// Publish CAA records indicating that only letsencrypt should issue certificates
- CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
+ CAA_BUILDER({
+ label: "@",
+ ttl: "1h",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ ],
+ }),
+
+ // Delegate SPF policy to the main domain
+
+ SPF_BUILDER({
+ label: "@",
+ ttl: "1h",
+ parts: [
+ "v=spf1",
+ "include:openstreetmap.org", // main openstreetmap.org spf record
+ "-all"
+ ]
+ }),
// Main web server and it's aliases
A("old", RIDLEY_IPV4, TTL("10m")),
A("www", RIDLEY_IPV4, TTL("10m"))
-);
+);
\ No newline at end of file
// Publish CAA records indicating that only letsencrypt should issue certificates
- CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
+ CAA_BUILDER({
+ label: "@",
+ ttl: "1h",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ ],
+ }),
// Let the main domain handle the email
// Delegate SPF policy to the main domain
- TXT("@", "v=spf1 include:openstreetmap.org -all"),
+ SPF_BUILDER({
+ label: "@",
+ ttl: "1h",
+ parts: [
+ "v=spf1",
+ "include:openstreetmap.org", // main openstreetmap.org spf record
+ "-all"
+ ]
+ }),
// Delegate MTA-STS policy to the main domain
// Publish CAA records indicating that only letsencrypt should issue certificates
- CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
+ CAA_BUILDER({
+ label: "@",
+ ttl: "1h",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ ],
+ }),
// Let the main domain handle the email
// Delegate SPF policy to the main domain
- TXT("@", "v=spf1 include:openstreetmap.org -all"),
+ SPF_BUILDER({
+ label: "@",
+ ttl: "1h",
+ parts: [
+ "v=spf1",
+ "include:openstreetmap.org", // main openstreetmap.org spf record
+ "-all"
+ ]
+ }),
// Delegate MTA-STS policy to the main domain
// Publish CAA records indicating that only letsencrypt and globalsign (Fastly) should issue certificates
- CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "issue", "globalsign.com", CF_TTL_ANY),
- CAA("@", "issuewild", "globalsign.com", CF_TTL_ANY),
- CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
+ CAA_BUILDER({
+ label: "@",
+ ttl: "1h",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ "globalsign.com", // Used by Fastly for CDN certificates
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ "globalsign.com", // Used by Fastly for CDN certificates
+ ],
+ }),
// Use shenron as the MX host
// Publish SPF records indicating that only shenron sends mail
- TXT("@", "v=spf1 ip4:212.110.172.32 ip6:2001:41c9:1:400::32 mx -all"),
- TXT("otrs", "v=spf1 ip4:212.110.172.32 ip6:2001:41c9:1:400::32 mx -all"),
+ SPF_BUILDER({
+ label: "@",
+ ttl: "1h",
+ parts: [
+ "v=spf1",
+ "ip4:212.110.172.32", // shenron ipv4
+ "ip6:2001:41c9:1:400::32", // shenron ipv6
+ "mx", // safety net if we change mx
+ "-all"
+ ]
+ }),
+
+ SPF_BUILDER({
+ label: "otrs",
+ ttl: "1h",
+ parts: [
+ "v=spf1",
+ "ip4:212.110.172.32", // shenron ipv4
+ "ip6:2001:41c9:1:400::32", // shenron ipv6
+ "mx", // safety net if we change mx
+ "-all"
+ ]
+ }),
// Publish DKIM public key
TXT("_mta-sts", "v=STSv1; id=202001291805Z"),
TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:postmaster@openstreetmap.org"),
-
+
// Fastly cert domain ownership confirmation
TXT("@", "_globalsign-domain-verification=ps00GlW1BzY9c2_cwH_pFqRkvzZyaCVZ-3RLssRG6S"),
CNAME("a.tile", "dualstack.osff2.map.fastly.net.", TTL("10m")),
CNAME("b.tile", "dualstack.osff2.map.fastly.net.", TTL("10m")),
CNAME("c.tile", "dualstack.osff2.map.fastly.net.", TTL("10m")),
-
+
// Services machine
A("ironbelly", IRONBELLY_IPV4),
// Donation site
- A("donate", RIDLEY_IPV4, TTL("10m")),
+ A("donate", RIDLEY_IPV4),
// Uptime site at StatusCake
// Publish CAA records indicating that only letsencrypt should issue certificates
- CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
+ CAA_BUILDER({
+ label: "@",
+ ttl: "1h",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ ],
+ }),
// Main web server and it's aliases
- A("@", "138.201.190.130"),
- AAAA("@", "2a01:4f8:1c17:6433::1"),
- A("www", "138.201.190.130"),
- AAAA("www", "2a01:4f8:1c17:6433::1")
+ A("@", "138.201.190.130", TTL("10m")),
+ AAAA("@", "2a01:4f8:1c17:6433::1", TTL("10m")),
+ A("www", "138.201.190.130", TTL("10m")),
+ AAAA("www", "2a01:4f8:1c17:6433::1", TTL("10m"))
);
// Publish CAA records indicating that only letsencrypt should issue certificates
- CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
+ CAA_BUILDER({
+ label: "@",
+ ttl: "1h",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ ],
+ }),
// Let google handle email
// SPF policy
- TXT("@", "v=spf1 ip4:212.110.172.32 ip6:2001:41c9:1:400::32 a mx include:_spf.google.com -all"),
+ SPF_BUILDER({
+ label: "@",
+ ttl: "1h",
+ parts: [
+ "v=spf1",
+ "include:_spf.google.com", // Google GSuite
+ "ip4:212.110.172.32", // shenron ipv4
+ "ip6:2001:41c9:1:400::32", // shenron ipv6
+ "-all"
+ ]
+ }),
// DKIM keys
// Publish CAA records indicating that only letsencrypt should issue certificates
- CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
+ CAA_BUILDER({
+ label: "@",
+ ttl: "1h",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ ],
+ }),
// Let openstreetmap.at handle email
// Publish CAA records indicating that only letsencrypt should issue certificates
- CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
+ CAA_BUILDER({
+ label: "@",
+ ttl: "1h",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ ],
+ }),
+
+ // SPF policy
+
+ SPF_BUILDER({
+ label: "@",
+ ttl: "1h",
+ parts: [
+ "v=spf1",
+ "include:_spf.google.com", // Google GSuite
+ "ip4:212.110.172.32", // shenron ipv4
+ "ip6:2001:41c9:1:400::32", // shenron ipv6
+ "-all"
+ ]
+ }),
// Let google handle email
A("2010", RIDLEY_IPV4, TTL("10m")),
A("2009", RIDLEY_IPV4, TTL("10m")),
A("2008", RIDLEY_IPV4, TTL("10m")),
- A("2007", RIDLEY_IPV4, TTL("10m")),
-
- // Video conferencing server
-
- A("talk", "95.217.113.173")
+ A("2007", RIDLEY_IPV4, TTL("10m"))
);
// Publish CAA records indicating that only letsencrypt should issue certificates
- CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
+ CAA_BUILDER({
+ label: "@",
+ ttl: "1h",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ ],
+ }),
+
+ // Delegate SPF policy to the main domain
+
+ SPF_BUILDER({
+ label: "@",
+ ttl: "1h",
+ parts: [
+ "v=spf1",
+ "include:openstreetmap.org", // main openstreetmap.org spf record
+ "-all"
+ ]
+ }),
// Main web server and it's aliases
projects / dns.git / commitdiff