From 0de4c64b9363a682122b4c97f998bdc546bd9a8e Mon Sep 17 00:00:00 2001 From: "wytze@deboca.net" Date: Fri, 29 May 2015 07:53:00 +0000 Subject: [PATCH] Update SSHFP records for cacert-fw01 and cacert-fw02 after upgrading firewall OS to OpenBSD 5.7. Add RRs with fingerprints for CAcert root certificates (generated by cacert-fingerprints-to-dns). Clean up fingerprints by dropping internal colons. git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2601 14b1bab8-4ef6-0310-b690-991c95c89dfd --- cacert.org | 47 +++++++++++++++++++++++++++++------------------ cacert.org.log | 16 ++++++++++++++-- 2 files changed, 43 insertions(+), 20 deletions(-) diff --git a/cacert.org b/cacert.org index 01a50e2..b573a79 100644 --- a/cacert.org +++ b/cacert.org @@ -1,10 +1,10 @@ ; DNS master zone file for cacert.org, under RCS control -; @(#)(CAcert) $Id: cacert.org,v 1.92 2015/02/05 08:03:40 root Exp $ +; @(#)(CAcert) $Id: cacert.org,v 1.95 2015/05/26 15:12:10 root Exp $ $TTL 12h ; default TTL for zone data @ IN SOA ns1.cacert.org. hostmaster.cacert.org. ( - 2015020501 ; Serial + 2015052602 ; Serial 4h ; refresh time 1h ; retry interval 2d ; expire time @@ -43,25 +43,25 @@ cacert-fw IN AAAA 2001:7b8:3:9c::4 cacert-fw01 IN A 213.154.225.253 cacert-fw01 IN AAAA 2001:7b8:3:9c::5 -cacert-fw01 IN SSHFP 1 1 6be2be69618020056c9e8a235dc51b0367180ebe -cacert-fw01 IN SSHFP 1 2 b1d030fe6f6b087d7725ca919cf85c3475e76162d8c5226018e8c8d04fe4c581 -cacert-fw01 IN SSHFP 2 1 f4a6914295fdd622dea8fa1961d0d72b880c0349 -cacert-fw01 IN SSHFP 2 2 d4279d2861e081b193905fac8b5de13998c04433fa852e8a32e674cd32b69917 -cacert-fw01 IN SSHFP 3 1 44962a1c0e01b6771210447d49f20c3be9b0b3b3 -cacert-fw01 IN SSHFP 3 2 bad68b88e1479b23fa2ded7603606dc1c2100a6a43e536e2af8be7baecaf435b -cacert-fw01 IN SSHFP 4 1 61fbf8396c8b41fa8c0df1d26dd02c67c76f76d4 -cacert-fw01 IN SSHFP 4 2 ca6536da3769d4d6a64cb7b2e1199ce338ae09b263032b7c1954a0fe94dae716 +cacert-fw01 IN SSHFP 1 1 43a7c6105193d121a8b27f5cd1c59aae32a35c5a +cacert-fw01 IN SSHFP 1 2 dfd30a1ef7ad3f97be62d278bee5deae0e599d3396cf3fec7be89c842c8d4e1e +cacert-fw01 IN SSHFP 2 1 14361f8c63524d5b31d9fde535627db77cf74f6c +cacert-fw01 IN SSHFP 2 2 4ee02374bb0144aa6d51cded9682ece865cf856f7df1ae63de812f68aea3e8d9 +cacert-fw01 IN SSHFP 3 1 c45e669fcd8f951e78e74340f75dbd6ae611ac4c +cacert-fw01 IN SSHFP 3 2 dc9d37b1cd325175437e5836ed1691d594f5af253a34e3b736b4522274c28f92 +cacert-fw01 IN SSHFP 4 1 119d5aa477a8a8dc79334fc84a64d1f3ea3a3319 +cacert-fw01 IN SSHFP 4 2 60d46e0d94070064e48a0d9de5a30778f00fd9c2c23dedb5a674c5ec873e3cdc cacert-fw02 IN A 213.154.225.254 cacert-fw02 IN AAAA 2001:7b8:3:9c::6 -cacert-fw02 IN SSHFP 1 1 d70bbfa6d9c625cb1228e7e86424d6d12df388be -cacert-fw02 IN SSHFP 1 2 9b5402576200e78f2238449eb959b48fb18a633bae57911f60cca313abe5ee95 -cacert-fw02 IN SSHFP 2 1 786f6aa7a5936b4b70eabe2a0c47355ab6c9fa03 -cacert-fw02 IN SSHFP 2 2 37f1ff7aa740a18560ff52aff65ed83680dca804b66f727ae5f5b303000695b7 -cacert-fw02 IN SSHFP 3 1 cf670d3b447aecbf42a0f5e3f9b51ef72f040753 -cacert-fw02 IN SSHFP 3 2 63a1f397b4fd6ff9755e34b1bd5580618899a1f0d1733556a44a01c203224f5c -cacert-fw02 IN SSHFP 4 1 0fc5b49ab25ec393f24e0ae75f4edf117bc05580 -cacert-fw02 IN SSHFP 4 2 2b75e0d31cccfbea04b4e9d6b160563f232dfc437cfb31425bb951d940d09d9a +cacert-fw02 IN SSHFP 1 1 