steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Install dependencies
run: |
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN arch=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) \
- && curl -fsSL https://github.com/StackExchange/dnscontrol/releases/download/v3.22.0/dnscontrol-3.22.0.${arch}.deb -o /tmp/dnscontrol.deb \
+ && curl -fsSL https://github.com/StackExchange/dnscontrol/releases/download/v4.1.0/dnscontrol-4.1.0.${arch}.deb -o /tmp/dnscontrol.deb \
&& apt install /tmp/dnscontrol.deb -y
WORKDIR /dns
push @servers, $server;
}
}
- else
+ elsif ($cluster->{requests} > 0)
{
my $server = {
cluster => $cluster,
push @servers, $server;
}
+ else
+ {
+ $cluster->{servers} = [];
+ }
$cluster->{name} = $name;
$cluster->{status} = "down";
}
}
+# Abort if no servers at all are up
+exit 0 unless grep { $_->{status} eq "up" } values(%$clusters);
+
# Create target origins object
my $targetorigins = {};
my $cluster = $clusters->{$name};
my $used = int($cluster->{requests_used} + 0.5);
my $limit = $cluster->{requests_limit};
- my $proportion = int($used / $limit * 100 + 0.5);
+
+ if ($limit > 0)
+ {
+ my $proportion = int($used / $limit * 100 + 0.5);
- print "${name}: used ${used} of ${limit} (${proportion}%)\n";
+ print "${name}: used ${used} of ${limit} (${proportion}%)\n";
+ }
+ else
+ {
+ print "${name}: used ${used} of ${limit}\n";
+ }
}
# Create JSON collection object
OPENSTREETMAP("openstreetmap.tv", REG_GANDI);
OPENSTREETMAP("openstreetmap.wales", REG_GANDI);
OPENSTREETMAP("openstreetmapdata.org", REG_GANDI);
+
// Disable due to registration issue
// OPENSTREETMAP("openstreetmap.al", REG_NONE);
+// Mastodon redirects to en.osm.town
+var OPENSTREETMAP_TOWN = loadTemplate("openstreetmap-town");
+OPENSTREETMAP_TOWN("openstreetmap.town", REG_GANDI);
+
+// Domain owned by Amanda McCann
+// osm.town
+
+// Managed independently by Guillaume Rischard
+// openstreetmap.lu
+// osm.lu
+
var OSM_LI = loadTemplate("osm-li");
OSM_LI("osm.li", REG_GANDI);
STATEOFTHEMAP("stateofthemap.com", REG_GANDI);
STATEOFTHEMAP("sotm.org", REG_GANDI);
+// The domain is registation is managed by FOSSGIS.de
+var STATEOFTHEMAP_EU = loadTemplate("stateofthemap-eu");
+STATEOFTHEMAP_EU("stateofthemap.eu", REG_NONE);
-// Domain Owner Issue / Registration Issues - Disable for the moment. 31 May 2021
-// var STATEOFTHEMAP_EU = loadTemplate("stateofthemap-eu");
-// STATEOFTHEMAP_EU("stateofthemap.eu", REG_GANDI);
+// State of the Map Madagascar
+var OPENSTREETMAP_MG = loadTemplate("openstreetmap-mg");
+OPENSTREETMAP_MG("openstreetmap.mg", REG_GANDI);
var OPENGEODATA = loadTemplate("opengeodata");
OPENGEODATA("opengeodata.org", REG_GANDI);
IDEDITOR("ideditor.com", REG_GANDI);
+var OSMWIKI = loadTemplate("osm-wiki");
+OSMWIKI("osm.wiki", REG_GANDI);
+
+var PTR_EQUINIX_AMS_IPV4 = loadTemplate("ptr_equinix_ams_ipv4");
+
+PTR_EQUINIX_AMS_IPV4("128-27.179.104.184.in-addr.arpa", REG_NONE);
+
+var PTR_EQUINIX_AMS_IPV6 = loadTemplate("ptr_equinix_ams_ipv6");
+
+PTR_EQUINIX_AMS_IPV6(REV("2001:470:1:fa1::/64"), REG_NONE);
+
var PTR_EQUINIX_DUB_IPV4 = loadTemplate("ptr_equinix_dub_ipv4");
PTR_EQUINIX_DUB_IPV4("96-27.226.104.184.in-addr.arpa", REG_NONE);
var PTR_EQUINIX_DUB_IPV6 = loadTemplate("ptr_equinix_dub_ipv6");
PTR_EQUINIX_DUB_IPV6(REV("2001:470:1:b3b::/64"), REG_NONE);
+
+// No immediate plans
+// External DNS and hosting still up
+// freethepostcode.org
+
+// External DNS and hosting
+// openstreetmap.cymru
var BOWSER_IPV4 = "138.44.68.106";
-var CLIFFORD_IPV4 = "193.60.236.11";
-var CLIFFORD_INTERNAL = "10.0.0.17";
-var CLIFFORD_OOB = "10.0.1.17";
-
var CULEBRE_IPV4 = "184.104.226.105";
var CULEBRE_IPV6 = "2001:470:1:b3b::9";
var CULEBRE_INTERNAL = "10.0.64.9";
var CULEBRE_OOB = "10.0.65.9";
-var DRACO_IPV4 = "193.60.236.12";
-var DRACO_INTERNAL = "10.0.0.11";
-var DRACO_OOB = "10.0.1.11";
-
-var DRIBBLE_IPV4 = "130.117.76.4";
-var DRIBBLE_IPV6 = "2001:978:2:2c::172:4";
+var DRIBBLE_IPV4 = "184.104.179.132";
+var DRIBBLE_IPV6 = "2001:470:1:fa1::4";
var DRIBBLE_INTERNAL = "10.0.48.4";
var DRIBBLE_OOB = "10.0.49.4";
-var DROGON_IPV4 = "161.53.30.107";
-var DROGON_IPV6 = "2001:b68:c0ff:0:221:5eff:fe40:c7c4";
-
-var DULCY_IPV4 = "130.117.76.9";
-var DULCY_IPV6 = "2001:978:2:2c::172:9";
+var DULCY_IPV4 = "184.104.179.137";
+var DULCY_IPV6 = "2001:470:1:fa1::9";
var DULCY_INTERNAL = "10.0.48.9";
var DULCY_OOB = "10.0.49.9";
var EDDIE_INTERNAL = "10.0.0.10";
var EDDIE_OOB = "10.0.1.10";
-var FAFFY_IPV4 = "130.117.76.3";
-var FAFFY_IPV6 = "2001:978:2:2c::172:3";
+var FAFFY_IPV4 = "184.104.179.131";
+var FAFFY_IPV6 = "2001:470:1:fa1::3";
var FAFFY_INTERNAL = "10.0.48.3";
var FAFFY_OOB = "10.0.49.3";
var FAFNIR_INTERNAL = "10.0.64.2";
var FAFNIR_OOB = "10.0.65.2";
-var FIRNEN_IPV4 = "188.241.28.82";
-
-var GORWEN_IPV4 = "184.104.226.107";
-var GORWEN_IPV6 = "2001:470:1:b3b::b";
-var GORWEN_INTERNAL = "10.0.64.11";
-var GORWEN_OOB = "10.0.65.11";
+var FUME_IPV4 = "184.104.226.112";
+var FUME_IPV6 = "2001:470:1:b3b::10";
+var FUME_INTERNAL = "10.0.64.16";
+var FUME_OOB = "10.0.65.16";
-var GORYNYCH_IPV4 = "5.45.248.21";
-var GORYNYCH_IPV6 = "2a02:6b8:b010:5065::a001";
+var GRISU_IPV4 = "184.104.226.113";
+var GRISU_IPV6 = "2001:470:1:b3b::11";
+var GRISU_INTERNAL = "10.0.64.17";
+var GRISU_OOB = "10.0.65.17";
-var GRINDTOOTH_IPV4 = "193.60.236.15";
-var GRINDTOOTH_INTERNAL = "10.0.0.19";
-var GRINDTOOTH_OOB = "10.0.1.19";
+var HORNTAIL_IPV4 = "184.104.226.106";
+var HORNTAIL_IPV6 = "2001:470:1:b3b::a";
+var HORNTAIL_INTERNAL = "10.0.64.10";
+var HORNTAIL_OOB = "10.0.65.10";
var IDRIS_IPV4 = "184.104.226.102";
var IDRIS_IPV6 = "2001:470:1:b3b::6";
var IDRIS_INTERNAL = "10.0.64.6";
var IDRIS_OOB = "10.0.65.6";
-var IRONBELLY_IPV4 = "130.117.76.10";
-var IRONBELLY_IPV6 = "2001:978:2:2c::172:a";
+var IRONBELLY_IPV4 = "184.104.179.138";
+var IRONBELLY_IPV6 = "2001:470:1:fa1::a";
var IRONBELLY_INTERNAL = "10.0.48.10";
var IRONBELLY_OOB = "10.0.49.10";
-var HORNTAIL_IPV4 = "184.104.226.106";
-var HORNTAIL_IPV6 = "2001:470:1:b3b::a";
-var HORNTAIL_INTERNAL = "10.0.64.10";
-var HORNTAIL_OOB = "10.0.65.10";
-
