioCkNihIjrfPCUGSDTHB29865uYVL9g59IjKOIukeHkBnzxjns7Qvwo
-PAzC1Zpyky3IJv9x5yuK0+wMx2FoQ9UiVeSZozAwGTyii5NpTJIs3qx9aIZXL9X1
-8sJdC1YCOG8wLJ1aix7YmbD2ppgXIv7qu9HPP6YYdux4HI+fY/tCcEq8gozc/S2x
-QMfDuK23bnA8pjc/rb7sFjZmkL4uKt0z7xfVFN7Cpb8hX8v2dtFgmxK2URZd77ot
-V4hJIMR/thFsq7E=
+MIIG4TCCBUmgAwIBAgIRANKJKielWl3U2/GKe3jQp6IwDQYJKoZIhvcNAQELBQAw
+RDELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUludGVybmV0MjEhMB8GA1UEAxMYSW5D
+b21tb24gUlNBIFNlcnZlciBDQSAyMB4XDTI1MDgxODAwMDAwMFoXDTI2MDgxODIz
+NTk1OVowcTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAs
+BgNVBAoTJU1hc3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxGjAY
+BgNVBAMMESouc2NyaXB0cy5taXQuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAxJo8HD63ei1mpkNGQVv3wXXGrQUiDON1FhsJ6iYiCFmxmOKNvFss
+PlQ48uIBJBNCqLh8EkmnmecSI5kDPlDGy/rq2lZC7OrSfcsNzTP9fXHi5kvYoOS6
+XuVuLf/yDglp7T/7qcrMPXX4KBDcaILnEH9Y8Leg8UBVf2xGgSF+Pe62oTR7BX8+
+g9TUUp6pdycdwr6JCwJaRKnokys2CksYyOlVdOZByV0ZVHZjVC4uOwn72GfLJEdn
+i7wYZ76tgWXW2c1l3j09wL47BfBtDq3W9STke5HS2SRvWh/U2tDLIzO+mzBR1mrk
+k+gs8XGC919jFXQzBqDNrmUmrtT6YrSAHwIDAQABo4IDHzCCAxswHwYDVR0jBBgw
+FoAU70wAkqb7di5eleLJX4cbGdVN4tkwHQYDVR0OBBYEFPuoJjTiDIZLN0PM6/KN
+7akyBw1kMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgJnMCUw
+IwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECAjBA
+BgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnNlY3RpZ28uY29tL0luQ29tbW9u
+UlNBU2VydmVyQ0EyLmNybDBwBggrBgEFBQcBAQRkMGIwOwYIKwYBBQUHMAKGL2h0
+dHA6Ly9jcnQuc2VjdGlnby5jb20vSW5Db21tb25SU0FTZXJ2ZXJDQTIuY3J0MCMG
+CCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAcBgNVHREEFTATghEq
+LnNjcmlwdHMubWl0LmVkdTCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUA2AlV
+O5RPev/IFhlvlE+Fq7D4/F6HVSYPFdEucrtFSxQAAAGYvaxGkQAABAMARjBEAiAX
+bYLzGjv2t+TZr0nEJgIcG/3x9x0lBb/APOFTrnY+xwIgfeQBk4ohkelRdjWuokQH
+pmTHc55SOg3HXXcDTl4lIaIAdgCsqzBwbOvshDH0E9L0kV8RHkIkQ7HypoxPPCs7
+px4CwwAAAZi9rEZTAAAEAwBHMEUCIC+HFMD+YJrNZDLIeyogCoEgOsmnukCaHH08
+ALmaJ7X+AiEAijahYqimxsx8Q+U8mE6nffCHLQ13RdTVTjatb/pEil0AdgDXbX0Q
+0af1d8LH6V/XAL/5gskzWmXh0LMBcxfAyMVpdwAAAZi9rEZCAAAEAwBHMEUCIQC1
+2mus0JQovvTjWze0EpRxEDJZ0uV+30MlI2UrLGM2jQIgRxlP2l6/G2RdFjJCdC45
+6gfLYYlWxiy10MO4f8Nr9eUwDQYJKoZIhvcNAQELBQADggGBAEcXEgOKkcQtnS2x
+sBTvjnDD+QcV06Sz8bne/0AfQJ4DpDgCMwdvC9/Vo+b4h8tochMi+6KlyMzm5xdb
+d7Irc6KKO4z/mI01W4B0lZ5bmf4ZWd/mFi6lJ2s2osDs5JhE3V0kcC0ncglj2rol
+V45+1qsTM/8fs/c34vZeXWfXzhGenfOkNrzcJGo2pwOskHZzV1GoITCSjAzynxTt
+zo1Bz1Lbv5kYk4Jno7OVMhTBbGhyi3fORn6kso5Oa9b8YUhA8/ZdsJD+5wf8kawL
+V6mfj+TjcotH4Jlz6uvUMnK8KaGriqAWjnr2VXKdX9poM1iume8X7GOCLyqFr7gW
+erKfIOYZSxGBvEj1M/ASTJL5+X6Y0jcxb8a4lsFe8QaFbWPfXGlyYx7HvgMxrVIE
++OprP1rG6788nf8eDop4pGpmyc387BPJ1D7u24Ie0tDpteb0V8cXOeOPFG5xGLWX
+Y1CRY8kNXmWJvzOJOqUcma+y+U6o1a9WGUeLZ9mpnOrG881xUg==
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB
-iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
-cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
-BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx
-MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE
-CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw
-DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD
-QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e
-xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v
-HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP
-iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl
-qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT
-eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML
-fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL
-MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw
-EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
-AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB
-hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh
-dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo
-dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j
-cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
-hvcNAQEMBQADggIBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU
-11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZQPwZsHURKsISNrqOcooGTie3jVgU0W+0
-+Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74fzYefbZ/VS29fR
-5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72
-hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo
-RCASN18JyfsD5PVldJbtyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED
-Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3PvzdhssvbORDwBZByogQ9xL2LUZFI/i
-eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJnvujbXEnGa
-nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b
-oJ8ifsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH
-OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
-MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
-ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
-eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
+MIIGSjCCBDKgAwIBAgIRAINbdhUgbS1uCX4LbkCf78AwDQYJKoZIhvcNAQEMBQAw
 gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
 ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
-VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
-BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
-UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
-tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
-jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
-8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
-AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
-Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
-N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
-qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
-HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
-+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
-HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
-A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
-BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
-HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
-dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
-dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
-lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
-RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
-YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
-Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
-Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
-0fKtirOMxyHNwu8=
+VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIy
+MTExNjAwMDAwMFoXDTMyMTExNTIzNTk1OVowRDELMAkGA1UEBhMCVVMxEjAQBgNV
+BAoTCUludGVybmV0MjEhMB8GA1UEAxMYSW5Db21tb24gUlNBIFNlcnZlciBDQSAy
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAifBcxDi60DRXr5dVoPQi
+Q/w+GBE62216UiEGMdbUt7eSiIaFj/iZ/xiFop0rWuH4BCFJ3kSvQF+aIhEsOnuX
+R6mViSpUx53HM5ApIzFIVbd4GqY6tgwaPzu/XRI/4Dmz+hoLW/i/zD19iXvS95qf
+NU8qP7/3/USf2/VNSUNmuMKlaRgwkouue0usidYK7V8W3ze+rTFvWR2JtWKNTInc
+NyWD3GhVy/7G09PwTAu7h0qqRyTkETLf+z7FWtc8c12f+SfvmKHKFVqKpNPtgMkr
+wqwaOgOOD4Q00AihVT+UzJ6MmhNPGg+/Xf0BavmXKCGDTv5uzQeOdD35o/Zw16V4
+C4J4toj1WLY7hkVhrzKG+UWJiSn8Hv3dUTj4dkneJBNQrUfcIfTHV3gCtKwXn1eX
+mrxhH+tWu9RVwsDegRG0s28OMdVeOwljZvYrUjRomutNO5GzynveVxJVCn3Cbn7a
+c4L+5vwPNgs04DdOAGzNYdG5t6ryyYPosSLH2B8qDNzxAgMBAAGjggFwMIIBbDAf
+BgNVHSMEGDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQU70wAkqb7
+di5eleLJX4cbGdVN4tkwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8C
+AQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCIGA1UdIAQbMBkwDQYL
+KwYBBAGyMQECAmcwCAYGZ4EMAQICMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9j
+cmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9y
+aXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOgYIKwYBBQUHMAKGLmh0dHA6Ly9jcnQu
+dXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBQUFDQS5jcnQwJQYIKwYBBQUHMAGG
+GWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggIBACaA
+DTTkHq4ivq8+puKE+ca3JbH32y+odcJqgqzDts5bgsapBswRYypjmXLel11Q2U6w
+rySldlIjBRDZ8Ah8NOs85A6MKJQLaU9qHzRyG6w2UQTzRwx2seY30Mks3ZdIe9rj
+s5rEYliIOh9Dwy8wUTJxXzmYf/A1Gkp4JJp0xIhCVR1gCSOX5JW6185kwid242bs
+Lm0vCQBAA/rQgxvLpItZhC9US/r33lgtX/cYFzB4jGOd+Xs2sEAUlGyu8grLohYh
+kgWN6hqyoFdOpmrl8yu7CSGV7gmVQf9viwVBDIKm+2zLDo/nhRkk8xA0Bb1BqPzy
+bPESSVh4y5rZ5bzB4Lo2YN061HV9+HDnnIDBffNIicACdv4JGyGfpbS6xsi3UCN1
+5ypaG43PJqQ0UnBQDuR60io1ApeSNkYhkaHQ9Tk/0C4A+EM3MW/KFuU53eHLVlX9
+ss1iG2AJfVktaZ2l/SbY7py8JUYMkL/jqZBRjNkD6srsmpJ6utUMmAlt7m1+cTX8
+6/VEBc5Dp9VfuD6hNbNKDSg7YxyEVaBqBEtN5dppj4xSiCrs6LxLHnNo3rG8VJRf
+NVQdgFbMb7dOIBokklzfmU69lS0kgyz2mZMJmW2G/hhEdddJWHh3FcLi2MaeYiOV
+RFrLHtJvXEdf2aEaZ0LOb2Xo3zO6BJvjXldv2woN
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
+MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
+VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
+AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
+MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
+MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
+ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sI
+s9CsVw127c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnG
+vDoZtF+mvX2do2NCtnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQ
+Ijy8/hPwhxR79uQfjtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfb
+IWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0
+tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97E
+xwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNV
+icQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5
+D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
+WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ
+5lhCLkMaTLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzG
+KAgEJTm4Diup8kyXHAc/DVL17e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSg
+EQojPpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rID
+ZsswDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAG
+BgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29t
+L0FBQUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggr
+BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
+A4IBAQAYh1HcdCE9nIrgJ7cz0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+
+rvSNb3I8QzvAP+u431yqqcau8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+
