src/openstreetmap.js

   1 D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
   2
   3   // Include OSM standard CAA records
   4   OSM_CAA,
   5
   6   // Mail service
   7
   8   MX("@", 10, QUALIFY("a.mx")),
   9   MX("messages", 10, QUALIFY("a.mx")),
  10   MX("noreply", 10, QUALIFY("a.mx")),
  11   MX("otrs", 10, QUALIFY("a.mx")),
  12   MX("community", 10, QUALIFY("a.mx")),
  13   MX("supporting", 10, QUALIFY("a.mx")),
  14
  15   A("a.mx", IPV4["fafnir"]),
  16   AAAA("a.mx", IPV6["fafnir"]),
  17   A("mail", IPV4["fafnir"]),
  18   AAAA("mail", IPV6["fafnir"]),
  19   A("mta-sts", IPV4["fafnir"]),
  20   AAAA("mta-sts", IPV6["fafnir"]),
  21
  22   // Publish SPF records indicating that only shenron sends mail
  23
  24   SPF_BUILDER({
  25     label: "@",
  26     parts: [
  27       "v=spf1",
  28       "ip4:184.104.226.98",         // fafnir ipv4 (he.net)
  29       "ip6:2001:470:1:b3b::2",      // fafnir ipv6 (he.net)
  30       "ip4:87.252.214.98",          // fafnir ipv4 (equinix)
  31       "ip6:2001:4d78:fe03:1c::2",   // fafnir ipv6 (equinix)
  32       "ip4:193.60.236.0/24",        // ucl external
  33       "ip4:82.199.86.96/27",        // amsterdam external (equinix)
  34       "ip6:2001:4d78:500:5e3::/64", // amsterdam external (equinix)
  35       "ip4:87.252.214.96/27",       // dublin external (equinix)
  36       "ip6:2001:4d78:fe03:1c::/64", // dublin external (equinix)
  37       "ip4:184.104.179.128/27",     // amsterdam external (he.net)
  38       "ip6:2001:470:1:fa1::/64",    // amsterdam external (he.net)
  39       "ip4:184.104.226.96/27",      // dublin external (he.net)
  40       "ip6:2001:470:1:b3b::/64",    // dublin external (he.net)
  41       "mx",                         // safety net if we change mx
  42       "-all"
  43     ]
  44   }),
  45
  46   SPF_BUILDER({
  47     label: "messages",
  48     parts: [
  49       "v=spf1",
  50       "include:openstreetmap.org",  // main openstreetmap.org spf record
  51       "-all"
  52     ]
  53   }),
  54
  55   SPF_BUILDER({
  56     label: "noreply",
  57     parts: [
  58       "v=spf1",
  59       "include:openstreetmap.org",  // main openstreetmap.org spf record
  60       "-all"
  61     ]
  62   }),
  63
  64   SPF_BUILDER({
  65     label: "otrs",
  66     parts: [
  67       "v=spf1",
  68       "include:openstreetmap.org",  // main openstreetmap.org spf record
  69       "-all"
  70     ]
  71   }),
  72
  73   SPF_BUILDER({
  74     label: "community",
  75     parts: [
  76       "v=spf1",
  77       "include:openstreetmap.org",  // main openstreetmap.org spf record
  78       "-all"
  79     ]
  80   }),
  81
  82   SPF_BUILDER({
  83     label: "supporting",
  84     parts: [
  85       "v=spf1",
  86       "include:openstreetmap.org",  // main openstreetmap.org spf record
  87       "-all"
  88     ]
  89   }),
  90
  91   // Publish DKIM public key
  92
  93   TXT("20200301._domainkey", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvoNZVOGfw1V4A171hxHMhzVTAnIUQVJ8iX3wbqCld8A5iIaXeTGYvBmewymax/cYJS4QqzbpUzkgrrTA9avuZhd+QGJDgjADgx4VyMOaOS6FwAxS0uXtLrt+lsixRDx/feKyZHaxjzJAQy46ok77xXL4UXIaaovw6G6eZpIScMzZQ2zkKNJxTICzzSOduIilHhMWte4XP+/2PdRmD7Ge9jb0U4bZjswX0AqKSGzDKYw+yxVna9l53adeCnklqg2ofoXu+ResiH+kt05aCUOMo8en3em6yBnRCMalgi1E3Tt7I5BWcYFRkT/8agUGW4gGC6XMV9IskOsYL0emG0kGwIDAQAB", AUTOSPLIT),
  94
  95   // Publish DMARC report-only policy
  96
  97   DMARC_BUILDER({
  98     policy: "none",
  99     rua: [
 100       "mailto:openstreetmap-d@dmarc.report-uri.com"
 101     ],
 102     failureOptions: 1
 103   }),
 104
 105   // Announce MTA-STS policy and TLSRPT policy for error reports
 106
 107   TXT("_mta-sts", "v=STSv1; id=202001291805Z"),
 108   TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:openstreetmap-d@tlsrpt.report-uri.com"),
 109
 110   // Fastly cert domain ownership confirmation
 111
 112   TXT("@", "_globalsign-domain-verification=ps00GlW1BzY9c2_cwH_pFqRkvzZyaCVZ-3RLssRG6S"),