43a7c6105193d121a8b27f5cd1c59aae32a35c5a +cacert-fw02 IN SSHFP 1 2 dfd30a1ef7ad3f97be62d278bee5deae0e599d3396cf3fec7be89c842c8d4e1e +cacert-fw02 IN SSHFP 2 1 14361f8c63524d5b31d9fde535627db77cf74f6c +cacert-fw02 IN SSHFP 2 2 4ee02374bb0144aa6d51cded9682ece865cf856f7df1ae63de812f68aea3e8d9 +cacert-fw02 IN SSHFP 3 1 c45e669fcd8f951e78e74340f75dbd6ae611ac4c +cacert-fw02 IN SSHFP 3 2 dc9d37b1cd325175437e5836ed1691d594f5af253a34e3b736b4522274c28f92 +cacert-fw02 IN SSHFP 4 1 119d5aa477a8a8dc79334fc84a64d1f3ea3a3319 +cacert-fw02 IN SSHFP 4 2 60d46e0d94070064e48a0d9de5a30778f00fd9c2c23dedb5a674c5ec873e3cdc cats IN A 213.154.225.243 cats IN SSHFP 1 1 d29d4cc4662d5cb5f42c02823ca8677f05439589 @@ -225,3 +225,14 @@ wiki IN SSHFP 2 1 04f7ab767579f004cc3ab2cc42a4ccaa24e51154 www IN A 213.154.225.245 www IN AAAA 2001:7b8:3:9c::245 _443._tcp.www IN TLSA 2 0 0 3082073d30820525a003020102020100300d06092a864886f70d010104050030793110300e060355040a1307526f6f74204341311e301c060355040b1315687474703a2f2f7777772e6361636572742e6f7267312230200603550403131943412043657274205369676e696e6720417574686f726974793121301f06092a864886f70d0109011612737570706f7274406361636572742e6f7267301e170d3033303333303132323934395a170d3333303332393132323934395a30793110300e060355040a1307526f6f74204341311e301c060355040b1315687474703a2f2f7777772e6361636572742e6f7267312230200603550403131943412043657274205369676e696e6720417574686f726974793121301f06092a864886f70d0109011612737570706f7274406361636572742e6f726730820222300d06092a864886f70d01010105000382020f003082020a0282020100ce22c0e2467dec3628075096f2a033408c4bf13b663f31e56b0236dbd67cf6f1888f4e7736054195f909f012cf46867360b76e7ee8c05864aecdb0ad45170c63fa670ae8d6d2bf3ee798c4f04cfae003bb355d6c21de9e20d9bacd66323772faf708f5c7cd58c98ee70e5eea3efe1ca1140a156c86845b64662a7aa94b5379f588a27bee2f0a612b8db27e4d56a513eceada929eac44411e5860650566f8c044bdcb94f7427e0bf76568985105f0f30591041d1b1782ecc857bbc36b7a88f1b072cc255b2091ec1602128f32e9171848d0c7052e023042b8259c056b3faa3aa7eb5348f7e8d2b60798dc1bc6347f7fc91c827a05582b085bf338a2ab175d66c998d79e108ba2d2dd749af7710c7260dfcd6f98339d9634763e247a92b00e951e6fe6a0453847aad741ed4ab712f6d71b838a0f2ed809b659d7aa04ffd2937d682edd8b4bab58ba2f8dea95a7a0c35489a5fbdb8b51229db2c3be11be2c91868b9678ad20d38a2f1a3fc6d051658721b11901657f451c87f57cd0414c4f299821fd331f750c0451fa1977dbd4141cee81c31df598b769069122dd0050cc8131ac12077b38da685be62bd47ec95fade8eb724cf301e54b20bf9aa657ca9100018ba1752137b5630d673e464f702067cec5d659db02e0f0d2cbcdba62b79041e8dd20e429bc642942c822dc789aff43ec981b09514b5a5ac271f1c4cb73a9e5a10b0203010001a38201ce308201ca301d0603551d0e0416041416b5321bd4c7f3e0e68ef3bdd2b03aeeb23918d13081a30603551d2304819b308198801416b5321bd4c7f3e0e68ef3bdd2b03aeeb23918d1a17da47b30793110300e060355040a1307526f6f74204341311e301c060355040b1315687474703a2f2f7777772e6361636572742e6f7267312230200603550403131943412043657274205369676e696e6720417574686f726974793121301f06092a864886f70d0109011612737570706f7274406361636572742e6f7267820100300f0603551d130101ff040530030101ff30320603551d1f042b30293027a025a023862168747470733a2f2f7777772e6361636572742e6f72672f7265766f6b652e63726c303006096086480186f84201040423162168747470733a2f2f7777772e6361636572742e6f72672f7265766f6b652e63726c303406096086480186f842010804271625687474703a2f2f7777772e6361636