+/czSAaF9ffgZGclCKxO/WIu6pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gA
+CiIDEOUMsfnNkjcZ7Tvx5Dq2+UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1F
+zZOFli9d31kWTz9RvdVFGD/tSo7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyA
+vGp4z7h/jnZymQyd/teRCBaho1+V
 -----END CERTIFICATE-----
diff --git a/server/fedora/config/etc/pki/tls/gencsr b/server/fedora/config/etc/pki/tls/gencsr
index 6e21ffc2..4a295e5e 100755
--- a/server/fedora/config/etc/pki/tls/gencsr
+++ b/server/fedora/config/etc/pki/tls/gencsr
@@ -71,7 +71,7 @@ if __name__=="__main__":
         exit(1)
 
     hostname = sys.argv[1].lower()
-    if not hostname.endswith(".mit.edu"):
+    if not hostname.endswith(".mit.edu") and '.' not in hostname:
         hostname += ".mit.edu"
 
     print generate_csr(hostname, [hostname]),  # with subjectAltName
diff --git a/server/fedora/config/etc/postfix/blocked_users b/server/fedora/config/etc/postfix/blocked_users
index 62b3d0c5..cd703ed5 100644
--- a/server/fedora/config/etc/postfix/blocked_users
+++ b/server/fedora/config/etc/postfix/blocked_users
@@ -26,3 +26,7 @@ game
 lebanon
 crpg
 scioly
+wheats
+4.330
+open
+11.s942
diff --git a/server/fedora/config/etc/postfix/mailbox_command_maps b/server/fedora/config/etc/postfix/mailbox_command_maps
new file mode 100644
index 00000000..8f1753b9
--- /dev/null
+++ b/server/fedora/config/etc/postfix/mailbox_command_maps
@@ -0,0 +1 @@
+root		/usr/bin/procmail /etc/scripts/root-procmailrc
diff --git a/server/fedora/config/etc/postfix/main.cf b/server/fedora/config/etc/postfix/main.cf
index 92aee6be..1b6fdea5 100644
--- a/server/fedora/config/etc/postfix/main.cf
+++ b/server/fedora/config/etc/postfix/main.cf
@@ -12,11 +12,13 @@ myorigin = scripts.mit.edu
 mydestination = scripts.mit.edu, scripts, $myhostname, scripts-test.mit.edu, scripts-test, localhost
 relayhost =
 mynetworks_style = host
-mailbox_command_maps = ldap:/etc/postfix/mailbox-command-maps-ldap.cf
+mailbox_command_maps =
+    texthash:/etc/postfix/mailbox_command_maps,
+    ldap:/etc/postfix/mailbox-command-maps-ldap.cf
 mailbox_size_limit = 0
 message_size_limit = 41943040
 recipient_delimiter = +
-inet_interfaces = $myhostname, scripts.mit.edu, scripts-vhosts.mit.edu
+inet_interfaces = $myhostname, scripts.mit.edu, scripts-vhosts.mit.edu, scripts-f20.mit.edu
 readme_directory = /usr/share/doc/postfix/README_FILES
 sample_directory = /usr/share/doc/postfix/samples
 sendmail_path = /usr/sbin/sendmail
@@ -29,12 +31,13 @@ newaliases_path = /usr/bin/newaliases
 mailq_path = /usr/bin/mailq
 queue_directory = /var/spool/postfix
 mail_owner = postfix
-virtual_alias_domains = hash:/etc/postfix/virtual, regexp:/etc/postfix/virtual_re, ldap:/etc/postfix/virtual-alias-domains-ldap.cf
-virtual_alias_maps = hash:/etc/postfix/virtual, regexp:/etc/postfix/virtual_re, ldap:/etc/postfix/virtual-alias-maps-ldap-reserved.cf, ldap:/etc/postfix/virtual-alias-maps-ldap.cf
+virtual_alias_domains = !scripts.mit.edu, !scripts, !$myhostname, !scripts-test.mit.edu, !scripts-test, !localhost, scripts-vhosts.mit.edu, ldap:/etc/postfix/virtual-alias-domains-ldap.cf
+virtual_alias_maps = ldap:/etc/postfix/virtual-alias-maps-ldap-reserved.cf, ldap:/etc/postfix/virtual-alias-maps-ldap.cf
 data_directory = /var/lib/postfix
 authorized_flush_users = fail
 authorized_mailq_users = /etc/postfix/mailq_users
 authorized_submit_users = !/etc/postfix/blocked_users, static:all
+non_smtpd_milters = unix:/run/spamass-milter/postfix/sock
 # "all" is the default, but if we do not specify it, Fedora's packaging
 # will add the wrong value here.
 inet_protocols = all
diff --git a/server/fedora/config/etc/postfix/virtual b/server/fedora/config/etc/postfix/virtual
index 9f427519..e69de29b 100644
--- a/server/fedora/config/etc/postfix/virtual
+++ b/server/fedora/config/etc/postfix/virtual
@@ -1,8 +0,0 @@
-webmaster@szs.mit.edu jdaniel@mit.edu
-webmaster@webzephyr.mit.edu jdaniel@mit.edu
-@szs.mit.edu webzephyr
-@webzephyr.mit.edu webzephyr
-# Domains also match here
-scripts-vhosts.mit.edu true
-szs.mit.edu true
-webzephyr.mit.edu true
diff --git a/server/fedora/config/etc/postfix/virtual-alias-maps-ldap.cf b/server/fedora/config/etc/postfix/virtual-alias-maps-ldap.cf
index 25034d2f..56c5973d 100644
--- a/server/fedora/config/etc/postfix/virtual-alias-maps-ldap.cf
+++ b/server/fedora/config/etc/postfix/virtual-alias-maps-ldap.cf
@@ -1,22 +1,22 @@
-# Find any vhost with a name or alias matching the domain of the e-mail
-# address.  We're queried with an entire e-mail address, but are only
-# interested in checking whether the domain portion corresponds to a
-# vhost; we'll simply deliver any mail for the vhost to its owner, regardless
-# of the lefthand side of the address.  %d extracts only the domain.
-# We don't match the scripts.mit.edu vhost here because we don't want
-# to first resolve an arbitrary address to a scripts account, and then
-# end up sending their mail to the owners of the scripts.mit.edu vhost.
