From 0bfb720b4b8e4c486f9c8acc769a27d25554300e Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Sun, 23 Nov 2025 19:01:53 +0000 Subject: [PATCH] Use templated standard CAA --- dnsconfig.js | 17 +++++++++++++++++ src/opengeodata.js | 14 ++------------ src/openstreetmap-mg.js | 14 ++------------ src/openstreetmap-minimal.js | 14 ++------------ src/openstreetmap-nz.js | 14 ++------------ src/openstreetmap-town.js | 14 ++------------ src/openstreetmap-uk.js | 14 ++------------ src/openstreetmap-za.js | 14 ++------------ src/openstreetmap.js | 17 ++--------------- src/osm-wiki.js | 17 ++--------------- src/osm2pgsql.js | 14 ++------------ src/osmfoundation.js | 14 ++------------ src/stateofthemap-eu.js | 14 ++------------ src/stateofthemap.js | 14 ++------------ src/switch2osm.js | 14 ++------------ 15 files changed, 45 insertions(+), 174 deletions(-) diff --git a/dnsconfig.js b/dnsconfig.js index 024e849..50ea26f 100644 --- a/dnsconfig.js +++ b/dnsconfig.js @@ -145,6 +145,23 @@ try { var GEO_NS_RECORDS = []; } +// Publish CAA records indicating that only letsencrypt and globalsign (Fastly) should issue certificates +var OSM_CAA = [ + CAA_BUILDER({ + label: "@", + ttl: "1h", + iodef: "mailto:hostmaster@openstreetmap.org", + issue: [ + "letsencrypt.org", + "globalsign.com", // Used by Fastly for CDN certificates + ], + issuewild: [ + "letsencrypt.org", + "globalsign.com", // Used by Fastly for CDN certificates + ], + }), +]; + OPENSTREETMAP("openstreetmap.org", REG_GANDI); OPENSTREETMAP("openstreetmap.com", REG_GANDI); OPENSTREETMAP("openstreetmap.net", REG_GANDI); diff --git a/src/opengeodata.js b/src/opengeodata.js index 8d84a80..7686517 100644 --- a/src/opengeodata.js +++ b/src/opengeodata.js @@ -1,17 +1,7 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), - // Publish CAA records indicating that only letsencrypt should issue certificates - - CAA_BUILDER({ - label: "@", - iodef: "mailto:hostmaster@openstreetmap.org", - issue: [ - "letsencrypt.org", - ], - issuewild: [ - "letsencrypt.org", - ], - }), + // Include OSM standard CAA records + OSM_CAA, // Delegate SPF policy to the main domain diff --git a/src/openstreetmap-mg.js b/src/openstreetmap-mg.js index b669ffe..ae99d32 100644 --- a/src/openstreetmap-mg.js +++ b/src/openstreetmap-mg.js @@ -1,17 +1,7 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), - // Publish CAA records indicating that only letsencrypt should issue certificates - - CAA_BUILDER({ - label: "@", - iodef: "mailto:hostmaster@openstreetmap.org", - issue: [ - "letsencrypt.org", - ], - issuewild: [ - "letsencrypt.org", - ], - }), + // Include OSM standard CAA records + OSM_CAA, // Block email delivery diff --git a/src/openstreetmap-minimal.js b/src/openstreetmap-minimal.js index 6ed789f..ee36734 100644 --- a/src/openstreetmap-minimal.js +++ b/src/openstreetmap-minimal.js @@ -1,17 +1,7 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), - // Publish CAA records indicating that only letsencrypt should issue certificates - - CAA_BUILDER({ - label: "@", - iodef: "mailto:hostmaster@openstreetmap.org", - issue: [ - "letsencrypt.org", - ], - issuewild: [ - "letsencrypt.org", - ], - }), + // Include OSM standard CAA records + OSM_CAA, // Let the main domain handle the email diff --git a/src/openstreetmap-nz.js b/src/openstreetmap-nz.js index 3f69477..7d45585 100644 --- a/src/openstreetmap-nz.js +++ b/src/openstreetmap-nz.js @@ -1,17 +1,7 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), - // Publish CAA records indicating that only letsencrypt should issue certificates - - CAA_BUILDER({ - label: "@", - iodef: "mailto:hostmaster@openstreetmap.org", - issue: [ - "letsencrypt.org", - ], - issuewild: [ - "letsencrypt.org", - ], - }), + // Include OSM standard CAA records + OSM_CAA, // Let the main domain handle the email diff --git a/src/openstreetmap-town.js b/src/openstreetmap-town.js index 1390487..a447fce 100644 --- a/src/openstreetmap-town.js +++ b/src/openstreetmap-town.js @@ -1,17 +1,7 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), - // Publish CAA records indicating that only letsencrypt should issue certificates - - CAA_BUILDER({ - label: "@", - iodef: "mailto:hostmaster@openstreetmap.org", - issue: [ - "letsencrypt.org", - ], - issuewild: [ - "letsencrypt.org", - ], - }), + // Include OSM standard CAA records + OSM_CAA, // Let the main domain handle the email diff --git a/src/openstreetmap-uk.js b/src/openstreetmap-uk.js index a0c4d51..5f36a2e 100644 --- a/src/openstreetmap-uk.js +++ b/src/openstreetmap-uk.js @@ -1,17 +1,7 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), - // Publish CAA records indicating that only letsencrypt should issue certificates - - CAA_BUILDER({ - label: "@", - iodef: "mailto:hostmaster@openstreetmap.org", - issue: [ - "letsencrypt.org", - ], - issuewild: [ - "letsencrypt.org", - ], - }), + // Include OSM standard CAA records + OSM_CAA, // Let the main domain handle the email diff --git a/src/openstreetmap-za.js b/src/openstreetmap-za.js index 5f8e5c1..6e04c78 100644 --- a/src/openstreetmap-za.js +++ b/src/openstreetmap-za.js @@ -1,17 +1,7 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), - // Publish CAA records indicating that only letsencrypt should issue certificates - - CAA_BUILDER({ - label: "@", - iodef: "mailto:hostmaster@openstreetmap.org", - issue: [ - "letsencrypt.org", - ], - issuewild: [ - "letsencrypt.org", - ], - }), + // Include OSM standard CAA records + OSM_CAA, // Let the main domain handle the email diff --git a/src/openstreetmap.js b/src/openstreetmap.js index 7b217a8..2878e1d 100644 --- a/src/openstreetmap.js +++ b/src/openstreetmap.js @@ -1,20 +1,7 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), - // Publish CAA records indicating that only letsencrypt and globalsign (Fastly) should issue certificates - - CAA_BUILDER({ - label: "@", - ttl: "1h", - iodef: "mailto:hostmaster@openstreetmap.org", - issue: [ - "letsencrypt.org", - "globalsign.com", // Used by Fastly for CDN certificates - ], - issuewild: [ - "letsencrypt.org", - "globalsign.com", // Used by Fastly for CDN certificates - ], - }), + // Include OSM standard CAA records + OSM_CAA, // Mail service diff --git a/src/osm-wiki.js b/src/osm-wiki.js index 39f9717..7267433 100644 --- a/src/osm-wiki.js +++ b/src/osm-wiki.js @@ -1,20 +1,7 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), - // Publish CAA records indicating that only letsencrypt and globalsign (Fastly) should issue certificates - - CAA_BUILDER({ - label: "@", - ttl: "1h", - iodef: "mailto:hostmaster@openstreetmap.org", - issue: [ - "letsencrypt.org", - "globalsign.com", // Used by Fastly for CDN certificates - ], - issuewild: [ - "letsencrypt.org", - "globalsign.com", // Used by Fastly for CDN certificates - ], - }), + // Include OSM standard CAA records + OSM_CAA, // Mail service diff --git a/src/osm2pgsql.js b/src/osm2pgsql.js index 391e827..8a9a32a 100644 --- a/src/osm2pgsql.js +++ b/src/osm2pgsql.js @@ -1,17 +1,7 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), - // Publish CAA records indicating that only letsencrypt should issue certificates - - CAA_BUILDER({ - label: "@", - iodef: "mailto:hostmaster@openstreetmap.org", - issue: [ - "letsencrypt.org", - ], - issuewild: [ - "letsencrypt.org", - ], - }), + // Include OSM standard CAA records + OSM_CAA, // Main web server and it's aliases diff --git a/src/osmfoundation.js b/src/osmfoundation.js index 06bf7fb..7abf17b 100644 --- a/src/osmfoundation.js +++ b/src/osmfoundation.js @@ -1,17 +1,7 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), - // Publish CAA records indicating that only letsencrypt should issue certificates - - CAA_BUILDER({ - label: "@", - iodef: "mailto:hostmaster@openstreetmap.org", - issue: [ - "letsencrypt.org", - ], - issuewild: [ - "letsencrypt.org", - ], - }), + // Include OSM standard CAA records + OSM_CAA, // Let mailbox.org handle email diff --git a/src/stateofthemap-eu.js b/src/stateofthemap-eu.js index b3cabe0..b5f6d7e 100644 --- a/src/stateofthemap-eu.js +++ b/src/stateofthemap-eu.js @@ -1,17 +1,7 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), - // Publish CAA records indicating that only letsencrypt should issue certificates - - CAA_BUILDER({ - label: "@", - iodef: "mailto:hostmaster@openstreetmap.org", - issue: [ - "letsencrypt.org", - ], - issuewild: [ - "letsencrypt.org", - ], - }), + // Include OSM standard CAA records + OSM_CAA, // Email delivery SPF_BUILDER({ diff --git a/src/stateofthemap.js b/src/stateofthemap.js index f958816..750f06c 100644 --- a/src/stateofthemap.js +++ b/src/stateofthemap.js @@ -1,17 +1,7 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), - // Publish CAA records indicating that only letsencrypt should issue certificates - - CAA_BUILDER({ - label: "@", - iodef: "mailto:hostmaster@openstreetmap.org", - issue: [ - "letsencrypt.org", - ], - issuewild: [ - "letsencrypt.org", - ], - }), + // Include OSM standard CAA records + OSM_CAA, // SPF policy diff --git a/src/switch2osm.js b/src/switch2osm.js index cf4b9ce..f4027c9 100644 --- a/src/switch2osm.js +++ b/src/switch2osm.js @@ -1,17 +1,7 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), - // Publish CAA records indicating that only letsencrypt should issue certificates - - CAA_BUILDER({ - label: "@", - iodef: "mailto:hostmaster@openstreetmap.org", - issue: [ - "letsencrypt.org", - ], - issuewild: [ - "letsencrypt.org", - ], - }), + // Include OSM standard CAA records + OSM_CAA, // Delegate SPF policy to the main domain -- 2.39.5