diff --git a/2001:07b8:616.ip6.log b/2001:07b8:616.ip6.log deleted file mode 100644 index 46c3ca1..0000000 --- a/2001:07b8:616.ip6.log +++ /dev/null @@ -1,71 +0,0 @@ - -RCS file: /var/opendnssec/unsigned/RCS/2001:07b8:616.ip6,v -Working file: /var/opendnssec/unsigned/2001:07b8:616.ip6 -head: 1.13 -branch: -locks: strict -access list: -symbolic names: -keyword substitution: kv -total revisions: 13; selected revisions: 13 -description: -2001:07b8:616.ip6 - zone file for reverse IPv6 of cacert.org ----------------------------- -revision 1.13 -date: 2019/10/18 08:26:09; author: root; state: Exp; lines: +2 -3 -Drop NS record for ns5.cacert.org since ISC will be ending -the secondary name service on January 31, 2020. ----------------------------- -revision 1.12 -date: 2019/08/04 07:33:19; author: root; state: Exp; lines: +3 -3 -Apply changes for infrastructure systems per e-mail request from Jan Dittberner on 03.08.2019. ----------------------------- -revision 1.11 -date: 2018/02/25 09:27:53; author: root; state: Exp; lines: +4 -3 -Update infra02 to infrastructure, add reverse IPv6 for proxyout.cacert.org. ----------------------------- -revision 1.10 -date: 2018/02/15 16:15:21; author: root; state: Exp; lines: +2 -3 -Drop all records for arbitrations.cacert.org per e-mail request -from Jan Dittberner on 15.02.2018. ----------------------------- -revision 1.9 -date: 2015/03/04 10:56:01; author: root; state: Exp; lines: +29 -26 -Move infra LXC containers to a separate /80 subnet. ----------------------------- -revision 1.8 -date: 2014/02/06 13:48:15; author: root; state: Exp; lines: +3 -3 -Name changes per e-mail request from Mario Lipinski on 05.02.2014. ----------------------------- -revision 1.7 -date: 2014/01/29 13:33:25; author: root; state: Exp; lines: +32 -26 -Add four new infrastructure systems. -Put the "real" infrastructure systems in a /80 subnet to simplify firewall rules. -Correct network addresses in comments. ----------------------------- -revision 1.6 -date: 2014/01/28 09:18:48; author: root; state: Exp; lines: +36 -2 -Add PTR records for the full infra and critical networks. ----------------------------- -revision 1.5 -date: 2014/01/27 16:00:45; author: root; state: Exp; lines: +3 -3 -Add PTR record for ns1.cacert.org. -Drop dummy PTR record. ----------------------------- -revision 1.4 -date: 2014/01/26 09:19:46; author: root; state: Exp; lines: +3 -2 -Add PTR record for hopper.cacert.org. ----------------------------- -revision 1.3 -date: 2013/12/09 14:00:49; author: root; state: Exp; lines: +3 -5 -Back out previous change, it was a mistake. ----------------------------- -revision 1.2 -date: 2013/12/09 13:53:06; author: root; state: Exp; lines: +5 -3 -Add PTR records for cacert-fw, cacert-fw01 and cacert-fw02. -Remove dummy record. ----------------------------- -revision 1.1 -date: 2013/11/24 15:54:29; author: root; state: Exp; -Initial revision -============================================================================= diff --git a/213.154.225.224.ip4.log b/213.154.225.224.ip4.log deleted file mode 100644 index d00c39d..0000000 --- a/213.154.225.224.ip4.log +++ /dev/null @@ -1,44 +0,0 @@ - -RCS file: /var/opendnssec/unsigned/RCS/213.154.225.224.ip4,v -Working file: /var/opendnssec/unsigned/213.154.225.224.ip4 -head: 1.7 -branch: -locks: strict -access list: -symbolic names: -keyword substitution: kv -total revisions: 7; selected revisions: 7 -description: -213.154.225.224.ip4 - zone file for reverse IPv4 of cacert.org ----------------------------- -revision 1.7 -date: 2019/10/18 08:26:09; author: root; state: Exp; lines: +2 -3 -Drop NS record for ns5.cacert.org since ISC will be ending -the secondary name service on January 31, 2020. ----------------------------- -revision 1.6 -date: 2019/08/04 07:33:19; author: root; state: Exp; lines: +3 -2 -Apply changes for infrastructure systems per e-mail request from Jan Dittberner on 03.08.2019. ----------------------------- -revision 1.5 -date: 2018/02/18 14:33:18; author: root; state: Exp; lines: +3 -3 -Update PTR record for 242 from cacert.eu. to web.cacert.org. per e-mail request -from Jan Dittberner on 17.02.2018. ----------------------------- -revision 1.4 -date: 2018/02/15 15:59:08; author: root; state: Exp; lines: +2 -3 -Drop all records for arbitrations.cacert.org per e-mail request -from Jan Dittberner on 15.02.2018. ----------------------------- -revision 1.3 -date: 2014/02/06 13:39:51; author: root; state: Exp; lines: +3 -3 -Name changes per e-mail request from Mario Lipinski on 05.02.2014. ----------------------------- -revision 1.2 -date: 2014/01/29 13:26:10; author: root; state: Exp; lines: +6 -6 -Add four new infrastructure systems. ----------------------------- -revision 1.1 -date: 2013/12/19 18:40:15; author: root; state: Exp; -Initial revision -============================================================================= diff --git a/cacert.com.log b/cacert.com.log deleted file mode 100644 index f550413..0000000 --- a/cacert.com.log +++ /dev/null @@ -1,127 +0,0 @@ - -RCS file: /var/opendnssec/unsigned/RCS/cacert.com,v -Working file: /var/opendnssec/unsigned/cacert.com -head: 1.26 -branch: -locks: strict -access list: -symbolic names: -keyword substitution: kv -total revisions: 26; selected revisions: 26 -description: -cacert.com - zone file for cacert.com ----------------------------- -revision 1.26 -date: 2019/10/18 08:27:48; author: root; state: Exp; lines: +2 -5 -Drop all records for ns5.cacert.com since ISC will be ending the -secondary name service on January 31, 2020. ----------------------------- -revision 1.25 -date: 2019/06/06 08:41:38; author: root; state: Exp; lines: +3 -6 -Drop ns4.cacert.org secondary