src/openstreetmap.js

   1 D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
   2
   3   // Include OSM standard CAA records
   4   OSM_CAA,
   5
   6   // Mail service
   7
   8   MX("@", 10, QUALIFY("a.mx")),
   9   MX("messages", 10, QUALIFY("a.mx")),
  10   MX("noreply", 10, QUALIFY("a.mx")),
  11   MX("otrs", 10, QUALIFY("a.mx")),
  12   MX("community", 10, QUALIFY("a.mx")),
  13   MX("supporting", 10, QUALIFY("a.mx")),
  14
  15   A("a.mx", IPV4["fafnir"]),
  16   AAAA("a.mx", IPV6["fafnir"]),
  17   A("mail", IPV4["fafnir"]),
  18   AAAA("mail", IPV6["fafnir"]),
  19   A("mta-sts", IPV4["fafnir"]),
  20   AAAA("mta-sts", IPV6["fafnir"]),
  21
  22   // Publish SPF records indicating that only shenron sends mail
  23
  24   SPF_BUILDER({
  25     label: "@",
  26     parts: [
  27       "v=spf1",
  28       "ip4:184.104.226.98",         // fafnir ipv4 (he.net)
  29       "ip6:2001:470:1:b3b::2",      // fafnir ipv6 (he.net)
  30       "ip4:87.252.214.98",          // fafnir ipv4 (equinix)
  31       "ip6:2001:4d78:fe03:1c::2",   // fafnir ipv6 (equinix)
  32       "ip4:193.60.236.0/24",        // ucl external
  33       "ip4:82.199.86.96/27",        // amsterdam external (equinix)
  34       "ip6:2001:4d78:500:5e3::/64", // amsterdam external (equinix)
  35       "ip4:87.252.214.96/27",       // dublin external (equinix)
  36       "ip6:2001:4d78:fe03:1c::/64", // dublin external (equinix)
  37       "ip4:184.104.179.128/27",     // amsterdam external (he.net)
  38       "ip6:2001:470:1:fa1::/64",    // amsterdam external (he.net)
  39       "ip4:184.104.226.96/27",      // dublin external (he.net)
  40       "ip6:2001:470:1:b3b::/64",    // dublin external (he.net)
  41       "mx",                         // safety net if we change mx
  42       "-all"
  43     ]
  44   }),
  45
  46   SPF_BUILDER({
  47     label: "messages",
  48     parts: [
  49       "v=spf1",
  50       "include:openstreetmap.org",  // main openstreetmap.org spf record
  51       "-all"
  52     ]
  53   }),
  54
  55   SPF_BUILDER({
  56     label: "noreply",
  57     parts: [
  58       "v=spf1",
  59       "include:openstreetmap.org",  // main openstreetmap.org spf record
  60       "-all"
  61     ]
  62   }),
  63
  64   SPF_BUILDER({
  65     label: "otrs",
  66     parts: [
  67       "v=spf1",
  68       "include:openstreetmap.org",  // main openstreetmap.org spf record
  69       "-all"
  70     ]
  71   }),
  72
  73   SPF_BUILDER({
  74     label: "community",
  75     parts: [
  76       "v=spf1",
  77       "include:openstreetmap.org",  // main openstreetmap.org spf record
  78       "-all"
  79     ]
  80   }),
  81
  82   SPF_BUILDER({
  83     label: "supporting",
  84     parts: [
  85       "v=spf1",
  86       "include:openstreetmap.org",  // main openstreetmap.org spf record
  87       "-all"
  88     ]
  89   }),
  90
  91   // Publish DKIM public key
  92
  93   TXT("20200301._domainkey", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvoNZVOGfw1V4A171hxHMhzVTAnIUQVJ8iX3wbqCld8A5iIaXeTGYvBmewymax/cYJS4QqzbpUzkgrrTA9avuZhd+QGJDgjADgx4VyMOaOS6FwAxS0uXtLrt+lsixRDx/feKyZHaxjzJAQy46ok77xXL4UXIaaovw6G6eZpIScMzZQ2zkKNJxTICzzSOduIilHhMWte4XP+/2PdRmD7Ge9jb0U4bZjswX0AqKSGzDKYw+yxVna9l53adeCnklqg2ofoXu+ResiH+kt05aCUOMo8en3em6yBnRCMalgi1E3Tt7I5BWcYFRkT/8agUGW4gGC6XMV9IskOsYL0emG0kGwIDAQAB", AUTOSPLIT),
  94
  95   // Publish DMARC report-only policy
  96
  97   DMARC_BUILDER({
  98     policy: "none",
  99     rua: [
 100       "mailto:openstreetmap-d@dmarc.report-uri.com"
 101     ],
 102     failureOptions: 1
 103   }),
 104
 105   // Announce MTA-STS policy and TLSRPT policy for error reports
 106
 107   TXT("_mta-sts", "v=STSv1; id=202001291805Z"),
 108   TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:openstreetmap-d@tlsrpt.report-uri.com"),
 109
 110   // Fastly cert domain ownership confirmation
 111
 112   TXT("@", "_globalsign-domain-verification=ps00GlW1BzY9c2_cwH_pFqRkvzZyaCVZ-3RLssRG6S"),
 113   TXT("@", "_globalsign-domain-verification=W0buKB5ZmL-VwwHw2oQyQImk3I1q3hSemf2qmB1hjP"),
 114
