Add software configuration for CAcert ns server.

The primary revision control is kept in RCS on the actual server, but the RCS logs of that server are also kept in this svn repository. git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2323 14b1bab8-4ef6-0310-b690-991c95c89dfd
13 years ago · 3f4424d7b6
commit 3f4424d7b6
6 changed files with 523 additions and 0 deletions
--- a/cacert.com
+++ b/cacert.com
@ -0,0 +1,33 @@
+; DNS master zone file for cacert.com, under RCS control
+; @(#)(CAcert) $Id: cacert.com,v 1.14 2011/07/14 15:30:42 root Exp $
+
+$TTL	12h	;	default TTL for zone data
+
+@	IN	SOA	ns1.cacert.com. hostmaster.cacert.com. (
+					2011071401	; Serial
+					4h		; refresh time
+					1h		; retry interval
+					1w		; expire time
+					12h )		; negative caching TTL
+
+@		IN	NS	ns1.cacert.com.
+@		IN	NS	ns2.cacert.com.
+@		IN	NS	ns3.cacert.com.
+@		IN	NS	ns4.cacert.com.
+@		IN	NS	ns5.cacert.com.
+
+@		IN	A	213.154.225.245
+@		IN	MX	10 email.cacert.org.
+
+ns1		IN	A	213.154.225.251		; ns.cacert.org
+ns2		IN	A	195.34.169.146		; newsys.gun.de
+ns2		IN	AAAA	2001:470:1f0a:1a4e::2
+ns3		IN	A	193.200.132.194		; mars.overmeer.net
+ns3		IN	AAAA	2a02:2308:10::6:2
+ns4		IN	A	213.154.224.4		; ns-ext.nlnetlabs.nl
+ns4		IN	AAAA	2001:7b8:206:1::4:53
+ns5		IN	A	192.5.4.1		; sns-pb.isc.org
+ns5		IN	AAAA	2001:500:2e::1
+www		IN	CNAME	cacert.com.
+
+dlv	0 	IN	TXT	"DLV:1:fxmtrrsyywvr"
--- a/cacert.com.log
+++ b/cacert.com.log
@ -0,0 +1,73 @@
+
+RCS file: /var/opendnssec/unsigned/RCS/cacert.com,v
+Working file: /var/opendnssec/unsigned/cacert.com
+head: 1.14
+branch:
+locks: strict
+access list:
+symbolic names:
+keyword substitution: kv
+total revisions: 14;	selected revisions: 14
+description:
+cacert.com - zone file for cacert.com
+----------------------------
+revision 1.14
+date: 2011/07/14 15:30:42;  author: root;  state: Exp;  lines: +3 -2
+Add IPv6 address for ns3 (per e-mail from Mark Overmeer on July 7, 2011).
+----------------------------
+revision 1.13
+date: 2010/12/09 13:04:26;  author: root;  state: Exp;  lines: +5 -2
+Add A and AAAA records for ns5.cacert.com (sns-pb.isc.org) and enable
+an NS record for it.
+----------------------------
+revision 1.12
+date: 2010/10/27 14:55:25;  author: root;  state: Exp;  lines: +3 -2
+Enable NS record for ns4.
+----------------------------
+revision 1.11
+date: 2010/10/21 09:55:49;  author: root;  state: Exp;  lines: +4 -2
+Add A and AAAA records for ns4.cacert.com (ns-ext.nlnetlabs.nl).
+----------------------------
+revision 1.10
+date: 2010/10/07 14:30:28;  author: root;  state: Exp;  lines: +3 -2
+Add IPv6 address for ns2.cacert.org.
+----------------------------
+revision 1.9
+date: 2010/09/15 15:07:39;  author: root;  state: Exp;  lines: +3 -3
+Increase SOA refresh time from 2 hours to 4 hours.
+----------------------------
+revision 1.8
+date: 2010/09/15 14:14:37;  author: root;  state: Exp;  lines: +4 -2
+Add dlv TXT RR for validation by dlv.isc.org.
+----------------------------
+revision 1.7
+date: 2010/06/22 12:49:01;  author: root;  state: Exp;  lines: +3 -4
+Switch ns1 to official CAcert-hosted name server at ns.cacert.org.
+----------------------------
+revision 1.6
+date: 2010/01/06 16:13:46;  author: root;  state: Exp;  lines: +4 -7
+Switch completely to new name servers: ns[123].cacert.com.
+Update MX record to point to email.cacert.org -- needs checking!