server. -Re-enable IPv6 address for ns3.cacert.com. ----------------------------- -revision 1.24 -date: 2018/05/02 12:48:09; author: root; state: Exp; lines: +3 -3 -Update CAA record to contain a valid mailto: URL. ----------------------------- -revision 1.23 -date: 2017/09/29 13:36:39; author: root; state: Exp; lines: +6 -2 -Add CAA records. ----------------------------- -revision 1.22 -date: 2016/10/12 07:18:06; author: root; state: Exp; lines: +4 -4 -Set TTL for SOA to 1 hour, and SOA expire time to 7 days, per web recommendations. ----------------------------- -revision 1.21 -date: 2016/07/16 14:42:49; author: root; state: Exp; lines: +2 -2 -Update serial number to force OpenDNSSEC 2.0.0-1 to use a higher serial number. ----------------------------- -revision 1.20 -date: 2015/10/26 14:49:58; author: root; state: Exp; lines: +3 -3 -Disable IPv6 address for ns3, because this host is currently lacking IPv6 connectivity. ----------------------------- -revision 1.19 -date: 2014/09/17 14:37:45; author: root; state: Exp; lines: +4 -4 -Update IPv4 and IPv6 addresses for ns4.cacert.org (ns-ext.nlnetlabs.nl). ----------------------------- -revision 1.18 -date: 2014/06/11 09:14:21; author: root; state: Exp; lines: +3 -4 -Add IPv6 address for ns1.cacert.com. -Drop obsolete dlv record. ----------------------------- -revision 1.17 -date: 2013/06/01 08:55:22; author: root; state: Exp; lines: +4 -4 -Update A and AAAA records for ns3 after server migration of mars.overmeer.net. ----------------------------- -revision 1.16 -date: 2013/03/17 10:19:32; author: root; state: Exp; lines: +2 -5 -Drop nameserver ns2 because it will be taken out of service soon. -A corresponding change has already been made in the GKG.NET registry. ----------------------------- -revision 1.15 -date: 2012/04/17 07:07:02; author: root; state: Exp; lines: +3 -3 -Reduce SOA expiration timer from 1 week to 2 days, in order to comply with -a recommendation made in RFC 4641bis: the SOA expiration timer should be -between 1/4th and 1/3ed of the size of the signature validity period (1 week). ----------------------------- -revision 1.14 -date: 2011/07/14 15:30:42; author: root; state: Exp; lines: +3 -2 -Add IPv6 address for ns3 (per e-mail from Mark Overmeer on July 7, 2011). ----------------------------- -revision 1.13 -date: 2010/12/09 13:04:26; author: root; state: Exp; lines: +5 -2 -Add A and AAAA records for ns5.cacert.com (sns-pb.isc.org) and enable -an NS record for it. ----------------------------- -revision 1.12 -date: 2010/10/27 14:55:25; author: root; state: Exp; lines: +3 -2 -Enable NS record for ns4. ----------------------------- -revision 1.11 -date: 2010/10/21 09:55:49; author: root; state: Exp; lines: +4 -2 -Add A and AAAA records for ns4.cacert.com (ns-ext.nlnetlabs.nl). ----------------------------- -revision 1.10 -date: 2010/10/07 14:30:28; author: root; state: Exp; lines: +3 -2 -Add IPv6 address for ns2.cacert.org. ----------------------------- -revision 1.9 -date: 2010/09/15 15:07:39; author: root; state: Exp; lines: +3 -3 -Increase SOA refresh time from 2 hours to 4 hours. ----------------------------- -revision 1.8 -date: 2010/09/15 14:14:37; author: root; state: Exp; lines: +4 -2 -Add dlv TXT RR for validation by dlv.isc.org. ----------------------------- -revision 1.7 -date: 2010/06/22 12:49:01; author: root; state: Exp; lines: +3 -4 -Switch ns1 to official CAcert-hosted name server at ns.cacert.org. ----------------------------- -revision 1.6 -date: 2010/01/06 16:13:46; author: root; state: Exp; lines: +4 -7 -Switch completely to new name servers: ns[123].cacert.com. -Update MX record to point to email.cacert.org -- needs checking! ----------------------------- -revision 1.5 -date: 2010/01/06 14:33:43; author: root; state: Exp; lines: +4 -2 -Add ns3.cacert.com (mars.overmeer.net). ----------------------------- -revision 1.4 -date: 2010/01/06 11:03:07; author: root; state: Exp; lines: +5 -3 -Add ns2.cacert.com (newsys.gun.de). -Document IP numbers of name servers used. ----------------------------- -revision 1.3 -date: 2010/01/05 15:54:37; author: root; state: Exp; lines: +3 -2 -Add IPv6 address for ns1.cacert.com. ----------------------------- -revision 1.2 -date: 2010/01/04 15:56:09; author: root; state: Exp; lines: +4 -3 -Replace unregistered NS cobold.sportreportnet5.at. by ns1.cacert.com, -and an appropriate A record for it (pointing to deboca.net's IP). ----------------------------- -revision 1.1 -date: 2010/01/04 15:43:27; author: root; state: Exp; -Initial revision -============================================================================= diff --git a/cacert.community.log b/cacert.community.log deleted file mode 100644 index 70920fb..0000000 --- a/cacert.community.log +++ /dev/null @@ -1,21 +0,0 @@ - -RCS file: /var/opendnssec/unsigned/RCS/cacert.community,v -Working file: /var/opendnssec/unsigned/cacert.community -head: 1.2 -branch: -locks: strict -access list: -symbolic names: -keyword substitution: kv -total revisions: 2; selected revisions: 2 -description: -cacert.community - zone file for cacert.community ----------------------------- -revision 1.2 -date: 2016/07/16 14:42:49; author: root; state: Exp; lines: +2 -2 -Update serial number to force OpenDNSSEC 2.0.0-1 to use a higher serial number. ----------------------------- -revision 1.1 -date: 2014/06/11 09:16:59; author: root; state: Exp; -Initial revision -============================================================================= diff --git a/cacert.net.log b/cacert.net.log deleted file mode 100644 index 94c10d2..0000000 --- a/cacert.net.log +++ /dev/null @@ -1,131 +0,0 @@ - -RCS file: /var/opendnssec/unsigned/RCS/cacert.net,v -Working