var JAKELONG_IPV4 = "184.104.226.108";
var JAKELONG_IPV6 = "2001:470:1:b3b::c";
var JAKELONG_INTERNAL = "10.0.64.12";
var NECROSAN_IPV4 = "45.85.134.91";
var NECROSAN_IPV6 = "2a05:46c0:100:1004:ffff:ffff:ffff:ffff";
-var NEPOMUK_IPV4 = "77.95.65.39";
-var NEPOMUK_IPV6 = "2a03:9180:0:100::7";
-
var NIDHOGG_IPV4 = "194.71.11.111";
var NIDHOGG_IPV6 = "2001:6b0:19:2::111";
var NIDHOGG_OOB = "130.239.18.115";
-var NOQUIKLOS_IPV4 = "193.60.236.16";
-var NOQUIKLOS_INTERNAL = "10.0.0.13";
-var NOQUIKLOS_OOB = "10.0.1.13";
-
-var NORBERT_IPV4 = "130.117.76.17";
-var NORBERT_IPV6 = "2001:978:2:2c::172:11";
+var NORBERT_IPV4 = "184.104.179.145";
+var NORBERT_IPV6 = "2001:470:1:fa1::11";
var NORBERT_INTERNAL = "10.0.48.17";
var NORBERT_OOB = "10.0.49.17";
-var ODIN_IPV4 = "130.117.76.15";
-var ODIN_IPV6 = "2001:978:2:2c::172:f";
+var ODIN_IPV4 = "184.104.179.143";
+var ODIN_IPV6 = "2001:470:1:fa1::f";
var ODIN_INTERNAL = "10.0.48.15";
var ODIN_OOB = "10.0.49.15";
var PALULUKON_IPV4 = "3.144.0.72";
+var PIASA_IPV4 = "140.211.167.101";
+var PIASA_IPV6 = "2605:bc80:3010:700::8cd3:a765";
+var PIASA_OOB = "10.0.0.198";
+
var PDU1AMS_INTERNAL = "10.0.48.100";
var PDU2AMS_INTERNAL = "10.0.48.101";
var PDU2DUB_INTERNAL = "10.0.64.101";
-var PUMMELZACKEN_IPV4 = "193.60.236.18";
-var PUMMELZACKEN_INTERNAL = "10.0.0.20";
-var PUMMELZACKEN_OOB = "10.0.1.20";
-
-var PYRENE_IPV4 = "140.211.167.98";
-var PYRENE_IPV6 = "2605:bc80:3010:700::8cd3:a762";
-var PYRENE_OOB = "10.0.0.40";
-
var RHAEGAL_IPV4 = "161.53.248.77";
var RIDGEBACK_IPV4 = "31.169.50.10";
var RIDLEY_INTERNAL = "10.0.0.3";
var RIDLEY_OOB = "10.0.1.3";
-var SAPHIRA_IPV4 = "185.73.44.30";
-var SAPHIRA_IPV6 = "2001:ba8:0:2c1e::";
-
-var SAREL_IPV4 = "193.60.236.20";
-var SAREL_INTERNAL = "10.0.0.12";
-var SAREL_OOB = "10.0.1.12";
-
var SCORCH_IPV4 = "176.31.235.79";
var SCORCH_IPV6 = "2001:41d0:2:fc4f::1";
var SPIKE03_INTERNAL = "10.0.64.5";
var SPIKE03_OOB = "10.0.65.5";
-var SPIKE06_IPV4 = "130.117.76.11";
-var SPIKE06_IPV6 = "2001:978:2:2c::172:b";
+var SPIKE06_IPV4 = "184.104.179.139";
+var SPIKE06_IPV6 = "2001:470:1:fa1::b";
var SPIKE06_INTERNAL = "10.0.48.11";
var SPIKE06_OOB = "10.0.49.11";
-var SPIKE07_IPV4 = "130.117.76.12";
-var SPIKE07_IPV6 = "2001:978:2:2c::172:c";
+var SPIKE07_IPV4 = "184.104.179.140";
+var SPIKE07_IPV6 = "2001:470:1:fa1::c";
var SPIKE07_INTERNAL = "10.0.48.12";
var SPIKE07_OOB = "10.0.49.12";
-var SPIKE08_IPV4 = "130.117.76.13";
-var SPIKE08_IPV6 = "2001:978:2:2c::172:d";
+var SPIKE08_IPV4 = "184.104.179.141";
+var SPIKE08_IPV6 = "2001:470:1:fa1::d";
var SPIKE08_INTERNAL = "10.0.48.13";
var SPIKE08_OOB = "10.0.49.13";
var STORMFLY04_IPV6 = "2605:bc80:3010:700::8cd3:a764";
var STORMFLY04_OOB = "10.0.0.3";
-var SWITCH1AMS_IPV4 = "130.117.76.2";
-var SWITCH1AMS_IPV6 = "2001:978:2:2c::172:2";
+var SWITCH1AMS_IPV4 = "184.104.179.129";
+var SWITCH1AMS_IPV6 = "2001:470:1:fa1::1";
var SWITCH1DUB_IPV4 = "184.104.226.97";
var SWITCH1DUB_IPV6 = "2001:470:1:b3b::1";
-var TABALUGA_IPV4 = "130.117.76.14";
-var TABALUGA_IPV6 = "2001:978:2:2c::172:e";
-var TABALUGA_INTERNAL = "10.0.48.14";
-var TABALUGA_OOB = "10.0.49.14";
-
-var TOOTHLESS_IPV4 = "185.73.44.167";
-var TOOTHLESS_IPV6 = "2001:ba8:0:2ca7::";
-
-var TROGDOR_IPV4 = "134.90.146.26";
-var TROGDOR_OOB = "134.90.146.30";
-
-var TAKHISIS_IPV4 = "31.3.110.20";
-var TAKHISIS_IPV6 = "2a03:7900:111:0:31:3:110:20";
-
-var VHAGAR_IPV4 = "130.117.76.5";
-var VHAGAR_IPV6 = "2001:978:2:2c::172:5";
+var VHAGAR_IPV4 = "184.104.179.133";
+var VHAGAR_IPV6 = "2001:470:1:fa1::5";
var VHAGAR_INTERNAL = "10.0.48.5";
var VHAGAR_OOB = "10.0.49.5";
-var VISERION_IPV4 = "193.198.233.211";
-var VISERION_IPV6 = "2001:b68:4cff:3::3";
-
var YSERA_IPV4 = "193.60.236.22";
var YSERA_INTERNAL = "10.0.0.15";
var YSERA_OOB = "10.0.1.15";
ALIAS("@", "openstreetmap.github.io."),
CNAME("www", "openstreetmap.github.io."),
- A("preview", RIDLEY_IPV4)
+ A("preview", NAGA_IPV4),
+ AAAA("preview", NAGA_IPV6)
);
-dulcy:
- lat: 52.33724625
- lon: 4.93370796776345
- statuscake:
- - 2217359
- - 2217360
+europe:
+ lat: 52.8746661
+ lon: -0.7088728262458915
colour: "#7fc97f"
- requests: 300
- ipv4: 130.117.76.9
- ipv6: 2001:978:2:2c::172:9
- default: "xx"
-
-longma:
- lat: 53.41208595
- lon: -6.351453620255233
- statuscake:
- - 6224536
- - 6224537
- colour: "#beaed4"
- requests: 1500
- ipv4: 184.104.226.109
- ipv6: 2001:470:1:b3b::d
+ servers:
+ - statuscake:
+ - 2217359
+ - 2217360
+ requests: 300
+ name: dulcy
+ ipv4: 184.104.179.137
+ ipv6: 2001:470:1:fa1::9
+ - statuscake:
+ - 6224536
+ - 6224537
+ requests: 1500
+ name: longma
+ ipv4: 184.104.226.109
+ ipv6: 2001:470:1:b3b::d
+ - statuscake:
+ - 6726828
+ - 6726827
+ requests: 1500
+ name: vhagar
+ ipv4: 184.104.179.133
+ ipv6: 2001:470:1:fa1::5
default: "xx"
stormfly-04:
- 5769055
- 5769056
colour: "#fdc086"
- requests: 800
+ requests: 400
ipv4: 140.211.167.100
ipv6: 2605:bc80:3010:700::8cd3:a764
default: "xx"
-
-vhagar:
- lat: 52.33724625
- lon: 4.93370796776345
- statuscake:
- - 6726828
- - 6726827
- colour: "#ffff99"
- requests: 1500
- ipv4: 130.117.76.5
- ipv6: 2001:978:2:2c::172:5
- default: "xx"
// Main web server and it's aliases
- A("@", RIDLEY_IPV4, TTL("10m")),
- A("old", RIDLEY_IPV4, TTL("10m")),
- A("www", RIDLEY_IPV4, TTL("10m"))
+ A("@", RIDLEY_IPV4),
+ A("old", RIDLEY_IPV4), // Legacy URL support https://blog.openstreetmap.org/2010/02/25/old-opengeodata-posts-now-up-at-old-opengeodata-org/
+ A("www", RIDLEY_IPV4)
);
\ No newline at end of file
--- /dev/null
+D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
+
+ // Publish CAA records indicating that only letsencrypt should issue certificates
+
+ CAA_BUILDER({
+ label: "@",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ ],
+ }),
+
+ // Block email delivery
+
+ TXT("_dmarc", "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;"),
+ TXT("*._domainkey", "v=DKIM1; p="),
+ TXT("@", "v=spf1 -all"),
+
+ // Site hosted on github pages
+
+ ALIAS("@", "openstreetmap-madagascar.github.io."),
+ CNAME("www", "openstreetmap-madagascar.github.io."),
+
+ CNAME("sotm2024", "openstreetmap-madagascar.github.io.")