 113   TXT("@", "_globalsign-domain-verification=W0buKB5ZmL-VwwHw2oQyQImk3I1q3hSemf2qmB1hjP"),
 114
 115   // Facebook Business domain verification
 116
 117   TXT("@", "facebook-domain-verification=j5hix5i8r0kortfugqf2p9wx9x9by0"),
 118
 119   // Bluesky domain verification
 120
 121   TXT("_atproto", "did=did:plc:i6llv7iwybeipknl57v4dalb"),
 122   TXT("_atproto.operations", "did=did:plc:eikdzxaxo3gjyebugkn6za5w"),
 123
 124   // Delegate MTA-STS policy for subdomains
 125
 126   CNAME("_mta-sts.messages", QUALIFY("_mta-sts")),
 127   CNAME("_mta-sts.noreply", QUALIFY("_mta-sts")),
 128   CNAME("_mta-sts.otrs", QUALIFY("_mta-sts")),
 129   CNAME("_mta-sts.community", QUALIFY("_mta-sts")),
 130   CNAME("_mta-sts.supporting", QUALIFY("_mta-sts")),
 131
 132   // Google postmaster tools verification
 133
 134   CNAME("af323lytato5", "gv-o4v3qh5pfayqex.dv.googlehosted.com."),
 135   CNAME("irzdddnmh465", "gv-cwr6bvt7xsgact.dv.googlehosted.com."),
 136
 137   // Main web servers and their aliases
 138
 139   osm_web_service("@", [ "spike-06",
 140                          "spike-07",
 141                          "spike-08"
 142                        ], { cfproxy: false }),
 143
 144   osm_web_service("www", [ "spike-06",
 145                            "spike-07",
 146                            "spike-08"
 147                          ], { cfproxy: false }),
 148
 149   osm_web_service("api", [ "spike-06",
 150                            "spike-07",
 151                            "spike-08"
 152                          ], { cfproxy: false }),
 153
 154   osm_web_service("maps", [ "spike-06",
 155                             "spike-07",
 156                             "spike-08"
 157                           ], { cfproxy: false }),
 158
 159   osm_web_service("mapz", [ "spike-06",
 160                             "spike-07",
 161                              "spike-08"
 162                           ], { cfproxy: false }),
 163
 164   // Nominatim servers
 165
 166   CNAME("nominatim", "nominatim.geo.openstreetmap.org."),
 167   CNAME("qgis.nominatim", "nominatim.geo.openstreetmap.org."),
 168   CNAME("qa-tile.nominatim", "longma.openstreetmap.org."),
 169
 170   // Tile servers
 171
 172   CNAME("tile", "dualstack.n.sni.global.fastly.net."),
 173   CNAME("a.tile", "dualstack.n.sni.global.fastly.net."),
 174   CNAME("b.tile", "dualstack.n.sni.global.fastly.net."),
 175   CNAME("c.tile", "dualstack.n.sni.global.fastly.net."),
 176
 177   osm_web_service("render", [ "culebre",
 178                               "nidhogg"
 179                             ]),
 180
 181   // Vector tile servers
 182
 183   CNAME("vector", "dualstack.n.sni.global.fastly.net."),
 184
 185   // Planet servers
 186
 187   A("backup", IPV4["norbert"]),
 188   AAAA("backup", IPV6["norbert"]),
 189   // A("backup", IPV4["horntail"]),
 190   // AAAA("backup", IPV6["horntail"]),
 191
 192   osm_web_service("planet", "norbert"),
 193   // osm_web_service("planet", "horntail"),
 194
 195   // Development server with wildcard alias for user sites
 196
 197   osm_web_service("dev", "faffy"),
 198   osm_web_service("*.dev", "faffy"),
 199
 200   osm_web_service("ooc", "faffy"),
 201   osm_web_service("a.ooc", "faffy"),
 202   osm_web_service("b.ooc", "faffy"),
 203   osm_web_service("c.ooc", "faffy"),
 204
 205   osm_web_service("npe", "faffy"),
 206
 207   // Foundation server
 208
 209   osm_web_service("blog", "ridley"),
 210   osm_web_service("foundation", "ridley"),
 211
 212   // Matomo server
 213
 214   osm_web_service("matomo", "smaug"),
 215   osm_web_service("piwik", "smaug"),
 216
 217   // Imagery servers
 218
 219   osm_web_service("agri", "lockheed"),
 220   osm_web_service("a.agri", "lockheed"),
 221   osm_web_service("b.agri", "lockheed"),
 222   osm_web_service("c.agri", "lockheed"),
 223
 224   osm_web_service("act-imagery", "lockheed"),
 225   osm_web_service("a.act-imagery", "lockheed"),