file: /var/opendnssec/unsigned/cacert.net -head: 1.27 -branch: -locks: strict -access list: -symbolic names: -keyword substitution: kv -total revisions: 27; selected revisions: 27 -description: -cacert.net - DNS master zone file for cacert.net, under RCS control ----------------------------- -revision 1.27 -date: 2019/10/18 08:23:30; author: root; state: Exp; lines: +2 -5 -Drop all records for ns5.cacert.net since ISC will be ending the -secondary name service on January 31, 2020. ----------------------------- -revision 1.26 -date: 2019/06/06 08:41:38; author: root; state: Exp; lines: +3 -6 -Drop ns4.cacert.org secondary server. -Re-enable IPv6 address for ns3.cacert.net. ----------------------------- -revision 1.25 -date: 2018/05/02 12:48:09; author: root; state: Exp; lines: +3 -3 -Update CAA record to contain a valid mailto: URL. ----------------------------- -revision 1.24 -date: 2017/09/29 13:36:39; author: root; state: Exp; lines: +6 -2 -Add CAA records. ----------------------------- -revision 1.23 -date: 2016/10/12 07:18:06; author: root; state: Exp; lines: +4 -4 -Set TTL for SOA to 1 hour, and SOA expire time to 7 days, per web recommendations. ----------------------------- -revision 1.22 -date: 2016/07/16 14:42:49; author: root; state: Exp; lines: +2 -2 -Update serial number to force OpenDNSSEC 2.0.0-1 to use a higher serial number. ----------------------------- -revision 1.21 -date: 2015/10/26 14:49:58; author: root; state: Exp; lines: +3 -3 -Disable IPv6 address for ns3, because this host is currently lacking IPv6 connectivity. ----------------------------- -revision 1.20 -date: 2014/09/17 14:37:45; author: root; state: Exp; lines: +4 -4 -Update IPv4 and IPv6 addresses for ns4.cacert.org (ns-ext.nlnetlabs.nl). ----------------------------- -revision 1.19 -date: 2014/06/11 09:15:32; author: root; state: Exp; lines: +3 -2 -Add IPv6 address for ns1.cacert.net. ----------------------------- -revision 1.18 -date: 2013/06/01 08:55:22; author: root; state: Exp; lines: +4 -4 -Update A and AAAA records for ns3 after server migration of mars.overmeer.net. ----------------------------- -revision 1.17 -date: 2013/03/17 10:19:32; author: root; state: Exp; lines: +2 -5 -Drop nameserver ns2 because it will be taken out of service soon. -A corresponding change has already been made in the GKG.NET registry. ----------------------------- -revision 1.16 -date: 2012/04/17 07:07:02; author: root; state: Exp; lines: +3 -3 -Reduce SOA expiration timer from 1 week to 2 days, in order to comply with -a recommendation made in RFC 4641bis: the SOA expiration timer should be -between 1/4th and 1/3ed of the size of the signature validity period (1 week). ----------------------------- -revision 1.15 -date: 2011/07/14 15:30:42; author: root; state: Exp; lines: +3 -2 -Add IPv6 address for ns3 (per e-mail from Mark Overmeer on July 7, 2011). ----------------------------- -revision 1.14 -date: 2011/01/24 16:13:31; author: root; state: Exp; lines: +2 -4 -Drop dlv TXT RR for validation by dlv.isc.org, because we don't use dlv -anymore for this zone, its DS record has been uploaded to the registry. ----------------------------- -revision 1.13 -date: 2010/12/09 13:06:27; author: root; state: Exp; lines: +5 -2 -Add A and AAAA records for ns5.cacert.net (sns-pb.isc.org) and enable -an NS record for it. ----------------------------- -revision 1.12 -date: 2010/10/27 14:55:25; author: root; state: Exp; lines: +3 -2 -Enable NS record for ns4. ----------------------------- -revision 1.11 -date: 2010/10/21 09:55:49; author: root; state: Exp; lines: +4 -2 -Add A and AAAA records for ns4.cacert.net (ns-ext.nlnetlabs.nl). ----------------------------- -revision 1.10 -date: 2010/10/07 14:30:28; author: root; state: Exp; lines: +3 -2 -Add IPv6 address for ns2.cacert.org. ----------------------------- -revision 1.9 -date: 2010/09/15 15:07:39; author: root; state: Exp; lines: +3 -3 -Increase SOA refresh time from 2 hours to 4 hours. ----------------------------- -revision 1.8 -date: 2010/08/27 15:44:02; author: root; state: Exp; lines: +4 -2 -Add dlv TXT RR for validation by dlv.isc.org. ----------------------------- -revision 1.7 -date: 2010/06/25 12:29:50; author: root; state: Exp; lines: +2 -2 -Just bump up the serial number to check propagation of changes to slaves. ----------------------------- -revision 1.6 -date: 2010/06/22 12:49:01; author: root; state: Exp; lines: +3 -4 -Switch ns1 to official CAcert-hosted name server at ns.cacert.org. ----------------------------- -revision 1.5 -date: 2010/01/08 14:23:48; author: root; state: Exp; lines: +4 -8 -Switch completely to new name servers: ns[123].cacert.net. -Update MX record to point to email.cacert.org -- needs checking! ----------------------------- -revision 1.4 -date: 2010/01/06 14:34:36; author: root; state: Exp; lines: +6 -4 -Add ns3.cacert.net (mars.overmeer.net). -Add missing . in NS records for ns?.cacert.net. ----------------------------- -revision 1.3 -date: 2010/01/06 11:04:48; author: root; state: Exp; lines: +6 -3 -Add ns2.cacert.net (newsys.gun.de). - Document IP numbers of name servers used. ----------------------------- -revision 1.2 -date: 2010/01/05 15:54:56; author: root; state: Exp; lines: +4 -2 -Add A and AAAA for ns1.cacert.net. ----------------------------- -revision 1.1 -date: 2010/01/04 15:45:10; author: root; state: Exp; -Initial revision -============================================================================= diff --git a/cacert.org.log b/cacert.org.log deleted file mode 100644 index f8e9149..0000000 --- a/cacert.org.log +++ /dev/null @@ -1,591 +0,0 @@ - -RCS file: /var/opendnssec/unsigned/RCS/cacert.org,v -Working file: /var/opendnssec/unsigned/cacert.org -head: 1.126 -branch: -locks: strict -access list: -symbolic names: -keyword substitution: kv -total revisions: 126; selected revisions: 126 -description: -cacert.org - zone file for cacert.org ----------------------------- -revision 1.126 -date: 2019/08/06 13:57:34; author: root; state: Exp; lines: +2 -2 -Break up very long TXT record for spf1 in two parts to avoid hitting the 255 chars limit. ----------------------------- -revision 1.125 -date: 2019/08/06 13:46:19; author: root; state: Exp; lines: +16 -7 -Update records for email.cacert.org and emailout.cacert.org per e-mal request from Jan Dittberner on 06.08.2019. ----------------------------- -revision 1.124 -date: 2019/08/04 07:33:19; author: root; state: Exp; lines: +24 -2 -Apply changes for infrastructure systems per e-mail request from Jan Dittberner on 03.08.2019. ----------------------------- -revision 1.123 -date: 2019/06/06 08:40:23; author: root; state: Exp; lines: +12 -7 -Drop ns4.cacert.org secondary server. -Add fingerprints for new CAcert root certificates. ----------------------------- -revision 1.122 -date: 2019/04/30 10:26:34; author: root; state: Exp; lines: +10 -2 -Add extra SSHFP records for test.cacert.org and test2.cacert.org. ----------------------------- -revision 1.121 -date: 2019/04/02 15:41:31; author: root; state: Exp; lines: +4 -4 -Shorten TLSA records (i.e. use 2 1 1 rather than 2 0 0). ----------------------------- -revision 1.120 -date: 2018/11/21 09:33:19; author: root; state: Exp; lines: +4 -2 -Add CNAME records for secure.test3.cacert,org and www.test3.cacert.org. ----------------------------- -revision 1.119 -date: 2018/11/17 10:49:57; author: root; state: Exp; lines: +3 -3 -Re-enable IPv6 for ns3.cacert.org. ----------------------------- -revision 1.118 -date: 2018/11/01 16:36:38; author: root; state: Exp; lines: +12 -2 -Add A and SSHFP records for test3.cacert.org per e-mail request from Jan Dittberner on 01.11.2018. ----------------------------- -revision 1.117 -date: 2018/10/27 07:13:44; author: root; state: Exp; lines: +4 -2 -Add CNAME for codedocs.cacert.org per e-mail request from Jan Dittberner on 27.10.2018. ----------------------------- -revision 1.116 -date: 2018/06/25 15:35:40; author: root; state: Exp; lines: +3 -3 -Update IPv6 address for hopper.cacert.org. ----------------------------- -revision 1.115 -date: 2018/05/02 12:48:09; author: root; state: Exp; lines: +3 -3 -Update CAA record to contain a valid mailto: URL. ----------------------------- -revision 1.114 -date: 2018/04/16 06:34:32; author: root; state: Exp; lines: +3 -2 -Add IPv6 address for translations.cacert.org per e-mail request from Jan Dittberner on 15.04.2018. ----------------------------- -revision 1.113 -date: 2018/04/07 07:00:00; author: root; state: Exp; lines: +3 -2 -Add IPv6 address for bugs.cacert.org per e-mail request from Jan Dittberrner on 06.04.2018. ----------------------------- -revision 1.112 -date: 2018/04/03 13:31:39; author: root; state: Exp; lines: +11 -4 -Addd AAAA and update SSHFP records for irc per e-mail request from Jan Dittberner on 03.04.2018. ----------------------------- -revision 1.111 -date: 2018/02/26 11:13:28; author: root; state: Exp; lines: +3 -2 -Add A record for proxyout per e-mail from Jan Dittbernet of 25.02.2018. ----------------------------- -revision 1.110 -date: 2018/02/25 09:19:36; author: root; state: Exp; lines: +58 -24 -Tons of changes per e-mail request from Jan Dittberner on 24.02.2018. ----------------------------- -revision 1.109 -date: 2018/02/18 14:30:49; author: root; state: Exp; lines: +8 -10 -Various changes for infrastructure hosts per e-mail request from Jan Dittberrer on 17.02.2018. ----------------------------- -revision 1.108 -date: 2018/02/16 08:04:12; author: root; state: Exp; lines: +14 -4 -Add SHA256, ED25519 and ECDSA SSHFP records for blog.cacert.org. -Add SHA256, ED25519 and ECDSA SSHFP records for bugs.cacert.org. -Remove records for coaudit. -(e-mail request from Jan Dittberner on 15.02.2018) ----------------------------- -revision 1.107 -date: 2018/02/15 15:57:21; author: root; state: Exp; lines: +2 -6 -Drop all records for arbitrations.cacert.org per e-mail request -from Jan Dittberner on 15.02.2018. ----------------------------- -revision 1.106 -date: 2018/02/15 10:07:23; author: root; state: Exp; lines: +4 -2 -Add SSHFP records for new ED25519 SSH host key on git.cacert.org -per e-mail request from Jan Dittberner on 14.02.2018. ----------------------------- -revision 1.105 -date: 2017/09/29 13:36:39; author: root; state: Exp; lines: +6 -2 -Add CAA records. ----------------------------- -revision 1.104 -date: 2016/10/12 07:18:06; author: root; state: Exp; lines: +4 -4 -Set TTL for SOA to 1 hour, and SOA expire time to 7 days, per web recommendations. ----------------------------- -revision 1.103 -date: 2016/08/03 10:44:12; author: root; state: Exp; lines: +8 -8 -Update SSHFP records for hopper after migration to OpenSUSE 13.2. ----------------------------- -revision 1.102 -date: 2016/07/16 14:42:49; author: root; state: Exp; lines: +2 -2 -Update serial number to force OpenDNSSEC 2.0.0-1 to use a higher serial number. ----------------------------- -revision 1.101 -date: 2016/07/02 13:13:50; author: root; state: Exp; lines: +6 -2 -Add additional SSHFP records for git.cacert.org. ----------------------------- -revision 1.100 -date: 2016/05/06 09:29:27; author: root; state: Exp; lines: +4 -2 -Add CNAME for infradocs.cacert,org pointing to webstatic.cacert.org, per e-mail request -from Jan Dittberner on 05.05.2016. ----------------------------- -revision 1.99 -date: 2015/12/07 09:57:52; author: root; state: Exp; lines: +5 -5 -Update