+
+);
\ No newline at end of file
--- /dev/null
+D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
+
+ // Publish CAA records indicating that only letsencrypt should issue certificates
+
+ CAA_BUILDER({
+ label: "@",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ ],
+ }),
+
+ // Let the main domain handle the email
+
+ MX("@", 10, "a.mx.openstreetmap.org."),
+
+ // Delegate SPF policy to the main domain
+
+ SPF_BUILDER({
+ label: "@",
+ parts: [
+ "v=spf1",
+ "include:openstreetmap.org", // main openstreetmap.org spf record
+ "-all"
+ ]
+ }),
+
+ // Delegate MTA-STS policy to the main domain
+
+ CNAME("_mta-sts", "_mta-sts.openstreetmap.org."),
+
+ // Redirect en.openstreetmap.town to en.osm.town
+
+ A("en", NAGA_IPV4),
+ AAAA("en", NAGA_IPV6)
+
+);
\ No newline at end of file
CNAME("www", "www.openstreetmap.org."),
CNAME("api", "api.openstreetmap.org."),
- // Aerial imagery sites on draco
+ // Aerial imagery sites on ironbelly
- A("aerial", DRACO_IPV4, TTL("10m")),
- A("a.aerial", DRACO_IPV4, TTL("10m")),
- A("b.aerial", DRACO_IPV4, TTL("10m")),
- A("c.aerial", DRACO_IPV4, TTL("10m")),
+ A("aerial", IRONBELLY_IPV4),
+ AAAA("aerial", IRONBELLY_IPV6),
+ A("a.aerial", IRONBELLY_IPV4),
+ AAAA("a.aerial", IRONBELLY_IPV6),
+ A("b.aerial", IRONBELLY_IPV4),
+ AAAA("b.aerial", IRONBELLY_IPV6),
+ A("c.aerial", IRONBELLY_IPV4),
+ AAAA("c.aerial", IRONBELLY_IPV6),
// Aerial imagery sites on kessie
- A("coct.aerial", KESSIE_IPV4, TTL("30m")),
- AAAA("coct.aerial", KESSIE_IPV6, TTL("30m")),
- A("a.coct.aerial", KESSIE_IPV4, TTL("30m")),
- AAAA("a.coct.aerial", KESSIE_IPV6, TTL("30m")),
- A("b.coct.aerial", KESSIE_IPV4, TTL("30m")),
- AAAA("b.coct.aerial", KESSIE_IPV6, TTL("30m")),
- A("c.coct.aerial", KESSIE_IPV4, TTL("30m")),
- AAAA("c.coct.aerial", KESSIE_IPV6, TTL("30m")),
-
- A("topo", KESSIE_IPV4, TTL("30m")),
- AAAA("topo", KESSIE_IPV6, TTL("30m")),
- A("a.topo", KESSIE_IPV4, TTL("30m")),
- AAAA("a.topo", KESSIE_IPV6, TTL("30m")),
- A("b.topo", KESSIE_IPV4, TTL("30m")),
- AAAA("b.topo", KESSIE_IPV6, TTL("30m")),
- A("c.topo", KESSIE_IPV4, TTL("30m")),
- AAAA("c.topo", KESSIE_IPV6, TTL("30m")),
-
- A("namibia-topo", KESSIE_IPV4, TTL("30m")),
- AAAA("namibia-topo", KESSIE_IPV6, TTL("30m")),
- A("a.namibia-topo", KESSIE_IPV4, TTL("30m")),
- AAAA("a.namibia-topo", KESSIE_IPV6, TTL("30m")),
- A("b.namibia-topo", KESSIE_IPV4, TTL("30m")),
- AAAA("b.namibia-topo", KESSIE_IPV6, TTL("30m")),
- A("c.namibia-topo", KESSIE_IPV4, TTL("30m")),
- AAAA("c.namibia-topo", KESSIE_IPV6, TTL("30m"))
+ A("coct.aerial", KESSIE_IPV4),
+ AAAA("coct.aerial", KESSIE_IPV6),
+ A("a.coct.aerial", KESSIE_IPV4),
+ AAAA("a.coct.aerial", KESSIE_IPV6),
+ A("b.coct.aerial", KESSIE_IPV4),
+ AAAA("b.coct.aerial", KESSIE_IPV6),
+ A("c.coct.aerial", KESSIE_IPV4),
+ AAAA("c.coct.aerial", KESSIE_IPV6),
+
+ A("topo", KESSIE_IPV4),
+ AAAA("topo", KESSIE_IPV6),
+ A("a.topo", KESSIE_IPV4),
+ AAAA("a.topo", KESSIE_IPV6),
+ A("b.topo", KESSIE_IPV4),
+ AAAA("b.topo", KESSIE_IPV6),
+ A("c.topo", KESSIE_IPV4),
+ AAAA("c.topo", KESSIE_IPV6),
+
+ A("namibia-topo", KESSIE_IPV4),
+ AAAA("namibia-topo", KESSIE_IPV6),
+ A("a.namibia-topo", KESSIE_IPV4),
+ AAAA("a.namibia-topo", KESSIE_IPV6),
+ A("b.namibia-topo", KESSIE_IPV4),
+ AAAA("b.namibia-topo", KESSIE_IPV6),
+ A("c.namibia-topo", KESSIE_IPV4),
+ AAAA("c.namibia-topo", KESSIE_IPV6)
);
MX("noreply", 10, QUALIFY("a.mx")),
MX("otrs", 10, QUALIFY("a.mx")),
MX("community", 10, QUALIFY("a.mx")),
+ MX("supporting", 10, QUALIFY("a.mx")),
+
A("a.mx", FAFNIR_IPV4),
AAAA("a.mx", FAFNIR_IPV6),
A("mail", FAFNIR_IPV4),
"ip6:2001:41c9:1:400::32", // shenron ipv6
"ip4:184.104.226.98", // fafnir ipv4
"ip6:2001:470:1:b3b::2", // fafnir ipv6
+ "ip4:193.60.236.0/24", // ucl external
+ "ip4:184.104.179.128/27", // amsterdam external
+ "ip6:2001:470:1:fa1::/64", // amsterdam external
+ "ip4:184.104.226.96/27", // dublin external
+ "ip6:2001:470:1:b3b::/64", // dublin external
"mx", // safety net if we change mx
"-all"
]
"ip6:2001:41c9:1:400::32", // shenron ipv6
"ip4:184.104.226.98", // fafnir ipv4
"ip6:2001:470:1:b3b::2", // fafnir ipv6
+ "ip4:193.60.236.0/24", // ucl external
+ "ip4:184.104.179.128/27", // amsterdam external
+ "ip6:2001:470:1:fa1::/64", // amsterdam external
+ "ip4:184.104.226.96/27", // dublin external
+ "ip6:2001:470:1:b3b::/64", // dublin external
"mx", // safety net if we change mx
"-all"
]
"ip6:2001:41c9:1:400::32", // shenron ipv6
"ip4:184.104.226.98", // fafnir ipv4
"ip6:2001:470:1:b3b::2", // fafnir ipv6
+ "ip4:193.60.236.0/24", // ucl external
+ "ip4:184.104.179.128/27", // amsterdam external
+ "ip6:2001:470:1:fa1::/64", // amsterdam external
+ "ip4:184.104.226.96/27", // dublin external
+ "ip6:2001:470:1:b3b::/64", // dublin external
"mx", // safety net if we change mx
"-all"
]
"ip6:2001:41c9:1:400::32", // shenron ipv6
"ip4:184.104.226.98", // fafnir ipv4
"ip6:2001:470:1:b3b::2", // fafnir ipv6
+ "ip4:193.60.236.0/24", // ucl external
+ "ip4:184.104.179.128/27", // amsterdam external
+ "ip6:2001:470:1:fa1::/64", // amsterdam external
+ "ip4:184.104.226.96/27", // dublin external
+ "ip6:2001:470:1:b3b::/64", // dublin external
"mx", // safety net if we change mx
"-all"
]
"ip6:2001:41c9:1:400::32", // shenron ipv6