-# Once we've found the scriptsVhost object corresponding to the domain
-# the e-mail is for, we recursively search the suffix for the vhost's
-# scriptsVhostAccount, and take the uid from that object.  This uid is
-# the name of the locker that owns the vhost.  Protocol version 3 is
+# Find any vhost with a name or alias matching the domain of the
+# e-mail address.  We're queried with an entire e-mail address, but
+# are only interested in checking whether the domain portion
+# corresponds to a vhost; we'll simply deliver any mail for the vhost
+# to its owner, appending the original lefthand side of the address as
+# an extension.  %d extracts only the domain.  We don't match the
+# scripts.mit.edu vhost here because we don't want to first resolve an
+# arbitrary address to a scripts account, and then end up sending
+# their mail to the owners of the scripts.mit.edu vhost.  The uid
+# attribute, generated by the CoS template
+# cn=vhostOwnerCoS,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu, is the
+# name of the locker that owns the vhost.  Protocol version 3 is
 # necessary to use ldapi.
 
 server_host = ldapi://%2fvar%2frun%2fslapd-scripts.socket/
 search_base = ou=VirtualHosts,dc=scripts,dc=mit,dc=edu
 query_filter = (&(objectClass=scriptsVhost)(|(scriptsVhostName=%d)(scriptsVhostAlias=%d))(!(scriptsVhostName=scripts.mit.edu)))
 result_attribute = uid
-special_result_attribute = scriptsVhostAccount
+result_format = %s+%U
 bind = no
 version = 3
 
diff --git a/server/fedora/config/etc/postfix/virtual_re b/server/fedora/config/etc/postfix/virtual_re
deleted file mode 100644
index 4c4a9beb..00000000
--- a/server/fedora/config/etc/postfix/virtual_re
+++ /dev/null
@@ -1,4 +0,0 @@
-/^(.*)@scripts\.mit\.edu$/ $1@scripts.mit.edu
-/^(abuse|hostmaster|noc|postmaster|security)@[^@]*\.scripts\.mit\.edu$/ $1@scripts.mit.edu
-/^(.*)@([^@]*)\.scripts\.mit\.edu$/ $2+$1
-/^([^@]*)\.scripts\.mit\.edu$/ true
diff --git a/server/fedora/config/etc/scripts/mbash-vips b/server/fedora/config/etc/scripts/mbash-vips
new file mode 100644
index 00000000..e16c726d
--- /dev/null
+++ b/server/fedora/config/etc/scripts/mbash-vips
@@ -0,0 +1,4 @@
+18.4.86.43
+18.4.86.50
+18.4.86.46
+18.4.86.29
diff --git a/server/fedora/config/etc/scripts/prune-mailq b/server/fedora/config/etc/scripts/prune-mailq
index a369b47f..00c0537a 100755
--- a/server/fedora/config/etc/scripts/prune-mailq
+++ b/server/fedora/config/etc/scripts/prune-mailq
@@ -9,9 +9,11 @@ usage="Usage:
     $0 list-to
     $0 show-rand [from regex|to regex]
     $0 email lockers...
-    $0 purge-from address...
     $0 purge-fullname fullnames...
-    $0 purge-to lockers..."
+    $0 purge-from lockers...
+    $0 purge-from-re regexes...
+    $0 purge-to lockers...
+    $0 purge-to-re regexes..."
 
 usage() {
     echo "$usage" >&2;
@@ -120,6 +122,18 @@ purge_from() {
     done
 }
 
+purge_from_re() {
+    if [[ $# -eq 0 ]]; then
+        echo "Please specify a regex to purge emails from" >&2
+        exit 1
+    fi
+    for re in "$@"; do
+        echo "$re"
+        mailq | tail -n +2 | grep -v '^ *(' | awk "BEGIN { RS = \"\" } (\$7 ~ \"$re\") { print \$1 }" | tr -d '*!' | postsuper -d -
+        echo
+    done
+}
+
 purge_to() {
     if [[ $# -eq 0 ]]; then
         echo "Please specify a locker to purge emails to" >&2
@@ -133,6 +147,18 @@ purge_to() {
     done
 }
 
+purge_to_re() {
+    if [[ $# -eq 0 ]]; then
+        echo "Please specify a regex to purge emails to" >&2
+        exit 1
+    fi
+    for re in "$@"; do
+        echo "$re"
+        mailq | tail -n +2 | grep -v '^ *(' | awk "BEGIN { RS = \"\" } (\$8 ~ \"$re\" && \$9 == \"\") { print \$1 }" | tr -d '*!' | postsuper -d -
+        echo
+    done
+}
+
 op=${1:-}
 
 # We want to go ahead and show the usage message if there are no args, so
@@ -145,9 +171,11 @@ case "$op" in
     list-to) list_to;;
     show-rand) show_rand "$@";;
     email) tmpl_email "$@";;
-    purge-from) purge_from "$@";;
     purge-fullname) purge_fullname "$@";;
+    purge-from) purge_from "$@";;
+    purge-from-re) purge_from_re "$@";;
     purge-to) purge_to "$@";;
+    purge-to-re) purge_to_re "$@";;
     *)
 	usage
         ;;
diff --git a/server/fedora/config/etc/scripts/root-procmailrc b/server/fedora/config/etc/scripts/root-procmailrc
new file mode 100644
index 00000000..bc54d9da
--- /dev/null
+++ b/server/fedora/config/etc/scripts/root-procmailrc
@@ -0,0 +1,2 @@
+:0