 115   // Facebook Business domain verification
 116
 117   TXT("@", "facebook-domain-verification=j5hix5i8r0kortfugqf2p9wx9x9by0"),
 118
 119   // Bluesky domain verification
 120
 121   TXT("_atproto", "did=did:plc:i6llv7iwybeipknl57v4dalb"),
 122   TXT("_atproto.operations", "did=did:plc:eikdzxaxo3gjyebugkn6za5w"),
 123
 124   // Delegate MTA-STS policy for subdomains
 125
 126   CNAME("_mta-sts.messages", QUALIFY("_mta-sts")),
 127   CNAME("_mta-sts.noreply", QUALIFY("_mta-sts")),
 128   CNAME("_mta-sts.otrs", QUALIFY("_mta-sts")),
 129   CNAME("_mta-sts.community", QUALIFY("_mta-sts")),
 130   CNAME("_mta-sts.supporting", QUALIFY("_mta-sts")),
 131
 132   // Google postmaster tools verification
 133
 134   CNAME("af323lytato5", "gv-o4v3qh5pfayqex.dv.googlehosted.com."),
 135   CNAME("irzdddnmh465", "gv-cwr6bvt7xsgact.dv.googlehosted.com."),
 136
 137   // Main web servers and their aliases
 138
 139   osm_web_service("@", [ "spike-06",
 140                          "spike-07",
 141                          "spike-08"
 142                        ], { cfproxy: false }),
 143
 144   osm_web_service("www", [ "spike-06",
 145                            "spike-07",
 146                            "spike-08"
 147                          ], { cfproxy: false }),
 148
 149   osm_web_service("api", [ "spike-06",
 150                            "spike-07",
 151                            "spike-08"
 152                          ], { cfproxy: false }),
 153
 154   osm_web_service("maps", [ "spike-06",
 155                             "spike-07",
 156                             "spike-08"
 157                           ], { cfproxy: false }),
 158
 159   osm_web_service("mapz", [ "spike-06",
 160                             "spike-07",
 161                              "spike-08"
 162                           ], { cfproxy: false }),
 163
 164   // Fastly CDN aliases for main web servers
 165   // ALIAS("@", "dualstack.m.sni.global.fastly.net."),
 166   // CNAME("www", "dualstack.m.sni.global.fastly.net."),
 167   // CNAME("api", "dualstack.m.sni.global.fastly.net."),
 168   // CNAME("maps", "dualstack.m.sni.global.fastly.net."),
 169   // CNAME("mapz", "dualstack.m.sni.global.fastly.net."),
 170
 171   // Nominatim servers
 172
 173   CNAME("nominatim", "nominatim.geo.openstreetmap.org."),
 174   CNAME("qgis.nominatim", "nominatim.geo.openstreetmap.org."),
 175   CNAME("qa-tile.nominatim", "longma.openstreetmap.org."),
 176
 177   // Tile servers
 178
 179   CNAME("tile", "dualstack.n.sni.global.fastly.net."),
 180   CNAME("a.tile", "dualstack.n.sni.global.fastly.net."),
 181   CNAME("b.tile", "dualstack.n.sni.global.fastly.net."),
 182   CNAME("c.tile", "dualstack.n.sni.global.fastly.net."),
 183
 184   osm_web_service("render", [ "culebre",
 185                               "nidhogg"
 186                             ]),
 187
 188   // Vector tile servers
 189
 190   CNAME("vector", "dualstack.n.sni.global.fastly.net."),
 191
 192   // Planet servers
 193
 194   A("backup", IPV4["norbert"]),
 195   AAAA("backup", IPV6["norbert"]),
 196   // A("backup", IPV4["horntail"]),
 197   // AAAA("backup", IPV6["horntail"]),
 198
 199   osm_web_service("planet", "norbert"),
 200   // osm_web_service("planet", "horntail"),
 201
 202   // Development server with wildcard alias for user sites
 203
 204   osm_web_service("dev", "faffy"),
 205   osm_web_service("*.dev", "faffy"),
 206
 207   osm_web_service("ooc", "faffy"),
 208   osm_web_service("a.ooc", "faffy"),
 209   osm_web_service("b.ooc", "faffy"),
 210   osm_web_service("c.ooc", "faffy"),
 211
 212   osm_web_service("npe", "faffy"),
 213
 214   // Foundation server
 215
 216   osm_web_service("blog", "ridley"),
 217   ALIAS("foundation", "www.osmfoundation.org."),
 218
 219   // Matomo server
 220
 221   osm_web_service("matomo", "smaug"),
 222   osm_web_service("piwik", "smaug"),
 223
 224   // Imagery servers
 225
 226   osm_web_service("agri", "lockheed"),
 227   osm_web_service("a.agri", "lockheed"),
 228   osm_web_service("b.agri", "lockheed"),
 229   osm_web_service("c.agri", "lockheed"),
 230