"ip4:184.104.226.98", // fafnir ipv4
"ip6:2001:470:1:b3b::2", // fafnir ipv6
+ "ip4:193.60.236.0/24", // ucl external
+ "ip4:184.104.179.128/27", // amsterdam external
+ "ip6:2001:470:1:fa1::/64", // amsterdam external
+ "ip4:184.104.226.96/27", // dublin external
+ "ip6:2001:470:1:b3b::/64", // dublin external
+ "mx", // safety net if we change mx
+ "-all"
+ ]
+ }),
+
+ SPF_BUILDER({
+ label: "supporting",
+ parts: [
+ "v=spf1",
+ "ip4:212.110.172.32", // shenron ipv4
+ "ip6:2001:41c9:1:400::32", // shenron ipv6
+ "ip4:184.104.226.98", // fafnir ipv4
+ "ip6:2001:470:1:b3b::2", // fafnir ipv6
+ "ip4:193.60.236.0/24", // ucl external
+ "ip4:184.104.179.128/27", // amsterdam external
+ "ip6:2001:470:1:fa1::/64", // amsterdam external
+ "ip4:184.104.226.96/27", // dublin external
+ "ip6:2001:470:1:b3b::/64", // dublin external
"mx", // safety net if we change mx
"-all"
]
TXT("@", "_globalsign-domain-verification=ps00GlW1BzY9c2_cwH_pFqRkvzZyaCVZ-3RLssRG6S"),
TXT("@", "_globalsign-domain-verification=W0buKB5ZmL-VwwHw2oQyQImk3I1q3hSemf2qmB1hjP"),
+ // Facebook Business domain verification
+ TXT("@", "facebook-domain-verification=j5hix5i8r0kortfugqf2p9wx9x9by0"),
+
// Delegate MTA-STS policy for subdomains
CNAME("_mta-sts.messages", QUALIFY("_mta-sts")),
CNAME("_mta-sts.noreply", QUALIFY("_mta-sts")),
CNAME("_mta-sts.otrs", QUALIFY("_mta-sts")),
CNAME("_mta-sts.community", QUALIFY("_mta-sts")),
+ CNAME("_mta-sts.supporting", QUALIFY("_mta-sts")),
// Google postmaster tools verification
// Taginfo server
- A("grindtooth", GRINDTOOTH_IPV4),
- A("taginfo", GRINDTOOTH_IPV4, TTL("10m")),
- A("grindtooth.ucl", GRINDTOOTH_INTERNAL),
- A("grindtooth.oob", GRINDTOOTH_OOB),
+ A("dribble", DRIBBLE_IPV4),
+ A("taginfo", DRIBBLE_IPV4),
+ AAAA("dribble", DRIBBLE_IPV6),
+ AAAA("taginfo", DRIBBLE_IPV6),
+ A("dribble.ams", DRIBBLE_INTERNAL),
+ A("dribble.oob", DRIBBLE_OOB),
// Tile servers
A("palulukon", PALULUKON_IPV4),
- A("pyrene", PYRENE_IPV4),
- AAAA("pyrene", PYRENE_IPV6),
- A("pyrene.oob", PYRENE_OOB),
+ A("piasa", PIASA_IPV4),
+ AAAA("piasa", PIASA_IPV6),
+ A("piasa.oob", PIASA_OOB),
A("bowser", BOWSER_IPV4),
A("necrosan", NECROSAN_IPV4),
AAAA("necrosan", NECROSAN_IPV6),
- CNAME("tile", "dualstack.n.sni.global.fastly.net.", TTL("10m")),
- CNAME("a.tile", "dualstack.n.sni.global.fastly.net.", TTL("10m")),
- CNAME("b.tile", "dualstack.n.sni.global.fastly.net.", TTL("10m")),
- CNAME("c.tile", "dualstack.n.sni.global.fastly.net.", TTL("10m")),
+ CNAME("tile", "dualstack.n.sni.global.fastly.net."),
+ CNAME("a.tile", "dualstack.n.sni.global.fastly.net."),
+ CNAME("b.tile", "dualstack.n.sni.global.fastly.net."),
+ CNAME("c.tile", "dualstack.n.sni.global.fastly.net."),
A("render", CULEBRE_IPV4),
A("render", NIDHOGG_IPV4),
AAAA("render", CULEBRE_IPV6),
AAAA("render", NIDHOGG_IPV6),
- // Services machine
+ // Site gateways
A("ironbelly", IRONBELLY_IPV4),
AAAA("ironbelly", IRONBELLY_IPV6),
- A("backup", IRONBELLY_IPV4, TTL("10m")),
- AAAA("backup", IRONBELLY_IPV6, TTL("10m")),
- A("planet", IRONBELLY_IPV4, TTL("10m")),
- AAAA("planet", IRONBELLY_IPV6, TTL("10m")),
A("logstash", IRONBELLY_IPV4),
AAAA("logstash", IRONBELLY_IPV6),
+ A("tiler", IRONBELLY_IPV4),
+ AAAA("tiler", IRONBELLY_IPV6),
A("ironbelly.ams", IRONBELLY_INTERNAL),
A("ironbelly.oob", IRONBELLY_OOB),
- A("norbert", NORBERT_IPV4),
- AAAA("norbert", NORBERT_IPV6),
- // A("backup", NORBERT_IPV4, TTL("10m")),
- // AAAA("backup", NORBERT_IPV6, TTL("10m")),
- // A("planet", NORBERT_IPV4, TTL("10m")),
- // AAAA("planet", NORBERT_IPV6, TTL("10m")),
- A("norbert.ams", NORBERT_INTERNAL),
- A("norbert.oob", NORBERT_OOB),
-
A("fafnir", FAFNIR_IPV4),
AAAA("fafnir", FAFNIR_IPV6),
- // A("backup", FAFNIR_IPV4, TTL("10m")),
- // AAAA("backup", FAFNIR_IPV6, TTL("10m")),
- // A("planet", FAFNIR_IPV4, TTL("10m")),
- // AAAA("planet", FAFNIR_IPV6, TTL("10m")),
A("fafnir.dub", FAFNIR_INTERNAL),
A("fafnir.oob", FAFNIR_OOB),
+ // Planet servers
+
+ A("norbert", NORBERT_IPV4),
+ AAAA("norbert", NORBERT_IPV6),
+ A("backup", NORBERT_IPV4),
+ AAAA("backup", NORBERT_IPV6),
+ A("planet", NORBERT_IPV4),
+ AAAA("planet", NORBERT_IPV6),
+ A("norbert.ams", NORBERT_INTERNAL),
+ A("norbert.oob", NORBERT_OOB),
+
A("horntail", HORNTAIL_IPV4),
AAAA("horntail", HORNTAIL_IPV6),
- // A("backup", HORNTAIL_IPV4, TTL("10m")),
- // AAAA("backup", HORNTAIL_IPV6, TTL("10m")),
- // A("planet", HORNTAIL_IPV4, TTL("10m")),
- // AAAA("planet", HORNTAIL_IPV6, TTL("10m")),
+ // A("backup", HORNTAIL_IPV4),
+ // AAAA("backup", HORNTAIL_IPV6),
+ // A("planet", HORNTAIL_IPV4),
+ // AAAA("planet", HORNTAIL_IPV6),
A("horntail.dub", HORNTAIL_INTERNAL),
A("horntail.oob", HORNTAIL_OOB),
A("otrs", RIDLEY_IPV4),
A("blog", RIDLEY_IPV4),
A("foundation", RIDLEY_IPV4),
- A("hot", RIDLEY_IPV4),
- A("dmca", RIDLEY_IPV4),
A("ridley.ucl", RIDLEY_INTERNAL),
A("ridley.oob", RIDLEY_OOB),
+ A("staging.blog", FUME_IPV4),
+ AAAA("staging.blog", FUME_IPV6),
+ A("birthday20", FUME_IPV4),
+ AAAA("birthday20", FUME_IPV6),
+
// Matomo server
A("smaug", SMAUG_IPV4),
// Imagery servers
- A("draco", DRACO_IPV4),
- A("draco.ucl", DRACO_INTERNAL),
- A("draco.oob", DRACO_OOB),
-
A("kessie", KESSIE_IPV4),
AAAA("kessie", KESSIE_IPV6),