+! andersk@mit.edu, quentin@mit.edu, mitchb@mit.edu, ezyang@mit.edu, xavid@mit.edu, adehnert-sipb@mit.edu, achernya@mit.edu, glasgall@mit.edu, tboning@mit.edu, cereslee@mit.edu, btidor-scripts@mit.edu, vasilvv@mit.edu, mrittenb@mit.edu
diff --git a/server/fedora/config/etc/ssh/shosts.equiv b/server/fedora/config/etc/ssh/shosts.equiv
index f522f435..c8d53c98 100644
--- a/server/fedora/config/etc/ssh/shosts.equiv
+++ b/server/fedora/config/etc/ssh/shosts.equiv
@@ -10,6 +10,7 @@ whole-enchilada.mit.edu
 golden-egg.mit.edu
 miracle-cure.mit.edu
 lucky-star.mit.edu
+scripts-f30.mit.edu
 172.21.0.53
 172.21.0.57
 172.21.0.167
diff --git a/server/fedora/config/etc/ssh/ssh_known_hosts b/server/fedora/config/etc/ssh/ssh_known_hosts
index 15b9738a..c598ee10 100644
--- a/server/fedora/config/etc/ssh/ssh_known_hosts
+++ b/server/fedora/config/etc/ssh/ssh_known_hosts
@@ -1,12 +1,13 @@
-real-mccoy.mit.edu,real-mccoy,r-m.mit.edu,r-m,scripts8.mit.edu,scripts8,18.181.0.235,172.21.0.235 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
-busy-beaver.mit.edu,busy-beaver,b-b.mit.edu,b-b,scripts7.mit.edu,scripts7,18.181.0.234,172.21.0.234 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFDzAEXlTb1hcGBgfuteR9xdB/jZCe+lf+GOBWz4UthUpJKal+x20MVZr3R7u+BkbX4NNa5PC2QUpAZwTOI8Izw=
-pancake-bunny.mit.edu,pancake-bunny,p-b.mit.edu,p-b,scripts6.mit.edu,scripts6,18.181.0.237,172.21.0.237 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOWBC+fWZjJf4YzjAr/uc8kZOewcjJ8b/YampOTw/Tut73drvDfUzg9Xevgvb4Q2hi9VuW0IZQnT+pGwD1zj7pQ=
-cats-whiskers.mit.edu,cats-whiskers,c-w.mit.edu,c-w,scripts4.mit.edu,scripts4,18.181.0.228,172.21.0.228 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOWBC+fWZjJf4YzjAr/uc8kZOewcjJ8b/YampOTw/Tut73drvDfUzg9Xevgvb4Q2hi9VuW0IZQnT+pGwD1zj7pQ=
-bees-knees.mit.edu,bees-knees,b-k.mit.edu,b-k,scripts3.mit.edu,scripts3,18.181.0.167,172.21.0.167 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOWBC+fWZjJf4YzjAr/uc8kZOewcjJ8b/YampOTw/Tut73drvDfUzg9Xevgvb4Q2hi9VuW0IZQnT+pGwD1zj7pQ=
-better-mousetrap.mit.edu,better-mousetrap,b-m.mit.edu,b-m,scripts1.mit.edu,scripts1,18.181.0.57,172.21.0.57 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
-old-faithful.mit.edu,old-faithful,o-f.mit.edu,o-f,scripts2.mit.edu,scripts2,18.181.0.53,172.21.0.53 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
-whole-enchilada.mit.edu,whole-enchilada,w-e.mit.edu,w-e,scripts5.mit.edu,scripts5,18.181.0.236,172.21.0.236 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
-shining-armor.mit.edu,shining-armor,s-a.mit.edu,s-a,scripts9.mit.edu,scripts9,18.181.0.135,172.21.0.135 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOWBC+fWZjJf4YzjAr/uc8kZOewcjJ8b/YampOTw/Tut73drvDfUzg9Xevgvb4Q2hi9VuW0IZQnT+pGwD1zj7pQ=
-golden-egg.mit.edu,golden-egg,g-e.mit.edu,g-e,scripts10.mit.edu,scripts10,18.181.0.141,172.21.0.141 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
-miracle-cure.mit.edu,miracle-cure,m-c.mit.edu,m-c,scripts11.mit.edu,scripts11,18.181.0.203,172.21.0.203 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
-lucky-star.mit.edu,lucky-star,l-s.mit.edu,l-s,scripts12.mit.edu,scripts12,18.181.0.204,172.21.0.204 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
+real-mccoy.mit.edu,real-mccoy,r-m.mit.edu,r-m,scripts8.mit.edu,scripts8,18.4.86.235,172.21.0.235 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
+busy-beaver.mit.edu,busy-beaver,b-b.mit.edu,b-b,scripts7.mit.edu,scripts7,18.4.86.234,172.21.0.234 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFDzAEXlTb1hcGBgfuteR9xdB/jZCe+lf+GOBWz4UthUpJKal+x20MVZr3R7u+BkbX4NNa5PC2QUpAZwTOI8Izw=
+pancake-bunny.mit.edu,pancake-bunny,p-b.mit.edu,p-b,scripts6.mit.edu,scripts6,18.4.86.237,172.21.0.237 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOWBC+fWZjJf4YzjAr/uc8kZOewcjJ8b/YampOTw/Tut73drvDfUzg9Xevgvb4Q2hi9VuW0IZQnT+pGwD1zj7pQ=
+cats-whiskers.mit.edu,cats-whiskers,c-w.mit.edu,c-w,scripts4.mit.edu,scripts4,18.4.86.228,172.21.0.228 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOWBC+fWZjJf4YzjAr/uc8kZOewcjJ8b/YampOTw/Tut73drvDfUzg9Xevgvb4Q2hi9VuW0IZQnT+pGwD1zj7pQ=
+bees-knees.mit.edu,bees-knees,b-k.mit.edu,b-k,scripts3.mit.edu,scripts3,18.4.86.167,172.21.0.167 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOWBC+fWZjJf4YzjAr/uc8kZOewcjJ8b/YampOTw/Tut73drvDfUzg9Xevgvb4Q2hi9VuW0IZQnT+pGwD1zj7pQ=
+better-mousetrap.mit.edu,better-mousetrap,b-m.mit.edu,b-m,scripts1.mit.edu,scripts1,18.4.86.57,172.21.0.57 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
+old-faithful.mit.edu,old-faithful,o-f.mit.edu,o-f,scripts2.mit.edu,scripts2,18.4.86.53,172.21.0.53 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