TLSA parameters for policy.cacert.org to something that hopefully works. ----------------------------- -revision 1.98 -date: 2015/12/07 09:51:00; author: root; state: Exp; lines: +9 -2 -Add CNAME and TLSA records for policy.cacert.org and subdomains, per e-mail request -from Benny Baumann on 06.12.2015. ----------------------------- -revision 1.97 -date: 2015/11/30 08:29:16; author: root; state: Exp; lines: +6 -2 -Add additional SSHFP records for cats.cacert.org. ----------------------------- -revision 1.96 -date: 2015/10/26 14:49:58; author: root; state: Exp; lines: +3 -3 -Disable IPv6 address for ns3, because this host is currently lacking IPv6 connectivity. ----------------------------- -revision 1.95 -date: 2015/05/26 15:12:10; author: root; state: Exp; lines: +8 -8 -Clean up fingerprints by dropping internal colons. ----------------------------- -revision 1.94 -date: 2015/05/26 14:56:50; author: root; state: Exp; lines: +13 -2 -Add RRs with fingerprints for CAcert root certificates (generated by cacert-fingerprints-to-dns). ----------------------------- -revision 1.93 -date: 2015/05/12 13:17:05; author: root; state: Exp; lines: +18 -18 -Update SSHFP records for cacert-fw01 and cacert-fw02 after upgrading firewall OS to OpenBSD 5.7. ----------------------------- -revision 1.92 -date: 2015/02/05 08:03:40; author: root; state: Exp; lines: +10 -2 -Add A and SSHFP records for jenkins.cacert.org per e-mail request from Jan Dittberner. ----------------------------- -revision 1.91 -date: 2015/02/03 08:13:56; author: root; state: Exp; lines: +8 -4 -Update SSHFP records for emailout per e-mail from Jan Dittberner on 02.02.2015. ----------------------------- -revision 1.90 -date: 2015/01/28 14:22:19; author: root; state: Exp; lines: +18 -2 -Add A and SSHFP records for web, funding, webstatic per e-mail request from Jan Dittberner. -See also https://bugs.cacert.org/view.php?id=1363 for details about the shared IP setup. ----------------------------- -revision 1.89 -date: 2015/01/09 09:59:38; author: root; state: Exp; lines: +3 -3 -Update IPv4 address for openppm.cacert.org per e-mail from Benedikt Heintel 08.01.2015. ----------------------------- -revision 1.88 -date: 2014/11/13 13:38:34; author: root; state: Exp; lines: +18 -14 -Update SSHFP records for cacert-fw01 and cacert-fw02 after upgrading firewall OS to OpenBSD 5.6. ----------------------------- -revision 1.87 -date: 2014/09/17 14:37:45; author: root; state: Exp; lines: +4 -4 -Update IPv4 and IPv6 addresses for ns4.cacert.org (ns-ext.nlnetlabs.nl). ----------------------------- -revision 1.86 -date: 2014/09/02 13:27:42; author: root; state: Exp; lines: +7 -2 -Add A record for hopper. -Add additional SSHFP records for hopper. ----------------------------- -revision 1.85 -date: 2014/08/24 08:58:27; author: root; state: Exp; lines: +4 -3 -Add IPv6 address for ocsp.cacert.org (replacing the experimental ocsp-ipv6 RR). ----------------------------- -revision 1.84 -date: 2014/08/09 14:43:05; author: root; state: Exp; lines: +3 -2 -Add IPv6 address for crl.cacert.org. ----------------------------- -revision 1.83 -date: 2014/07/22 09:34:28; author: root; state: Exp; lines: +4 -2 -Add TLSA record for www.cacert.org and secure.cacert.org. -This supports effective use of the DNSSEC/TLSA Validator browser plugin -available from CZ.NIC Labs. -The records have been created with https://www.huque.com/bin/gen_tlsa -using these parameters: - certificate usage: DANE-TA (2) trust anchor - selector: full cert (0) - matching type: exact match (0) - certificate: https://www.cacert.org/certs/root.der ----------------------------- -revision 1.82 -date: 2014/06/10 13:03:07; author: root; state: Exp; lines: +11 -2 -Add resource records for critmon.cacert.org. ----------------------------- -revision 1.81 -date: 2014/06/01 07:40:21; author: root; state: Exp; lines: +4 -6 -Drop A records for audit.cacert.org and dev.cacert.org (no longer existing) and -add A record for openppm.cacert.org, per e-mail request from Benedik Heintel on -June 1, 2014. ----------------------------- -revision 1.80 -date: 2014/05/30 15:29:52; author: root; state: Exp; lines: +6 -2 -Add some missing SSHFP records for infrastructure.cacert.org. ----------------------------- -revision 1.79 -date: 2014/04/07 14:12:09; author: root; state: Exp; lines: +3 -2 -Add experimental AAAA record for ocsp-ipv6.cacert.org. ----------------------------- -revision 1.78 -date: 2014/02/23 20:39:43; author: root; state: Exp; lines: +6 -2 -Add two CNAME records per e-mail request from Mario Lipinski on 23.02.2014. ----------------------------- -revision 1.77 -date: 2014/02/08 12:20:55; author: root; state: Exp; lines: +4 -4 -Remove SSHFP records for monitor.cacert.org, because they are illegal: monitor is a CNAME. -Add CNAME records for www.test.cacert.org and www.test2.cacert.org per e-mail request -from Mario Lipinski on 08.02.2014. ----------------------------- -revision 1.76 -date: 2014/02/06 15:40:10; author: root; state: Exp; lines: +73 -5 -Add SSHFP records for infrastructure hosts. -Reorganize layout for better readability and maintainability. ----------------------------- -revision 1.75 -date: 2014/02/06 13:43:11; author: root; state: Exp; lines: +7 -7 -Remove indentation added in previous commit: it is not allowed by ods-signer. ----------------------------- -revision 1.74 -date: 2014/02/06 13:37:58; author: root; state: Exp; lines: +9 -5 -Name changes per e-mail request from Mario Lipinski on 05.02.2014. ----------------------------- -revision 1.73 -date: 2014/01/29 13:24:18; author: root; state: Exp; lines: +6 -2 -Add four new infrastructure systems. ----------------------------- -revision 1.72 -date: 2014/01/27 16:03:20; author: root; state: Exp; lines: +3 -2 -Add AAAA record for ns1.cacert.org. ----------------------------- -revision 1.71 -date: 2014/01/25 16:50:15; author: root; state: Exp; lines: +4 -2 -Add SSHFP records for hopper. ----------------------------- -revision 1.70 -date: 2014/01/25 16:46:14; author: root; state: Exp; lines: +3 -2 -Add IPv6 address for hopper.cacert.org. ----------------------------- -revision 1.69 -date: 2014/01/23 15:37:34; author: root; state: Exp; lines: +3 -2 -Add A record for eu.cacert.org (which is actually cacert.eu), -to show that the IPv4 address in our range is taken. ----------------------------- -revision 1.68 -date: 2013/12/20 16:04:43; author: root; state: Exp; lines: +2 -4 -Drop wwwmail (mail name for www server) from the DNS. ----------------------------- -revision 1.67 -date: 2013/12/17 16:27:00; author: root; state: Exp; lines: +10 -9 -Updates requested by Mario Lipinski (e-mail 14.12.2013). ----------------------------- -revision 1.66 -date: 2013/12/11 15:47:08; author: root; state: Exp; lines: +14 -2 -Add SSHFP records for cacert-fw01 and cacert-fw02. ----------------------------- -revision 1.65 -date: 2013/12/09 13:52:36; author: root; state: Exp; lines: +8 -2 -Add address records for cacert-fw, cacert-fw01 and cacert-fw02. ----------------------------- -revision 1.64 -date: 2013/11/27 16:37:59; author: root; state: Exp; lines: +3 -3 -Update TXT spf1 record for blog.cacert.org. ----------------------------- -revision 1.63 -date: 2013/10/26 19:53:08; author: root; state: Exp; lines: +3 -3 -Include more addresses in SPF record for cacert.org, since the mail probes -from the web server may come from different addresses (sad but true). ----------------------------- -revision 1.62 -date: 2013/10/24 15:45:16; author: root; state: Exp; lines: +3 -2 -Add SPF record for cacert.org. ----------------------------- -revision 1.61 -date: 2013/06/01 08:55:22; author: root; state: Exp; lines: +4 -4 -Update A and AAAA records for ns3 after server migration of mars.overmeer.net. ----------------------------- -revision 1.60 -date: 2013/05/14 10:37:19; author: root; state: Exp; lines: +2 -7 -Drop obsolete name 'hlin' from the cacert.org zone. -Drop wwwdb and securedb entries which were added for testing new web server. ----------------------------- -revision 1.59 -date: 2013/03/17 10:19:32; author: root; state: Exp; lines: +2 -5 -Drop nameserver ns2 because it will be taken out of service soon. -A corresponding change has already been made in the GKG.NET registry. ----------------------------- -revision 1.58 -date: 2013/02/27 16:02:23; author: root; state: Exp; lines: +6 -2 -Add temporary experimental A and AAAA records for wwwdb and securedb, -as part of the migration of CAcert's main webserver to new hardware. ----------------------------- -revision 1.57 -date: 2012/06/12 15:06:45; author: root; state: Exp; lines: +3 -3 -Update SPF record for lists.cacert.org because it appears that this host is -now sending mail directly instead of via the cacert.org mail host, as a result -of the recent Tunix firewall changes. ----------------------------- -revision 1.56 -date: 2012/06/07 08:56:09; author: root; state: Exp; lines: +3 -2 -Also add IPv6 address for cacert.org itself. ----------------------------- -revision 1.55 -date: 2012/06/04 09:56:14; author: root; state: Exp; lines: +5 -2 -Add IPv6 addresses for {www,secure,tverify}.cacert.org in preparation for -World IPv6 Launch on 6 June 2012. ----------------------------- -revision 1.54 -date: 2012/05/23 09:24:57; author: root; state: Exp; lines: +4 -2 -Add A records for infrastructure.cacert.org and monitor.cacert.org, both -pointing to 213.154.225.230, per e-mail request from Mario Lipinski on -May 23, 2012. ----------------------------- -revision 1.53 -date: 2012/05/21 08:17:26; author: root; state: Exp; lines: +2 -4 -Remove A records for cod.cacert.org and translingo.cacert.org per e-mail -request from Mario Lipinski on 20.05.2012. ----------------------------- -revision 1.52 -date: 2012/04/17 07:07:02; author: root; state: Exp; lines: +3 -3 -Reduce SOA expiration timer from 1 week to 2 days, in order to comply with -a recommendation made in RFC 4641bis: the SOA expiration timer should be -between 1/4th and 1/3ed of the size of the signature validity period (1 week). ----------------------------- -revision 1.51 -date: 2012/04/04 15:45:59; author: root; state: Exp; lines: +2 -4 -Drop CNAME records for stamp and timestamp, since this service hasn't been -supported anymore for years, and has also been removed from the Apache2 -webserver configuration on the CAcert webdb server. ----------------------------- -revision 1.50 -date: 2012/03/30 09:34:19; author: root; state: Exp; lines: +2 -3 -Remove A record for hashserver service which has been shut down. ----------------------------- -revision 1.49 -date: 2012/03/29 15:35:37; author: root; state: Exp; lines: +2 -6 -Remove A records for services which have been shut down recently. ----------------------------- -revision 1.48 -date: 2012/03/27 06:59:08; author: root; state: Exp; lines: +2 -2 -*** empty log message *** ----------------------------- -revision 1.47 -date: 2012/03/27 06:54:33; author: root; state: Exp; lines: +4 -4 -t=y for DKIM ----------------------------- -revision 1.46 -date: 2011/12/23 09:32:45; author: root; state: Exp; lines: +2 -3 -Remove A record for research.cacert.org per e-mail request from Piers Lauder. ----------------------------- -revision 1.45 -date: 2011/09/18 13:55:19; author: root; state: Exp; lines: +4 -2 -Add A record for translations.cacert.org and CNAME record for l10n alias, -per e-mail from Mario Lipinski on 