- A("agri", KESSIE_IPV4, TTL("1h")),
- AAAA("agri", KESSIE_IPV6, TTL("1h")),
- A("a.agri", KESSIE_IPV4, TTL("1h")),
- AAAA("a.agri", KESSIE_IPV6, TTL("1h")),
- A("b.agri", KESSIE_IPV4, TTL("1h")),
- AAAA("b.agri", KESSIE_IPV6, TTL("1h")),
- A("c.agri", KESSIE_IPV4, TTL("1h")),
- AAAA("c.agri", KESSIE_IPV6, TTL("1h")),
- A("os", KESSIE_IPV4, TTL("1h")),
- AAAA("os", KESSIE_IPV6, TTL("1h")),
- A("a.os", KESSIE_IPV4, TTL("1h")),
- AAAA("a.os", KESSIE_IPV6, TTL("1h")),
- A("b.os", KESSIE_IPV4, TTL("1h")),
- AAAA("b.os", KESSIE_IPV6, TTL("1h")),
- A("c.os", KESSIE_IPV4, TTL("1h")),
- AAAA("c.os", KESSIE_IPV6, TTL("1h")),
+ A("agri", KESSIE_IPV4),
+ AAAA("agri", KESSIE_IPV6),
+ A("a.agri", KESSIE_IPV4),
+ AAAA("a.agri", KESSIE_IPV6),
+ A("b.agri", KESSIE_IPV4),
+ AAAA("b.agri", KESSIE_IPV6),
+ A("c.agri", KESSIE_IPV4),
+ AAAA("c.agri", KESSIE_IPV6),
+ A("os", KESSIE_IPV4),
+ AAAA("os", KESSIE_IPV6),
+ A("a.os", KESSIE_IPV4),
+ AAAA("a.os", KESSIE_IPV6),
+ A("b.os", KESSIE_IPV4),
+ AAAA("b.os", KESSIE_IPV6),
+ A("c.os", KESSIE_IPV4),
+ AAAA("c.os", KESSIE_IPV6),
A("kessie.oob", KESSIE_OOB),
- // Prometheus server
+ // Prometheus server and munin redirect
A("stormfly-03", STORMFLY03_IPV4),
AAAA("stormfly-03", STORMFLY03_IPV6),
- A("prometheus", STORMFLY03_IPV4, TTL("10m")),
- AAAA("prometheus", STORMFLY03_IPV6, TTL("10m")),
+ A("prometheus", STORMFLY03_IPV4),
+ AAAA("prometheus", STORMFLY03_IPV6),
+ A("munin", STORMFLY03_IPV4),
+ AAAA("munin", STORMFLY03_IPV6),
A("stormfly-03.oob", STORMFLY03_OOB),
// Management server
A("idris.dub", IDRIS_INTERNAL),
A("idris.oob", IDRIS_OOB),
- // Forum server
-
- A("clifford", CLIFFORD_IPV4),
- A("forum", CLIFFORD_IPV4, TTL("10m")),
- A("clifford.ucl", CLIFFORD_INTERNAL),
- A("clifford.oob", CLIFFORD_OOB),
-
// KVMs
A("kvm1.ucl", KVM1_INTERNAL),
AAAA("irc", NAGA_IPV6),
A("blogs", NAGA_IPV4),
AAAA("blogs", NAGA_IPV6),
- A("munin", NAGA_IPV4),
- AAAA("munin", NAGA_IPV6),
+ A("welcome", NAGA_IPV4),
+ AAAA("welcome", NAGA_IPV6),
+ A("operations", NAGA_IPV4),
+ AAAA("operations", NAGA_IPV6),
+ A("hot", NAGA_IPV4),
+ AAAA("hot", NAGA_IPV6),
+ A("dmca", NAGA_IPV4),
+ AAAA("dmca", NAGA_IPV6),
+
+ A("test.otrs", NAGA_IPV4),
+ AAAA("test.otrs", NAGA_IPV6),
+
A("naga.dub", NAGA_INTERNAL),
A("naga.oob", NAGA_OOB),
// Wiki servers
- A("tabaluga", TABALUGA_IPV4),
- AAAA("tabaluga", TABALUGA_IPV6),
- A("wiki", TABALUGA_IPV4, TTL("10m")),
- AAAA("wiki", TABALUGA_IPV6, TTL("10m")),
- A("tabaluga.ams", TABALUGA_INTERNAL),
- A("tabaluga.oob", TABALUGA_OOB),
+ A("konqi", KONQI_IPV4),
+ AAAA("konqi", KONQI_IPV6),
+ A("wiki", KONQI_IPV4),
+ AAAA("wiki", KONQI_IPV6),
+ A("konqi.dub", KONQI_INTERNAL),
+ A("konqi.oob", KONQI_OOB),
// Overpass server
- A("gorwen", GORWEN_IPV4),
- AAAA("gorwen", GORWEN_IPV6),
- A("query", GORWEN_IPV4, TTL("10m")),
- AAAA("query", GORWEN_IPV6, TTL("10m")),
- A("gorwen.dub", GORWEN_INTERNAL),
- A("gorwen.oob", GORWEN_OOB),
+ A("grisu", GRISU_IPV4),
+ AAAA("grisu", GRISU_IPV6),
+ A("query", GRISU_IPV4),
+ AAAA("query", GRISU_IPV6),
+ A("grisu.dub", GRISU_INTERNAL),
+ A("grisu.oob", GRISU_OOB),
// GPS tile server
- A("noquiklos", NOQUIKLOS_IPV4),
- A("gps-tile", NOQUIKLOS_IPV4),
- A("a.gps-tile", NOQUIKLOS_IPV4),
- A("b.gps-tile", NOQUIKLOS_IPV4),
- A("c.gps-tile", NOQUIKLOS_IPV4),
- A("gps.tile", NOQUIKLOS_IPV4),
- A("gps-a.tile", NOQUIKLOS_IPV4),
- A("gps-b.tile", NOQUIKLOS_IPV4),
- A("gps-c.tile", NOQUIKLOS_IPV4),
- A("noquiklos.ucl", NOQUIKLOS_INTERNAL),
- A("noquiklos.oob", NOQUIKLOS_OOB),
-
A("muirdris", MUIRDRIS_IPV4),
AAAA("muirdris", MUIRDRIS_IPV6),
+ A("gps-tile", MUIRDRIS_IPV4),
+ AAAA("gps-tile", MUIRDRIS_IPV6),
+ A("a.gps-tile", MUIRDRIS_IPV4),
+ AAAA("a.gps-tile", MUIRDRIS_IPV6),
+ A("b.gps-tile", MUIRDRIS_IPV4),
+ AAAA("b.gps-tile", MUIRDRIS_IPV6),
+ A("c.gps-tile", MUIRDRIS_IPV4),
+ AAAA("c.gps-tile", MUIRDRIS_IPV6),
+ A("gps.tile", MUIRDRIS_IPV4),
+ AAAA("gps.tile", MUIRDRIS_IPV6),
+ A("gps-a.tile", MUIRDRIS_IPV4),
+ AAAA("gps-a.tile", MUIRDRIS_IPV6),
+ A("gps-b.tile", MUIRDRIS_IPV4),
+ AAAA("gps-b.tile", MUIRDRIS_IPV6),
+ A("gps-c.tile", MUIRDRIS_IPV4),
+ AAAA("gps-c.tile", MUIRDRIS_IPV6),
A("muirdris.dub", MUIRDRIS_INTERNAL),
A("muirdris.oob", MUIRDRIS_OOB),
// Tile cache servers
- A("gorynych", GORYNYCH_IPV4),
- AAAA("gorynych", GORYNYCH_IPV6),
- A("trogdor", TROGDOR_IPV4),
- A("trogdor.oob", TROGDOR_OOB),
A("ridgeback", RIDGEBACK_IPV4),
A("ridgeback.oob", RIDGEBACK_OOB),
- A("nepomuk", NEPOMUK_IPV4),
- AAAA("nepomuk", NEPOMUK_IPV6),
- A("viserion", VISERION_IPV4),
- AAAA("viserion", VISERION_IPV6),
- A("drogon", DROGON_IPV4),
- AAAA("drogon", DROGON_IPV6),
- A("saphira", SAPHIRA_IPV4),
- AAAA("saphira", SAPHIRA_IPV6),
- A("toothless", TOOTHLESS_IPV4),
- AAAA("toothless", TOOTHLESS_IPV6),
A("angor", ANGOR_IPV4),
- // AAAA("angor", ANGOR_IPV6),
+ AAAA("angor", ANGOR_IPV6),
A("ladon", LADON_IPV4),
AAAA("ladon", LADON_IPV6),
A("ascalon", ASCALON_IPV4),
- A("takhisis", TAKHISIS_IPV4),
- AAAA("takhisis", TAKHISIS_IPV6),
A("neak", NEAK_IPV4),
A("meraxes", MERAXES_IPV4),
AAAA("meraxes", MERAXES_IPV6),
- A("firnen", FIRNEN_IPV4),
-
- // Spare
-
- A("dribble", DRIBBLE_IPV4),
- AAAA("dribble", DRIBBLE_IPV6),
- A("dribble.ams", DRIBBLE_INTERNAL),
- A("dribble.oob", DRIBBLE_OOB),