+whole-enchilada.mit.edu,whole-enchilada,w-e.mit.edu,w-e,scripts5.mit.edu,scripts5,18.4.86.236,172.21.0.236 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
+shining-armor.mit.edu,shining-armor,s-a.mit.edu,s-a,scripts9.mit.edu,scripts9,18.4.86.135,172.21.0.135 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOWBC+fWZjJf4YzjAr/uc8kZOewcjJ8b/YampOTw/Tut73drvDfUzg9Xevgvb4Q2hi9VuW0IZQnT+pGwD1zj7pQ=
+golden-egg.mit.edu,golden-egg,g-e.mit.edu,g-e,scripts10.mit.edu,scripts10,18.4.86.141,172.21.0.141 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
+miracle-cure.mit.edu,miracle-cure,m-c.mit.edu,m-c,scripts11.mit.edu,scripts11,18.4.86.203,172.21.0.203 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
+lucky-star.mit.edu,lucky-star,l-s.mit.edu,l-s,scripts12.mit.edu,scripts12,18.4.86.204,172.21.0.204 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
+scripts-f30.mit.edu,scripts-f30,18.4.86.30,172.21.0.30 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
diff --git a/server/fedora/config/etc/ssh/sshd_config b/server/fedora/config/etc/ssh/sshd_config
index daa53e2c..19221641 100644
--- a/server/fedora/config/etc/ssh/sshd_config
+++ b/server/fedora/config/etc/ssh/sshd_config
@@ -15,9 +15,15 @@ X11Forwarding no
 Banner /etc/issue.net
 Subsystem sftp /usr/libexec/openssh/sftp-server
 LogLevel VERBOSE
+MaxStartups 50:30:500
 
 # See trac #23
 HostbasedAuthentication yes
 IgnoreRhosts yes
 IgnoreUserKnownHosts yes
 DenyUsers root@old-faithful.mit.edu root@better-mousetrap.mit.edu root@bees-knees.mit.edu root@cats-whiskers.mit.edu root@pancake-bunny.mit.edu root@busy-beaver.mit.edu root@real-mccoy.mit.edu root@whole-enchilada.mit.edu root@shining-armor.mit.edu root@golden-egg.mit.edu root@miracle-cure.mit.edu root@lucky-star.mit.edu
+
+# Must come last because F20 sshd doesn't support "Match All"
+Match LocalAddress 18.4.86.43,18.4.86.50,18.4.86.46,18.4.86.29
+AllowAgentForwarding no
+AllowTcpForwarding no
diff --git a/server/fedora/config/etc/sysconfig/iptables b/server/fedora/config/etc/sysconfig/iptables
index 5e3d7e99..5267d44d 100644
--- a/server/fedora/config/etc/sysconfig/iptables
+++ b/server/fedora/config/etc/sysconfig/iptables
@@ -4,6 +4,12 @@
 :OUTPUT ACCEPT [0:0]
 :log-smtp - [0:0]
 -A INPUT -p udp -m udp --dport 161 ! -s 18.0.0.0/8 -j REJECT
+-A INPUT -m dscp --dscp 1 -j MARK --set-mark 1
+-A INPUT -m dscp --dscp 2 -j MARK --set-mark 2
+-A INPUT -m dscp --dscp 3 -j MARK --set-mark 3
+-A INPUT -m dscp --dscp 11 -j MARK --set-mark 11
+-A INPUT -m dscp --dscp 12 -j MARK --set-mark 12
+-A INPUT -m dscp --dscp 13 -j MARK --set-mark 13
 -A OUTPUT -p tcp -m tcp --dport 25 --syn -j log-smtp
 -A log-smtp -m owner --uid-owner postfix -j RETURN
 -A log-smtp -m owner --uid-owner nrpe -o lo -d 127.0.0.1 -j RETURN
@@ -14,4 +20,6 @@
 # 18.9.28.100=outgoing.mit.edu
 -A log-smtp -d 18.9.28.100 -j RETURN
 -A log-smtp -j REJECT --reject-with icmp-admin-prohibited
+-A OUTPUT -d 192.42.116.41 -j LOG --log-prefix "Eitest sinkhole " --log-uid
+-A OUTPUT -d 216.218.185.162 -j LOG --log-prefix "matsnu sinkhole " --log-uid
 COMMIT
diff --git a/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:0 b/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:0
deleted file mode 100644
index df8c23ae..00000000
--- a/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:0
+++ /dev/null
@@ -1,5 +0,0 @@
-DEVICE=lo:0
-IPADDR=18.181.0.46
-NETMASK=255.255.255.255
-NETWORK=18.181.0.0
-ONBOOT=yes
diff --git a/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:1 b/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:1
deleted file mode 100644
index 577f9fa8..00000000
--- a/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:1
+++ /dev/null
@@ -1,5 +0,0 @@
-DEVICE=lo:1
-IPADDR=18.181.0.50
-NETMASK=255.255.255.255
-NETWORK=18.181.0.0
-ONBOOT=yes
diff --git a/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:2 b/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:2
deleted file mode 100644
index beee4e38..00000000
--- a/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:2
+++ /dev/null
@@ -1,5 +0,0 @@
-DEVICE=lo:2
-IPADDR=18.181.0.49
-NETMASK=255.255.255.255
-NETWORK=18.181.0.0
-ONBOOT=yes
diff --git a/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:3 b/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:3
deleted file mode 100644
index 940b9119..00000000
--- a/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:3
+++ /dev/null
@@ -1,5 +0,0 @@
-DEVICE=lo:3
-IPADDR=18.181.0.43
-NETMASK=255.255.255.255
-NETWORK=18.181.0.0
-ONBOOT=yes