 226   osm_web_service("b.act-imagery", "lockheed"),
 227   osm_web_service("c.act-imagery", "lockheed"),
 228
 229   osm_web_service("au-vic-melbourne-imagery", "lockheed"),
 230   osm_web_service("a.au-vic-melbourne-imagery", "lockheed"),
 231   osm_web_service("b.au-vic-melbourne-imagery", "lockheed"),
 232   osm_web_service("c.au-vic-melbourne-imagery", "lockheed"),
 233
 234   osm_web_service("os", "lockheed"),
 235   osm_web_service("a.os", "lockheed"),
 236   osm_web_service("b.os", "lockheed"),
 237   osm_web_service("c.os", "lockheed"),
 238
 239   osm_web_service("tiler", "lockheed"),
 240
 241   osm_web_service("us-imagery", "lockheed"),
 242   osm_web_service("a.us-imagery", "lockheed"),
 243   osm_web_service("b.us-imagery", "lockheed"),
 244   osm_web_service("c.us-imagery", "lockheed"),
 245
 246   osm_web_service("bg-imagery", "lockheed"),
 247   osm_web_service("a.bg-imagery", "lockheed"),
 248   osm_web_service("b.bg-imagery", "lockheed"),
 249   osm_web_service("c.bg-imagery", "lockheed"),
 250
 251   osm_web_service("br-imagery", "lockheed"),
 252   osm_web_service("a.br-imagery", "lockheed"),
 253   osm_web_service("b.br-imagery", "lockheed"),
 254   osm_web_service("c.br-imagery", "lockheed"),
 255
 256   // Prometheus server and munin redirect
 257
 258   osm_web_service("prometheus", "stormfly-03"),
 259   osm_web_service("munin", "stormfly-03"),
 260
 261   // Management server
 262
 263   osm_web_service("acme", "idris"),
 264   osm_web_service("apt", "idris"),
 265   osm_web_service("chef", "idris"),
 266   osm_web_service("dns", "idris"),
 267   osm_web_service("git", "idris"),
 268   osm_web_service("hardware", "idris"),
 269
 270   // Bytemark machine, and the services which operate from it
 271
 272   osm_web_service("lists", "shenron"),
 273
 274   // Naga services
 275
 276   osm_web_service("svn", "naga"),
 277   osm_web_service("trac", "naga"),
 278   osm_web_service("irc", "naga"),
 279   osm_web_service("blogs", "naga"),
 280   osm_web_service("welcome", "naga"),
 281   osm_web_service("operations", "naga"),
 282   osm_web_service("hot", "naga"),
 283   osm_web_service("dmca", "naga"),
 284   osm_web_service("otrs", "naga", { h1: true, h2: false }), // OTRS is not available using HTTPS/2
 285   osm_web_service("birthday20", "naga"),
 286   osm_web_service("help", "naga"),
 287
 288   // Wiki servers
 289
 290   osm_web_service("wiki", "konqi"),
 291   osm_web_service("test.wiki", "muirdris"),
 292
 293   // Overpass server
 294
 295   osm_web_service("query", "grisu"),
 296
 297   // Spyglass server
 298
 299   osm_web_service("spyglass", "grisu"),
 300
 301   // GPS tile server
 302
 303   osm_web_service("gps-tile", "muirdris"),
 304   osm_web_service("a.gps-tile", "muirdris"),
 305   osm_web_service("b.gps-tile", "muirdris"),
 306   osm_web_service("c.gps-tile", "muirdris"),
 307   osm_web_service("gps.tile", "muirdris"),
 308   osm_web_service("gps-a.tile", "muirdris"),
 309   osm_web_service("gps-b.tile", "muirdris"),
 310   osm_web_service("gps-c.tile", "muirdris"),
 311
 312   // Donation site and new OSMF crm site
 313
 314   osm_web_service("donate", "ridley"),
 315   osm_web_service("support", "ridley"),
 316   osm_web_service("supporting", "ridley"),
 317
 318   osm_web_service("test.civicrm", "muirdris"),
 319
 320   // Discourse server ("community")
 321
 322   osm_web_service("community", "fume"),
 323   osm_web_service("communities", "fume"),
 324   osm_web_service("c", "fume"),
 325   osm_web_service("forum", "fume"),
 326
 327   CNAME("community-cdn", "dualstack.n.sni.global.fastly.net."),
 328   TXT("community", "google-site-verification=hQ8GZyj4KwnPqAX2oAzpbLrh6I5dfR08PSdL3icVkfg"),
 329
 330   // Taginfo and Staging Blog Server
 331
 332   osm_web_service("taginfo", "tabaluga"),
 333
 334   // Staging Blog Server
 335
 336   osm_web_service("staging.blog", "tabaluga"),
 337
 338   // Awards (external - Ilya Zverev)
 339   ALIAS("awards", "awards.osmz.ee."),
 340
 341 );