-
- A("konqi", KONQI_IPV4),
- AAAA("konqi", KONQI_IPV6),
- A("konqi.dub", KONQI_INTERNAL),
- A("konqi.oob", KONQI_OOB),
-
- A("pummelzacken", PUMMELZACKEN_IPV4),
- A("pummelzacken.ucl", PUMMELZACKEN_INTERNAL),
- A("pummelzacken.oob", PUMMELZACKEN_OOB),
-
- A("sarel", SAREL_IPV4),
- A("sarel.ucl", SAREL_INTERNAL),
- A("sarel.oob", SAREL_OOB),
- // Temporary name for discourse fluxbb import test
- A("forum-import-test", SAREL_IPV4),
// Discourse server ("community")
AAAA("community", JAKELONG_IPV6),
AAAA("communities", JAKELONG_IPV6),
AAAA("c", JAKELONG_IPV6),
+ CNAME("community-cdn", "dualstack.n.sni.global.fastly.net."),
+ TXT("community", "google-site-verification=hQ8GZyj4KwnPqAX2oAzpbLrh6I5dfR08PSdL3icVkfg"),
+ A("forum", JAKELONG_IPV4),
+ AAAA("forum", JAKELONG_IPV6),
A("jakelong.dub", JAKELONG_INTERNAL),
A("jakelong.oob", JAKELONG_OOB),
- CNAME("community-cdn", "dualstack.n.sni.global.fastly.net."),
- // Donation site
+ // Donation site and new OSMF crm site
A("donate", RIDLEY_IPV4),
+ A("support", RIDLEY_IPV4),
+ A("supporting", RIDLEY_IPV4),
- // Uptime site at StatusCake
+ // Spare servers
- CNAME("uptime", "uptimessl-new.statuscake.com."),
+ A("fume", FUME_IPV4),
+ AAAA("fume", FUME_IPV6),
+ A("fume.dub", FUME_INTERNAL),
+ A("fume.oob", FUME_OOB),
- // Custom Domain for https://github.com/osmfoundation/welcome-mat/
+ // Uptime site at StatusCake
- CNAME("welcome", "osmfoundation.github.io."),
+ CNAME("uptime", "uptimessl-new.statuscake.com."),
// Dynamic DNS records
--- /dev/null
+D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
+
+ // Publish CAA records indicating that only letsencrypt and globalsign (Fastly) should issue certificates
+
+ CAA_BUILDER({
+ label: "@",
+ ttl: "1h",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ "globalsign.com", // Used by Fastly for CDN certificates
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ "globalsign.com", // Used by Fastly for CDN certificates
+ ],
+ }),
+
+ // Mail service
+
+ MX("@", 10, QUALIFY("a.mx")),
+
+ A("a.mx", FAFNIR_IPV4),
+ AAAA("a.mx", FAFNIR_IPV6),
+ A("mail", FAFNIR_IPV4),
+ AAAA("mail", FAFNIR_IPV6),
+ A("mta-sts", FAFNIR_IPV4),
+ AAAA("mta-sts", FAFNIR_IPV6),
+
+ // Publish SPF records indicating that only shenron sends mail
+
+ SPF_BUILDER({
+ label: "@",
+ parts: [
+ "v=spf1",
+ "ip4:212.110.172.32", // shenron ipv4
+ "ip6:2001:41c9:1:400::32", // shenron ipv6
+ "ip4:184.104.226.98", // fafnir ipv4
+ "ip6:2001:470:1:b3b::2", // fafnir ipv6
+ "ip4:193.60.236.0/24", // ucl external
+ "ip4:184.104.179.128/27", // amsterdam external
+ "ip6:2001:470:1:fa1::/64", // amsterdam external
+ "ip4:184.104.226.96/27", // dublin external
+ "ip6:2001:470:1:b3b::/64", // dublin external
+ "mx", // safety net if we change mx
+ "-all"
+ ]
+ }),
+
+ // Publish DMARC report-only policy
+
+ DMARC_BUILDER({
+ policy: "none",
+ rua: [
+ "mailto:openstreetmap-d@dmarc.report-uri.com"
+ ],
+ failureOptions: 1
+ }),
+
+ // Announce MTA-STS policy and TLSRPT policy for error reports
+
+ TXT("_mta-sts", "v=STSv1; id=202001291805Z"),
+ TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:openstreetmap-d@tlsrpt.report-uri.com"),
+
+ // Fastly cert domain ownership confirmation
+
+ TXT("@", "_globalsign-domain-verification=ps00GlW1BzY9c2_cwH_pFqRkvzZyaCVZ-3RLssRG6S"),
+ TXT("@", "_globalsign-domain-verification=W0buKB5ZmL-VwwHw2oQyQImk3I1q3hSemf2qmB1hjP"),
+
+ A("wiki", KONQI_IPV4),
+ AAAA("wiki", KONQI_IPV6),
+ A("www", KONQI_IPV4),
+ AAAA("www", KONQI_IPV6),
+ A("@", KONQI_IPV4),
+ AAAA("@", KONQI_IPV6)
+
+);
\ No newline at end of file
],
}),
- // Let google handle email
+ // Let mailbox.org handle email
- MX("@", 1, "aspmx.l.google.com.", TTL("1h")),
- MX("@", 5, "alt1.aspmx.l.google.com.", TTL("1h")),
- MX("@", 5, "alt2.aspmx.l.google.com.", TTL("1h")),
- MX("@", 10, "alt3.aspmx.l.google.com.", TTL("1h")),
- MX("@", 10, "alt4.aspmx.l.google.com.", TTL("1h")),
+ MX("@", 10, "mxext1.mailbox.org."),
+ MX("@", 10, "mxext2.mailbox.org."),
+ MX("@", 20, "mxext3.mailbox.org."),
// Handle mail for the join subdomain ourselves
label: "@",
parts: [
"v=spf1",
- "include:_spf.google.com", // Google GSuite
- "ip4:212.110.172.32", // shenron ipv4
- "ip6:2001:41c9:1:400::32", // shenron ipv6
- "ip4:184.104.226.98", // fafnir ipv4
- "ip6:2001:470:1:b3b::2", // fafnir ipv6
+ "include:mailbox.org", // mailbox.org
+ "include:_spf.google.com", // Google GSuite
+ "ip4:212.110.172.32", // shenron ipv4
+ "ip6:2001:41c9:1:400::32", // shenron ipv6
+ "ip4:184.104.226.98", // fafnir ipv4
+ "ip6:2001:470:1:b3b::2", // fafnir ipv6
+ "ip4:193.60.236.0/24", // ucl external
+ "ip4:184.104.179.128/27", // amsterdam external
+ "ip6:2001:470:1:fa1::/64", // amsterdam external
+ "ip4:184.104.226.96/27", // dublin external
+ "ip6:2001:470:1:b3b::/64", // dublin external
+ "-all"
+ ]
+ }),
+
+ SPF_BUILDER({
+ label: "wiki",
+ parts: [
+ "v=spf1",
+ "ip4:184.104.226.98", // fafnir ipv4
+ "ip6:2001:470:1:b3b::2", // fafnir ipv6
+ "ip4:193.60.236.0/24", // ucl external
+ "ip4:184.104.179.128/27", // amsterdam external
+ "ip6:2001:470:1:fa1::/64", // amsterdam external
+ "ip4:184.104.226.96/27", // dublin external
+ "ip6:2001:470:1:b3b::/64", // dublin external
"-all"