17.09.2011. ----------------------------- -revision 1.44 -date: 2011/08/25 09:46:32; author: root; state: Exp; lines: +3 -2 -Add A record for community-vpn per e-mail request from Dominik George on -24.08.2011. ----------------------------- -revision 1.43 -date: 2011/07/14 15:30:42; author: root; state: Exp; lines: +3 -2 -Add IPv6 address for ns3 (per e-mail from Mark Overmeer on July 7, 2011). ----------------------------- -revision 1.42 -date: 2011/07/02 11:16:34; author: root; state: Exp; lines: +3 -2 -Add A record for emailout.cacert.org, attempting to solve e-mail problems -as requested by Michael Taenzer. ----------------------------- -revision 1.41 -date: 2011/04/26 07:48:24; author: root; state: Exp; lines: +2 -4 -Drop A records for ldap (per e-mail Mario Lipinski 25.04.2011) and ocsp2 -(was only used during physical migration in June 2010, may be resurrected -in the future though at some other address). ----------------------------- -revision 1.40 -date: 2011/04/25 11:50:02; author: root; state: Exp; lines: +3 -3 -Update IPv4 address for cod from .240 to .252 per e-mail from Mario Lipinski -on 25.04.2011. ----------------------------- -revision 1.39 -date: 2011/04/13 11:19:00; author: root; state: Exp; lines: +4 -2 -Add cert.svn and nocert.svn as CNAMEs for svn.cacert.org, per e-mail request -from Jan Dittberner on April 12, 2011. ----------------------------- -revision 1.38 -date: 2011/01/24 16:13:31; author: root; state: Exp; lines: +2 -4 -Drop dlv TXT RR for validation by dlv.isc.org, because we don't use dlv -anymore for this zone, its DS record has been uploaded to the registry. ----------------------------- -revision 1.37 -date: 2010/12/09 13:08:01; author: root; state: Exp; lines: +5 -2 -Add A and AAAA records for ns5.cacert.org (sns-pb.isc.org) and enable -an NS record for it. ----------------------------- -revision 1.36 -date: 2010/10/27 14:55:25; author: root; state: Exp; lines: +3 -2 -Enable NS record for ns4. ----------------------------- -revision 1.35 -date: 2010/10/21 09:55:49; author: root; state: Exp; lines: +4 -2 -Add A and AAAA records for ns4.cacert.org (ns-ext.nlnetlabs.nl). ----------------------------- -revision 1.34 -date: 2010/10/20 15:48:45; author: root; state: Exp; lines: +2 -4 -Drop dns1.go-now.at. and dns2.go-now.at. from the NS list, since they are -unable to provide DNSSEC or TSIG service now or in the near future. ----------------------------- -revision 1.33 -date: 2010/10/15 13:47:05; author: root; state: Exp; lines: +4 -2 -Add dlv TXT RR for validation by dlv.isc.org. ----------------------------- -revision 1.32 -date: 2010/10/13 09:40:14; author: root; state: Exp; lines: +4 -2 -Add A and AAAA records for wwwmail.cacert.org, to be used as the mailname -in the postfix configuration of www.cacert.org. To make this fully work, -we will also request reverse mappings for these A and AAAA addresses -pointing to wwwmail.cacert.org to be added by BIT. ----------------------------- -revision 1.31 -date: 2010/10/11 11:19:28; author: root; state: Exp; lines: +3 -4 -Remove obsolete CNAME pastebin pointing to obsoleted druantia.cacert.org. -Replace CNAME for www.cacert.org by direct A record. ----------------------------- -revision 1.30 -date: 2010/10/04 15:10:59; author: root; state: Exp; lines: +3 -6 -Drop NS record pointing to dns4.go-now.at. since that machine does not -provide helpful responses to DNS queries. -Drop old cruft: records for br.cacert.org and druantia.cacert.org. -Add IPv6 address for ns2.cacert.org. ----------------------------- -revision 1.29 -date: 2010/10/03 20:05:15; author: root; state: Exp; lines: +3 -2 -Add A record for board.cacert.org. ----------------------------- -revision 1.28 -date: 2010/09/15 15:07:39; author: root; state: Exp; lines: +3 -3 -Increase SOA refresh time from 2 hours to 4 hours. ----------------------------- -revision 1.27 -date: 2010/06/24 21:08:22; author: root; state: Exp; lines: +2 -3 -Remove obsolete A record for *.br.cacert.org. ----------------------------- -revision 1.26 -date: 2010/06/22 12:49:01; author: root; state: Exp; lines: +3 -4 -Switch ns1 to official CAcert-hosted name server at ns.cacert.org. ----------------------------- -revision 1.25 -date: 2010/06/21 09:19:27; author: root; state: Exp; lines: +5 -6 -Drop shortened TTLs, migration has finished so we don't need them anymore. -Drop A record for www2 (only used for migration). -Add A record for ns.cacert.org, the new master name server for CAcert. ----------------------------- -revision 1.24 -date: 2010/06/15 16:54:25; author: root; state: Exp; lines: +3 -3 -Fix broken IP address!!! ----------------------------- -revision 1.23 -date: 2010/06/15 16:17:18; author: root; state: Exp; lines: +5 -5 -Revert to official servers after move to BIT-2B. ----------------------------- -revision 1.22 -date: 2010/06/15 07:13:00; author: root; state: Exp; lines: +6 -6 -Switch www and ocsp to temporary service. -Drop special TTL setting for ocsp1 and ocsp2 (not necessary). ----------------------------- -revision 1.21 -date: 2010/06/11 14:23:56; author: root; state: Exp; lines: +2 -7 -Drop A records for *.way[12345].vhost.cacert.org, since we have no idea -what they are good for (probably some historic artefact). Main reason for -doing this now is to check whether our slave servers are picking up the -notify in time. ----------------------------- -revision 1.20 -date: 2010/06/04 10:00:19; author: root; state: Exp; lines: +10 -8 -Prepare for dropping dns[124].go-now.at. NS records forever ... -Add second ocsp record, and explicit name ocsp1 for first (main) ocsp server. ----------------------------- -revision 1.19 -date: 2010/06/02 10:13:22; author: root; state: Exp; lines: +4 -2 -Add A records for www2 and ocsp2 (backup services at HCC Hobbynet). ----------------------------- -revision 1.18 -date: 2010/06/01 11:40:33; author: root; state: Exp; lines: +4 -4 -Reduce TTL for A records of cacert.org and ocsp.cacert.org to 5 minutes, -in anticipation of temporary re-routing during move of BIT server room. ----------------------------- -revision 1.17 -date: 2010/02/28 10:13:56; author: root; state: Exp; lines: +4 -2 -Add cert.lists.cacert.org and nocert.lists.cacert.org per email request -from Daniel Black, 20100228. ----------------------------- -revision 1.16 -date: 2010/01/06 14:36:44; author: root; state: Exp; lines: +4 -2 -Add ns3.cacert.org (mars.overmeer.net). ----------------------------- -revision 1.15 -date: 2010/01/06 11:06:02; author: root; state: Exp; lines: +6 -3 -Add ns2.cacert.org (newsys.gun.de). -Document IP numbers of name servers. ----------------------------- -revision 1.14 -date: 2010/01/05 15:55:21; author: root; state: Exp; lines: +4 -2 -Add A and AAAA RR for ns1.cacert.org (currently housed on ns.deboca.net). ----------------------------- -revision 1.13 -date: 2009/12/25 15:51:26; author: wytze; state: Exp; lines: +3 -2 -Add ldap.cacert.org A record per e-mail request from Brian Henson. ----------------------------- -revision 1.12 -date: 2009/10/12 07:56:24; author: wytze; state: Exp; lines: +4 -3 -Rename _ssp._domainkey.lists to _adsp._domainkey.lists and update its -contents to comply with RFC 5617. -Add "dkim=unknown" record for _adsp._domainkey. -Changes requested by Daniel Black, e-mail 12.10.2009 02:19. ----------------------------- -revision 1.11 -date: 2009/09/17 10:47:04; author: wytze; state: Exp; lines: +3 -3 -Update A record for research per request from Philipp Gühring 16.09.2009. ----------------------------- -revision 1.10 -date: 2009/09/01 08:02:34; author: wytze; state: Exp; lines: +3 -3 -Renumber paypal from .229 to .250, since .229 appears to be in use as -the main IP of the mirror firewall. ----------------------------- -revision 1.9 -date: 2009/08/30 18:16:38; author: wytze; state: Exp; lines: +3 -2 -Add A record for *.forum per request from Christopher Hoth. ----------------------------- -revision 1.8 -date: 2009/08/29 15:47:50; author: wytze; state: Exp; lines: +2 -2 -Just up the serial number after performin some (failing) tests. ----------------------------- -revision 1.7 -date: 2009/08/29 15:27:58; author: wytze; state: Exp; lines: +6 -2 -Add four new A records for paypal (.229), cod (.240), test2 (.248) and -forum (.249). ----------------------------- -revision 1.6 -date: 2009/08/28 19:07:03; author: wytze; state: Exp; lines: +3 -2 -Add DKIM TXT record for auto._domainkey per request from Daniel Black. ----------------------------- -revision 1.5 -date: 2009/07/03 10:03:44; author: wytze; state: Exp; lines: +3 -2 -Add new A record for issue.cacert.org per request from Daniel Black. ----------------------------- -revision 1.4 -date: 2009/06/15 12:24:26; author: wytze; state: Exp; lines: +2 -3 -Remove NS record pointing to dns3.go-now.at. because this one is not -registered with .ORG, and is also refusing to listen to our notify. ----------------------------- -revision 1.3 -date: 2009/06/15 12:16:14; author: wytze; state: Exp; lines: +54 -54 -Set default TTL to 12 hours, and remove all explicit TTL settings. -Adjust some timings in the SOA record. -This addresses e-mail from Daniel Black on June 14, 2009 and this message: -https://lists.cacert.org/wws/arc/cacert-support/2009-06/msg00021.html ----------------------------- -revision 1.2 -date: 2009/06/12 10:18:19; author: wytze; state: Exp; lines: +6 -4 -Perform updates as requested from Georg Markus Kainz on June 5 & 8, 2009. ----------------------------- -revision 1.1 -date: 2009/06/12 10:11:13; author: wytze; state: Exp; -Initial revision -============================================================================= diff --git a/mk-tlsa-recs b/mk-tlsa-recs deleted file mode 100755 index b4b7a29..0000000 --- a/mk-tlsa-recs +++ /dev/null @@ -1,31 +0,0 @@ -#! /bin/bash -# @(#)(CAcert) $Id: mk-tlsa-recs,v 1.2 2019/04/02 15:37:17 root Exp $ -# mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory - -LDNS_DANE=/usr/bin/ldns-dane - -PORT=443 # HTTPS - -USAGE=3 # 0: CA constraint - # 1: Service certificate constraint - # 2: Trust anchor assertion - # 3: Domain-issued certificate -ALT_USAGE=2 - -SELECTOR=1 # 0: Full certificate - # 1: SubjectPublicKeyInfo - -TYPE=1 # 0: No hash used - # 1: SHA-256 - # 2: SHA-512 - -for crt in certs/*.crt -do - test -L ${crt} || continue - DOMAIN=`basename ${crt} .crt` - for usage in ${USAGE} ${ALT_USAGE} - do - ${LDNS_DANE} -c ${crt} create \ - ${DOMAIN} ${PORT} ${usage} ${SELECTOR} ${TYPE} - done -done diff --git a/mk-tlsa-recs.log b/mk-tlsa-recs.log deleted file mode 100644 index 49806ca..0000000 --- a/mk-tlsa-recs.log +++ /dev/null @@ -1,24 +0,0 @@ - -RCS file: /var/opendnssec/unsigned/RCS/mk-tlsa-recs,v -Working file: /var/opendnssec/unsigned/mk-tlsa-recs -head: 1.2 -branch: -locks: strict -access list: -symbolic names: -keyword substitution: kv -total revisions: 2; selected revisions: 2 -description: -mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory ----------------------------- -revision 1.2 -date: 2019/04/02 15:37:17; author: root; state: Exp; lines: +10 -3 -Updates: -- use ldns-dane from /usr/bin (parametrized) -- only generate TLSA records for symlink'ed certificates -- generate both domain and trust anchor TLSA records ----------------------------- -revision 1.1 -date: 2015/12/09 10:37:58; author: root; state: Exp; -Initial revision -=============================================================================