 231   osm_web_service("act-imagery", "lockheed"),
 232   osm_web_service("a.act-imagery", "lockheed"),
 233   osm_web_service("b.act-imagery", "lockheed"),
 234   osm_web_service("c.act-imagery", "lockheed"),
 235
 236   osm_web_service("au-vic-melbourne-imagery", "lockheed"),
 237   osm_web_service("a.au-vic-melbourne-imagery", "lockheed"),
 238   osm_web_service("b.au-vic-melbourne-imagery", "lockheed"),
 239   osm_web_service("c.au-vic-melbourne-imagery", "lockheed"),
 240
 241   osm_web_service("os", "lockheed"),
 242   osm_web_service("a.os", "lockheed"),
 243   osm_web_service("b.os", "lockheed"),
 244   osm_web_service("c.os", "lockheed"),
 245
 246   osm_web_service("tiler", "lockheed"),
 247
 248   osm_web_service("us-imagery", "lockheed"),
 249   osm_web_service("a.us-imagery", "lockheed"),
 250   osm_web_service("b.us-imagery", "lockheed"),
 251   osm_web_service("c.us-imagery", "lockheed"),
 252
 253   osm_web_service("bg-imagery", "lockheed"),
 254   osm_web_service("a.bg-imagery", "lockheed"),
 255   osm_web_service("b.bg-imagery", "lockheed"),
 256   osm_web_service("c.bg-imagery", "lockheed"),
 257
 258   osm_web_service("br-imagery", "lockheed"),
 259   osm_web_service("a.br-imagery", "lockheed"),
 260   osm_web_service("b.br-imagery", "lockheed"),
 261   osm_web_service("c.br-imagery", "lockheed"),
 262
 263   // Prometheus server and munin redirect
 264
 265   osm_web_service("prometheus", "stormfly-03"),
 266   osm_web_service("munin", "stormfly-03"),
 267
 268   // Management server
 269
 270   osm_web_service("acme", "idris"),
 271   osm_web_service("apt", "idris"),
 272   osm_web_service("chef", "idris"),
 273   osm_web_service("dns", "idris"),
 274   osm_web_service("git", "idris"),
 275   osm_web_service("hardware", "idris"),
 276
 277   // Bytemark machine, and the services which operate from it
 278
 279   osm_web_service("lists", "shenron"),
 280
 281   // Naga services
 282
 283   osm_web_service("svn", "naga"),
 284   osm_web_service("trac", "naga"),
 285   osm_web_service("irc", "naga"),
 286   osm_web_service("blogs", "naga"),
 287   osm_web_service("welcome", "naga"),
 288   osm_web_service("operations", "naga"),
 289   osm_web_service("hot", "naga"),
 290   osm_web_service("dmca", "naga"),
 291   osm_web_service("otrs", "naga", { h1: true, h2: false }), // OTRS is not available using HTTPS/2
 292   osm_web_service("birthday20", "naga"),
 293   osm_web_service("help", "naga"),
 294
 295   // Wiki servers
 296
 297   osm_web_service("wiki", "konqi"),
 298   osm_web_service("test.wiki", "muirdris"),
 299
 300   // Overpass server
 301
 302   osm_web_service("query", "grisu"),
 303
 304   // Spyglass server
 305
 306   osm_web_service("spyglass", "grisu"),
 307
 308   // GPS tile server
 309
 310   osm_web_service("gps-tile", "muirdris"),
 311   osm_web_service("a.gps-tile", "muirdris"),
 312   osm_web_service("b.gps-tile", "muirdris"),
 313   osm_web_service("c.gps-tile", "muirdris"),
 314   osm_web_service("gps.tile", "muirdris"),
 315   osm_web_service("gps-a.tile", "muirdris"),
 316   osm_web_service("gps-b.tile", "muirdris"),
 317   osm_web_service("gps-c.tile", "muirdris"),
 318
 319   // Donation site and new OSMF crm site
 320
 321   osm_web_service("donate", "ridley"),
 322   osm_web_service("support", "ridley"),
 323   osm_web_service("supporting", "ridley"),
 324
 325   osm_web_service("test.civicrm", "muirdris"),
 326
 327   // Discourse server ("community")
 328
 329   osm_web_service("community", "fume"),
 330   osm_web_service("communities", "fume"),
 331   osm_web_service("c", "fume"),
 332   osm_web_service("forum", "fume"),
 333
 334   CNAME("community-cdn", "dualstack.n.sni.global.fastly.net."),
 335   TXT("community", "google-site-verification=hQ8GZyj4KwnPqAX2oAzpbLrh6I5dfR08PSdL3icVkfg"),
 336
 337   // Taginfo and Staging Blog Server
 338
 339   osm_web_service("taginfo", "tabaluga"),
 340
 341   // Staging Blog Server
 342
 343   osm_web_service("staging.blog", "tabaluga"),
 344
 345   // Awards (external - Ilya Zverev)
 346   ALIAS("awards", "awards.osmz.ee."),
 347
 348 );