diff --git a/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:4 b/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:4
deleted file mode 100644
index b792628e..00000000
--- a/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:4
+++ /dev/null
@@ -1,5 +0,0 @@
-DEVICE=lo:4
-IPADDR=18.181.0.29
-NETMASK=255.255.255.255
-NETWORK=18.181.0.0
-ONBOOT=yes
diff --git a/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:5 b/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:5
new file mode 100644
index 00000000..5f9c7302
--- /dev/null
+++ b/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:5
@@ -0,0 +1,5 @@
+DEVICE=lo:5
+IPADDR=18.4.86.46
+NETMASK=255.255.255.255
+NETWORK=18.4.86.0
+ONBOOT=yes
diff --git a/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:6 b/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:6
new file mode 100644
index 00000000..06f75d2e
--- /dev/null
+++ b/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:6
@@ -0,0 +1,5 @@
+DEVICE=lo:6
+IPADDR=18.4.86.50
+NETMASK=255.255.255.255
+NETWORK=18.4.86.0
+ONBOOT=yes
diff --git a/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:7 b/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:7
new file mode 100644
index 00000000..bcf5795a
--- /dev/null
+++ b/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:7
@@ -0,0 +1,5 @@
+DEVICE=lo:7
+IPADDR=18.4.86.43
+NETMASK=255.255.255.255
+NETWORK=18.4.86.0
+ONBOOT=yes
diff --git a/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:8 b/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:8
new file mode 100644
index 00000000..83ae62a6
--- /dev/null
+++ b/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:8
@@ -0,0 +1,5 @@
+DEVICE=lo:8
+IPADDR=18.4.86.29
+NETMASK=255.255.255.255
+NETWORK=18.4.86.0
+ONBOOT=yes
diff --git a/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:9 b/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:9
new file mode 100644
index 00000000..9e384b25
--- /dev/null
+++ b/server/fedora/config/etc/sysconfig/network-scripts/ifcfg-lo:9
@@ -0,0 +1,5 @@
+DEVICE=lo:9
+IPADDR=18.4.86.22
+NETMASK=255.255.255.255
+NETWORK=18.4.86.0
+ONBOOT=yes
diff --git a/server/fedora/config/etc/sysconfig/network-scripts/route-vlan181 b/server/fedora/config/etc/sysconfig/network-scripts/route-vlan181
deleted file mode 100644
index 5fa63419..00000000
--- a/server/fedora/config/etc/sysconfig/network-scripts/route-vlan181
+++ /dev/null
@@ -1,2 +0,0 @@
-default via 18.181.0.1 metric 1
-default table 181 via 18.181.0.1
diff --git a/server/fedora/config/etc/sysconfig/network-scripts/route-vlan461 b/server/fedora/config/etc/sysconfig/network-scripts/route-vlan461
index 8e1b55af..6dcbd9ee 100644
--- a/server/fedora/config/etc/sysconfig/network-scripts/route-vlan461
+++ b/server/fedora/config/etc/sysconfig/network-scripts/route-vlan461
@@ -1,17 +1,15 @@
-18.181.0.47 via 172.21.0.47
-18.181.0.55 via 172.21.0.55
-18.181.0.56 via 172.21.0.56
-18.181.0.52 via 172.21.0.52
-18.181.0.57 via 172.21.0.57
-18.181.0.53 via 172.21.0.53
-18.181.0.167 via 172.21.0.167
-18.181.0.228 via 172.21.0.228
-18.181.0.236 via 172.21.0.236
-18.181.0.237 via 172.21.0.237
-18.181.0.234 via 172.21.0.234
-18.181.0.235 via 172.21.0.235
-18.181.0.135 via 172.21.0.135
-18.181.0.141 via 172.21.0.141
-18.181.0.199 via 172.21.0.199
-18.181.0.203 via 172.21.0.203
-18.181.0.204 via 172.21.0.204
\ No newline at end of file
+18.4.60.52 via 172.21.0.52 dev vlan461
+18.4.60.199 via 172.21.0.199 dev vlan461
+18.4.60.200 via 172.21.0.200 dev vlan461
+18.4.86.57 via 172.21.0.57 dev vlan461
+18.4.86.53 via 172.21.0.53 dev vlan461
+18.4.86.167 via 172.21.0.167 dev vlan461
+18.4.86.228 via 172.21.0.228 dev vlan461
+18.4.86.236 via 172.21.0.236 dev vlan461
+18.4.86.237 via 172.21.0.237 dev vlan461
+18.4.86.234 via 172.21.0.234 dev vlan461
+18.4.86.235 via 172.21.0.235 dev vlan461
+18.4.86.135 via 172.21.0.135 dev vlan461
+18.4.86.141 via 172.21.0.141 dev vlan461
+18.4.86.203 via 172.21.0.203 dev vlan461
+18.4.86.204 via 172.21.0.204 dev vlan461
diff --git a/server/fedora/config/etc/sysconfig/network-scripts/route-vlan486 b/server/fedora/config/etc/sysconfig/network-scripts/route-vlan486
index d82804b5..c29e8739 100644
--- a/server/fedora/config/etc/sysconfig/network-scripts/route-vlan486
+++ b/server/fedora/config/etc/sysconfig/network-scripts/route-vlan486
@@ -1,2 +1,6 @@
-default via 18.4.86.1 metric 2
-default table 486 via 18.4.86.1
+default via 18.4.86.23 dev vlan486 table 1
+default via 18.4.86.24 dev vlan486 table 2
+default via 18.4.86.25 dev vlan486 table 3
+default via 18.4.86.187 dev vlan486 table 11
