Add bastion and certificate jails.

ansible/roles/public_dns/files/master.db

@@ -71,3 +71,4 @@ _caldavs._tcp IN SRV 0 1 443 caldav.fastmail.com
 home     IN A     68.197.252.22
 opstunnel IN CNAME home.fizz.buzz.
 stream IN CNAME home.fizz.buzz.
+stuff IN CNAME home.fizz.buzz.

ansible/roles/public_dns/tasks/freebsd.yaml

@@ -110,6 +110,10 @@
   command: pdnsutil add-meta fizz.buzz ALLOW-DNSUPDATE-FROM 10.215.1.0/24
   when: '"10.215.1.0/24" not in allowdnsupdatefrom.stdout'
 
+- name: Allow IP addresses
+  command: pdnsutil add-meta fizz.buzz ALLOW-DNSUPDATE-FROM 68.197.252.15/32
+  when: '"68.197.252.15/32" not in allowdnsupdatefrom.stdout'
+
 - name: Allow AXFR from the externaldns tsig key
   command: pdnsutil add-meta fizz.buzz TSIG-ALLOW-AXFR externaldns
   when: '"externaldns" not in tsigaxfr.stdout'