]
}),
// Apple Business Manager verification
TXT("@", "apple-domain-verification=ZzBG2msRtUDehTMW"),
+ // Mailbox.org registration verification
+ TXT("d00f46a3fde45d06c53f3cd5b21f213ea384e7f5", "4a229bebe41606a1f7d909507846729a73998c31"),
+
+ // Publish DMARC report-only policy
+
+ DMARC_BUILDER({
+ policy: "none",
+ rua: [
+ "mailto:openstreetmap-d@dmarc.report-uri.com"
+ ],
+ failureOptions: 1
+ }),
+
// DKIM keys
TXT("google._domainkey", "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJmTBAkYRCocCCNtVsdRNMlQel8kNfjPYJpjEm7woEgZh9yZeDzxImtz+u73oUF4+7bXzrNYbP946WNQIwAba1J69he8L1qfPBJLd3Z/fgmuaGdWcxpDno2EY4cQ8PrzvI6Vfm+6YAFANl8w09CIg41ykdlzH4iUJXD35k3SIl3wIDAQAB"),
TXT("20201112._domainkey", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4OyJc77mpW5djxVfZm18HcmJHQLpo7B2Z8Og8byICjDiG91Tpkv5ws3xIbMsi/tVA6p5L76uL0TGKlo4ayewYvJUTC22+hBWARUuWA0DgeMwBpW/dNUOJHBABCTouolvXLKRTPTefA177Y5jYbD7ZeJAR4ZnFbZX6spimXCT66AyhqCBSrOCXYXFm3ons5ANkkQBNZ/jMYczYs9T1ijNEbBNTJmLO+whOrYLyGd3iZ9X9iOmuNFBCgXp0tsN//FBsOyTl559/XY25r3GZhiKXMbrZ1IJewqJlG0+hN1y9qwWGgq5YpZPt5YJ1KGjIrcFX59/PhNQX4khPOaD5g7ZQIDAQAB", AUTOSPLIT),
+ // https://kb.mailbox.org/en/private/custom-domains/spf-dkim-and-dmarc-how-to-improve-spam-reputation-and-avoid-bounces
+ CNAME("MBO0001._domainkey", "MBO0001._domainkey.mailbox.org."),
+ CNAME("MBO0002._domainkey", "MBO0002._domainkey.mailbox.org."),
+ CNAME("MBO0003._domainkey", "MBO0003._domainkey.mailbox.org."),
+ CNAME("MBO0004._domainkey", "MBO0004._domainkey.mailbox.org."),
+
// Google postmaster tools verification
CNAME("uaqn4jv2xaoe", "gv-jun5dginqysxph.dv.googlehosted.com."),
CNAME("calendar", "ghs.googlehosted.com."),
CNAME("sites", "ghs.googlehosted.com."),
+ // Aliases for mailbox.org services
+
+ CNAME("autoconfig", "mailbox.org."),
+ SRV("_hkps._tcp", 1, 1, 443, "pgp.mailbox.org."),
+
// Main web server and it's aliases
A("@", RIDLEY_IPV4),
A("www", RIDLEY_IPV4),
A("wiki", RIDLEY_IPV4),
A("blog", RIDLEY_IPV4),
+
+ A("staging.blog", FUME_IPV4),
+ AAAA("staging.blog", FUME_IPV6),
+
A("crm", RIDLEY_IPV4),
A("join", RIDLEY_IPV4),
+ A("support", RIDLEY_IPV4),
+ A("supporting", RIDLEY_IPV4),
+ A("donate", RIDLEY_IPV4),
+
A("board", RIDLEY_IPV4),
A("dwg", RIDLEY_IPV4),
A("mwg", RIDLEY_IPV4),
- A("operations", RIDLEY_IPV4),
+ A("operations", NAGA_IPV4),
+ AAAA("operations", NAGA_IPV6),
// Nextcloud instance
--- /dev/null
+// http://www.he.net/adm/reverse.dns.html (RFC4183 notation)
+D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
+ PTR(DRIBBLE_IPV4.split(".").pop(), "dribble.openstreetmap.org."),
+ PTR(DULCY_IPV4.split(".").pop(), "dulcy.openstreetmap.org."),
+ PTR(FAFFY_IPV4.split(".").pop(), "faffy.openstreetmap.org."),
+ PTR(IRONBELLY_IPV4.split(".").pop(), "ironbelly.openstreetmap.org."),
+ PTR(NORBERT_IPV4.split(".").pop(), "norbert.openstreetmap.org."),
+ PTR(ODIN_IPV4.split(".").pop(), "odin.openstreetmap.org."),
+ PTR(SPIKE06_IPV4.split(".").pop(), "spike-06.openstreetmap.org."),
+ PTR(SPIKE07_IPV4.split(".").pop(), "spike-07.openstreetmap.org."),
+ PTR(SPIKE08_IPV4.split(".").pop(), "spike-08.openstreetmap.org."),
+ PTR(VHAGAR_IPV4.split(".").pop(), "vhagar.openstreetmap.org."),
+ PTR(SWITCH1AMS_IPV4.split(".").pop(), "switch1.ams.openstreetmap.org.")
+);
--- /dev/null
+D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
+ PTR(DRIBBLE_IPV6, "dribble.openstreetmap.org."),
+ PTR(DULCY_IPV6, "dulcy.openstreetmap.org."),
+ PTR(FAFFY_IPV6, "faffy.openstreetmap.org."),
+ PTR(IRONBELLY_IPV6, "ironbelly.openstreetmap.org."),
+ PTR(NORBERT_IPV6, "norbert.openstreetmap.org."),
+ PTR(ODIN_IPV6, "odin.openstreetmap.org."),
+ PTR(SPIKE06_IPV6, "spike-06.openstreetmap.org."),
+ PTR(SPIKE07_IPV6, "spike-07.openstreetmap.org."),
+ PTR(SPIKE08_IPV6, "spike-08.openstreetmap.org."),
+ PTR(VHAGAR_IPV6, "vhagar.openstreetmap.org."),
+ PTR(SWITCH1AMS_IPV6, "switch1.ams.openstreetmap.org.")
+);
// http://www.he.net/adm/reverse.dns.html (RFC4183 notation)
D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
- PTR(SWITCH1DUB_IPV4.split(".").pop(), "switch1.dub.openstreetmap.org."),
+ PTR(CULEBRE_IPV4.split(".").pop(), "culebre.openstreetmap.org."),
PTR(FAFNIR_IPV4.split(".").pop(), "fafnir.openstreetmap.org."),
- PTR(SPIKE01_IPV4.split(".").pop(), "spike-01.openstreetmap.org."),
- PTR(SPIKE02_IPV4.split(".").pop(), "spike-02.openstreetmap.org."),
- PTR(SPIKE03_IPV4.split(".").pop(), "spike-03.openstreetmap.org."),
+ PTR(HORNTAIL_IPV4.split(".").pop(), "horntail.openstreetmap.org."),
PTR(IDRIS_IPV4.split(".").pop(), "idris.openstreetmap.org."),
+ PTR(JAKELONG_IPV4.split(".").pop(), "jakelong.openstreetmap.org."),
PTR(KONQI_IPV4.split(".").pop(), "konqi.openstreetmap.org."),
+ PTR(LONGMA_IPV4.split(".").pop(), "longma.openstreetmap.org."),
+ PTR(MUIRDRIS_IPV4.split(".").pop(), "muirdris.openstreetmap.org."),
PTR(NAGA_IPV4.split(".").pop(), "naga.openstreetmap.org."),
- PTR(CULEBRE_IPV4.split(".").pop(), "culebre.openstreetmap.org."),
- PTR(HORNTAIL_IPV4.split(".").pop(), "horntail.openstreetmap.org."),
- PTR(GORWEN_IPV4.split(".").pop(), "gorwen.openstreetmap.org."),
- PTR(JAKELONG_IPV4.split(".").pop(), "jakelong.openstreetmap.org."),
- PTR(LONGMA_IPV4.split(".").pop(), "longma.openstreetmap.org.")