+default via 18.4.86.192 dev vlan486 table 12
+default via 18.4.86.194 dev vlan486 table 13
diff --git a/server/fedora/config/etc/sysconfig/network-scripts/rule-vlan181 b/server/fedora/config/etc/sysconfig/network-scripts/rule-vlan181
deleted file mode 100644
index 8d3ff405..00000000
--- a/server/fedora/config/etc/sysconfig/network-scripts/rule-vlan181
+++ /dev/null
@@ -1 +0,0 @@
-from 18.181.0.0/16 lookup 181
diff --git a/server/fedora/config/etc/sysconfig/network-scripts/rule-vlan486 b/server/fedora/config/etc/sysconfig/network-scripts/rule-vlan486
index 3a9f707b..bc27b353 100644
--- a/server/fedora/config/etc/sysconfig/network-scripts/rule-vlan486
+++ b/server/fedora/config/etc/sysconfig/network-scripts/rule-vlan486
@@ -1 +1,6 @@
-from 18.4.86.0/24 lookup 486
+fwmark 1 lookup 1
+fwmark 2 lookup 2
+fwmark 3 lookup 3
+fwmark 11 lookup 11
+fwmark 12 lookup 12
+fwmark 13 lookup 13
diff --git a/server/fedora/config/etc/sysconfig/spamass-milter b/server/fedora/config/etc/sysconfig/spamass-milter
new file mode 100644
index 00000000..a35fe384
--- /dev/null
+++ b/server/fedora/config/etc/sysconfig/spamass-milter
@@ -0,0 +1,13 @@
+### Override for your different local config if necessary
+#SOCKET=/run/spamass-milter/spamass-milter.sock
+
+### You may add configuration parameters here, see spamass-milter(1)
+###
+### Note that the -x option for expanding aliases and virtusertable entries
+### only works if spamass-milter is run as root; you will need to use
+### spamass-milter-root.service instead of spamass-milter.service if you
+### wish to do this but otherwise it's best to run as the unprivileged user
+### sa-milt by using the normal spamass-milter.service
+#EXTRA_FLAGS="-m -r 15"
+
+EXTRA_FLAGS="-m -r -1 -- --socket=/run/spamd.socket"
diff --git a/server/fedora/config/etc/sysconfig/spamassassin b/server/fedora/config/etc/sysconfig/spamassassin
new file mode 100644
index 00000000..df366ac4
--- /dev/null
+++ b/server/fedora/config/etc/sysconfig/spamassassin
@@ -0,0 +1,3 @@
+# Options to spamd
+#SPAMDOPTIONS="-c -m5 -H"
+SPAMDOPTIONS="--username=sa-milt --groupname=sa-milt --nouser-config --socketpath=/run/spamd.socket --socketowner=sa-milt --socketgroup=sa-milt --socketmode=0600"
diff --git a/server/fedora/config/etc/sysctl.conf b/server/fedora/config/etc/sysctl.conf
index c8d601c7..01a3dc49 100644
--- a/server/fedora/config/etc/sysctl.conf
+++ b/server/fedora/config/etc/sysctl.conf
@@ -1,6 +1,7 @@
 net.ipv4.ip_forward = 1
 net.ipv4.conf.all.rp_filter = 2
 net.ipv4.conf.default.accept_source_route = 0
+net.ipv4.tcp_fwmark_accept = 1
 kernel.panic = 5
 kernel.panic_on_oops = 1
 kernel.sysrq = 1
diff --git a/server/fedora/config/etc/syslog-ng/d_zroot.pl b/server/fedora/config/etc/syslog-ng/d_zroot.pl
index dec99985..4285e7e6 100755
--- a/server/fedora/config/etc/syslog-ng/d_zroot.pl
+++ b/server/fedora/config/etc/syslog-ng/d_zroot.pl
@@ -114,9 +114,10 @@ ($)
 	} elsif ($message =~ m|^Invalid user|) {
 	} elsif ($message =~ m|^input_userauth_request: invalid user|) {
 	} elsif ($message =~ m|^Received disconnect from|) {
+	} elsif ($message =~ m|^Did not receive identification string from|) {
 	} elsif ($message =~ m|^Postponed keyboard-interactive|) {
 	} elsif ($message =~ m|^Failed keyboard-interactive/pam|) {
-	} elsif ($message =~ m|^fatal: Read from socket failed: Connection reset by peer$|) {
+	} elsif ($message =~ m|^fatal: Read from socket failed: Connection reset by peer|) {
 	} elsif ($message =~ m|^reverse mapping checking getaddrinfo|) {
 	} elsif ($message =~ m|^pam_succeed_if\(sshd\:auth\)\:|) {
 	} elsif ($message =~ m|^error: PAM: Authentication failure|) {
diff --git a/server/fedora/config/usr/vice/etc/CellServDB.local b/server/fedora/config/usr/vice/etc/CellServDB.local
index 45dd76e8..0bf0dfe6 100644
--- a/server/fedora/config/usr/vice/etc/CellServDB.local
+++ b/server/fedora/config/usr/vice/etc/CellServDB.local
@@ -7,9 +7,9 @@
 18.9.48.15                      #moby.mit.edu
 18.9.48.16                      #springer.mit.edu
 >sipb.mit.edu           #MIT/SIPB cell
-18.181.0.19                     #reynelda.mit.edu
-18.181.0.22                     #rosebud.mit.edu
-18.181.0.23                     #ronald-ann.mit.edu
+18.4.60.19                      #reynelda.mit.edu
+18.4.60.22                      #rosebud.mit.edu
+18.4.60.23                      #ronald-ann.mit.edu
 >grand.central.org      #GCO Public CellServDB 14 Mar 2017
 18.9.48.14                      #grand.mit.edu
 128.2.13.219                    #grand-old-opry.central.org