572742e6f72672f696e6465782e7068703f69643d3130305606096086480186f842010d04491647546f2067657420796f7572206f776e20636572746966696361746520666f7220465245452068656164206f76657220746f20687474703a2f2f7777772e6361636572742e6f7267300d06092a864886f70d0101040500038202010028c7ee9c8202ba5c8012ca350a1d816f896a99ccf2680f7fa7e18d58953ebdf206c3905aacb560f6994301a388709c9d629da487af67580d30363be6ad48d3cb740286713ee22b0368f1346240463b53ea28f4acfb6695538a4d5dfd3bd960d7ca79693bb16592a6c681825c9ccdeb4d018aa5df1155aa15ca1f37c082987061db6a7c96a38e2e543e4f21a990efdc82bfdce845ad4d9073083c9465b00499767fe2bcc26a15aa97043724d81e944e6d0e51bed6c48fca966df743dfe83065273b7bbb434363c443f7b2ec68cce1198e22fb98e17b5a3e01373b8b08b0a2f3954e1acb9bcd9ab1dbb270f02d4adbd8b0e36f45483312fffe3c322a54f7c4f78af08823c247fe647a71c0d11ea663b0077ea42fd3018fdc9f2bb6c608a90f934825fc12fd9f42dcf3c43ef657b0d7dd69d10677340a4bd2caa0ff1cc68cc916bec4cc323768735f08fb51f7495336050a95024cf2791a10f6d83a759cf31df1a20d7067861bb316f52fe5a4eb7986f93d0bc2730ba599ac6ffc67b8e52f0ba618248d7bd14835291840ac9360e1968650b47a59d88f210b9fcf8291c63bbf6bdc0791b9975623aab66c94c648063ce4ce4eaae4f62f09dc536f2efc74eb3a6399c2a6ac89bca7b244a00d8a10e36cf224cbfa9b9f70472ede148bd4b2200996a264f1241cdca1359c15b2d4bc552e7d06f59c0e55f45ad693da76ad25734cc543 + +; fingerprints for CAcert root certificates (generated by cacert-fingerprints-to-dns) +_certs.g1._fp IN TXT "root class3" +_url.root.g1._fp IN TXT "http://www.cacert.org/certs/root.crt" +_md5.root.g1._fp IN TXT "A61B375E390D9C3654EEBD2031461F6B" +_sha1.root.g1._fp IN TXT "135CEC36F49CB8E93B1AB270CD80884676CE8F33" +_sha256.root.g1._fp IN TXT "FF2A65CFF1149C7430101E0F65A07EC19183A3B633EF4A6510890DAD18316B3A" +_url.class3.g1._fp IN TXT "http://www.cacert.org/certs/class3.crt" +_md5.class3.g1._fp IN TXT "F72512824E67B5D08D92B77C0B867A42" +_sha1.class3.g1._fp IN TXT "AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE" +_sha256.class3.g1._fp IN TXT "4EDDE9E55CA453B388887CAA25D5C5C5BCCF2891D73B87495808293D5FAC83C8" diff --git a/cacert.org.log b/cacert.org.log index 125a9c4..8941774 100644 --- a/cacert.org.log +++ b/cacert.org.log @@ -1,16 +1,28 @@ RCS file: /var/opendnssec/unsigned/RCS/cacert.org,v Working file: /var/opendnssec/unsigned/cacert.org -head: 1.92 +head: 1.95 branch: locks: strict access list: symbolic names: keyword substitution: kv -total revisions: 92; selected revisions: 92 +total revisions: 95; selected revisions: 95 description: cacert.org - zone file for cacert.org ---------------------------- +revision 1.95 +date: 2015/05/26 15:12:10; author: root; state: Exp; lines: +8 -8 +Clean up fingerprints by dropping internal colons. +---------------------------- +revision 1.94 +date: 2015/05/26 14:56:50; author: root; state: Exp; lines: +13 -2 +Add RRs with fingerprints for CAcert root certificates (generated by cacert-fingerprints-to-dns). +---------------------------- +revision 1.93 +date: 2015/05/12 13:17:05; author: root; state: Exp; lines: +18 -18 +Update SSHFP records for cacert-fw01 and cacert-fw02 after upgrading firewall OS to OpenBSD 5.7. +---------------------------- revision 1.92 date: 2015/02/05 08:03:40; author: root; state: Exp; lines: +10 -2 Add A and SSHFP records for jenkins.cacert.org per e-mail request from Jan Dittberner.