+ PTR(SMAUG_IPV4.split(".").pop(), "smaug.openstreetmap.org."),
+ PTR(SPIKE01_IPV4.split(".").pop(), "spike-01.openstreetmap.org."),
+ PTR(SPIKE02_IPV4.split(".").pop(), "spike-02.openstreetmap.org."),
+ PTR(SPIKE03_IPV4.split(".").pop(), "spike-03.openstreetmap.org."),
+ PTR(SWITCH1DUB_IPV4.split(".").pop(), "switch1.dub.openstreetmap.org.")
);
D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
- PTR(SWITCH1DUB_IPV6, "switch1.dub.openstreetmap.org."),
+ PTR(CULEBRE_IPV6, "culebre.openstreetmap.org."),
PTR(FAFNIR_IPV6, "fafnir.openstreetmap.org."),
- PTR(SPIKE01_IPV6, "spike-01.openstreetmap.org."),
- PTR(SPIKE02_IPV6, "spike-02.openstreetmap.org."),
- PTR(SPIKE03_IPV6, "spike-03.openstreetmap.org."),
+ PTR(HORNTAIL_IPV6, "horntail.openstreetmap.org."),
PTR(IDRIS_IPV6, "idris.openstreetmap.org."),
+ PTR(JAKELONG_IPV6, "jakelong.openstreetmap.org."),
PTR(KONQI_IPV6, "konqi.openstreetmap.org."),
+ PTR(LONGMA_IPV6, "longma.openstreetmap.org."),
+ PTR(MUIRDRIS_IPV6.split(".").pop(), "muirdris.openstreetmap.org."),
PTR(NAGA_IPV6, "naga.openstreetmap.org."),
- PTR(CULEBRE_IPV6, "culebre.openstreetmap.org."),
- PTR(HORNTAIL_IPV6, "horntail.openstreetmap.org."),
- PTR(GORWEN_IPV6, "gorwen.openstreetmap.org."),
- PTR(JAKELONG_IPV6, "jakelong.openstreetmap.org."),
- PTR(LONGMA_IPV6, "longma.openstreetmap.org.")
+ PTR(SMAUG_IPV6.split(".").pop(), "smaug.openstreetmap.org."),
+ PTR(SPIKE01_IPV6, "spike-01.openstreetmap.org."),
+ PTR(SPIKE02_IPV6, "spike-02.openstreetmap.org."),
+ PTR(SPIKE03_IPV6, "spike-03.openstreetmap.org."),
+ PTR(SWITCH1DUB_IPV6, "switch1.dub.openstreetmap.org.")
);
],
}),
- // Let openstreetmap.at handle email
+ // Block email delivery
- MX("@", 1, "openstreetmap.at.", TTL("1h")),
+ TXT("_dmarc", "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;"),
+ TXT("*._domainkey", "v=DKIM1; p="),
+ TXT("@", "v=spf1 -all"),
- // Main web server and it's aliases
-
- A("@", "88.198.206.107", TTL("10m")),
- A("www", "88.198.206.107", TTL("10m"))
+ // Site hosted on github pages
+ ALIAS("@", "openstreetmap-polska.github.io."),
+ CNAME("www", "openstreetmap-polska.github.io."),
+
+ // Previous editions
+
+ A("2014", "49.12.5.171"),
+ CNAME("2023", "osmbe.github.io."),
+ CNAME("2024", "openstreetmap-polska.github.io.")
+
);
// Let google handle email
- MX("@", 1, "aspmx.l.google.com.", TTL("1h")),
- MX("@", 5, "alt1.aspmx.l.google.com.", TTL("1h")),
- MX("@", 5, "alt2.aspmx.l.google.com.", TTL("1h")),
- MX("@", 10, "alt3.aspmx.l.google.com.", TTL("1h")),
- MX("@", 10, "alt4.aspmx.l.google.com.", TTL("1h")),
+ MX("@", 1, "aspmx.l.google.com."),
+ MX("@", 5, "alt1.aspmx.l.google.com."),
+ MX("@", 5, "alt2.aspmx.l.google.com."),
+ MX("@", 10, "alt3.aspmx.l.google.com."),
+ MX("@", 10, "alt4.aspmx.l.google.com."),
// Aliases for google services
// Main web server and it's aliases
- A("@", RIDLEY_IPV4, TTL("10m")),
- A("www", RIDLEY_IPV4, TTL("10m")),
- A("2022", RIDLEY_IPV4, TTL("10m")),
- A("2021", RIDLEY_IPV4, TTL("10m")),
- A("2020", RIDLEY_IPV4, TTL("10m")),
- A("2019", RIDLEY_IPV4, TTL("10m")),
- A("2018", RIDLEY_IPV4, TTL("10m")),
- A("2017", RIDLEY_IPV4, TTL("10m")),
- A("2016", RIDLEY_IPV4, TTL("10m")),
- A("2014", RIDLEY_IPV4, TTL("10m")),
- A("2013", RIDLEY_IPV4, TTL("10m")),
- A("2012", RIDLEY_IPV4, TTL("10m")),
- A("2011", RIDLEY_IPV4, TTL("10m")),
- A("2010", RIDLEY_IPV4, TTL("10m")),
- A("2009", RIDLEY_IPV4, TTL("10m")),
- A("2008", RIDLEY_IPV4, TTL("10m")),
- A("2007", RIDLEY_IPV4, TTL("10m")),
+ A("@", NAGA_IPV4),
+ AAAA("@", NAGA_IPV6),
+ A("www", NAGA_IPV4),
+ AAAA("www", NAGA_IPV6),
+ A("2024", NAGA_IPV4),
+ AAAA("2024", NAGA_IPV6),
+ A("2022", NAGA_IPV4),
+ AAAA("2022", NAGA_IPV6),
+ A("2021", NAGA_IPV4),
+ AAAA("2021", NAGA_IPV6),
+ A("2020", NAGA_IPV4),
+ AAAA("2020", NAGA_IPV6),
+ A("2019", NAGA_IPV4),
+ AAAA("2019", NAGA_IPV6),
+ A("2018", NAGA_IPV4),
+ AAAA("2018", NAGA_IPV6),
+ A("2017", NAGA_IPV4),
+ AAAA("2017", NAGA_IPV6),
+ A("2016", NAGA_IPV4),
+ AAAA("2016", NAGA_IPV6),
+ A("2013", NAGA_IPV4),
+ AAAA("2013", NAGA_IPV6),
+ A("2012", RIDLEY_IPV4),
+ A("2011", RIDLEY_IPV4),
+ A("2010", RIDLEY_IPV4),
+ A("2009", RIDLEY_IPV4),
+ A("2008", RIDLEY_IPV4),
+ A("2007", RIDLEY_IPV4),
// Google Site Verification - Grant
- TXT("2022", "google-site-verification=wT1dJzSYM_2By372lJ_v9IU1crF21qOySEAPABxUcyo")
+ TXT("2022", "google-site-verification=wT1dJzSYM_2By372lJ_v9IU1crF21qOySEAPABxUcyo"),
+ TXT("@", "google-site-verification=pqJHZHtrC4UhevQdPlR_2gVDPml6UCwmyHq75bfWLRQ")
);
SPF_BUILDER({
label: "@",
- ttl: "1h",
parts: [
"v=spf1",
"include:openstreetmap.org", // main openstreetmap.org spf record
// Main web server and it's aliases
- A("@", RIDLEY_IPV4, TTL("10m")),
- A("www", RIDLEY_IPV4, TTL("10m"))
+ A("@", NAGA_IPV4),
+ AAAA("@", NAGA_IPV6),
+ A("www", NAGA_IPV4),
+ AAAA("www", NAGA_IPV6)
);
projects / dns.git / commitdiff