+----------------------------
+revision 1.5
+date: 2010/01/06 14:33:43;  author: root;  state: Exp;  lines: +4 -2
+Add ns3.cacert.com (mars.overmeer.net).
+----------------------------
+revision 1.4
+date: 2010/01/06 11:03:07;  author: root;  state: Exp;  lines: +5 -3
+Add ns2.cacert.com (newsys.gun.de).
+Document IP numbers of name servers used.
+----------------------------
+revision 1.3
+date: 2010/01/05 15:54:37;  author: root;  state: Exp;  lines: +3 -2
+Add IPv6 address for ns1.cacert.com.
+----------------------------
+revision 1.2
+date: 2010/01/04 15:56:09;  author: root;  state: Exp;  lines: +4 -3
+Replace unregistered NS cobold.sportreportnet5.at. by ns1.cacert.com,
+and an appropriate A record for it (pointing to deboca.net's IP).
+----------------------------
+revision 1.1
+date: 2010/01/04 15:43:27;  author: root;  state: Exp;
+Initial revision
+=============================================================================
--- a/cacert.net
+++ b/cacert.net
@ -0,0 +1,31 @@
+; DNS master zone file for cacert.net, under RCS control
+; @(#)(CAcert) $Id: cacert.net,v 1.15 2011/07/14 15:30:42 root Exp $
+
+$TTL	12h	;	default TTL for zone data
+
+@	IN	SOA	ns1.cacert.net. hostmaster.cacert.net. (
+					2011071401	; Serial
+					4h		; refresh time
+					1h		; retry interval
+					1w		; expire time
+					12h )		; negative caching TTL
+
+@		IN	NS	ns1.cacert.net.
+@		IN	NS	ns2.cacert.net.
+@		IN	NS	ns3.cacert.net.
+@		IN	NS	ns4.cacert.net.
+@		IN	NS	ns5.cacert.net.
+
+@		IN	A	213.154.225.245
+@		IN	MX	10 email.cacert.org.
+
+ns1		IN	A	213.154.225.251		; ns.cacert.org
+ns2		IN	A	195.34.169.146		; newsys.gun.de
+ns2		IN	AAAA	2001:470:1f0a:1a4e::2
+ns3		IN	A	193.200.132.194		; mars.overmeer.net
+ns3		IN	AAAA	2a02:2308:10::6:2
+ns4		IN	A	213.154.224.4		; ns-ext.nlnetlabs.nl
+ns4		IN	AAAA	2001:7b8:206:1::4:53
+ns5		IN	A	192.5.4.1		; sns-pb.isc.org
+ns5		IN	AAAA	2001:500:2e::1
+www		IN	CNAME	cacert.net.
--- a/cacert.net.log
+++ b/cacert.net.log
@ -0,0 +1,78 @@
+
+RCS file: /var/opendnssec/unsigned/RCS/cacert.net,v
+Working file: /var/opendnssec/unsigned/cacert.net
+head: 1.15
+branch:
+locks: strict
+access list:
+symbolic names:
+keyword substitution: kv
+total revisions: 15;	selected revisions: 15
+description:
+cacert.net - DNS master zone file for cacert.net, under RCS control
+----------------------------
+revision 1.15
+date: 2011/07/14 15:30:42;  author: root;  state: Exp;  lines: +3 -2
+Add IPv6 address for ns3 (per e-mail from Mark Overmeer on July 7, 2011).
+----------------------------
+revision 1.14
+date: 2011/01/24 16:13:31;  author: root;  state: Exp;  lines: +2 -4
+Drop dlv TXT RR for validation by dlv.isc.org, because we don't use dlv
+anymore for this zone, its DS record has been uploaded to the registry.
+----------------------------
+revision 1.13
+date: 2010/12/09 13:06:27;  author: root;  state: Exp;  lines: +5 -2
+Add A and AAAA records for ns5.cacert.net (sns-pb.isc.org) and enable
+an NS record for it.
+----------------------------
+revision 1.12
+date: 2010/10/27 14:55:25;  author: root;  state: Exp;  lines: +3 -2
+Enable NS record for ns4.
+----------------------------
+revision 1.11
+date: 2010/10/21 09:55:49;  author: root;  state: Exp;  lines: +4 -2
+Add A and AAAA records for ns4.cacert.net (ns-ext.nlnetlabs.nl).
+----------------------------
+revision 1.10
+date: 2010/10/07 14:30:28;  author: root;  state: Exp;  lines: +3 -2
+Add IPv6 address for ns2.cacert.org.
+----------------------------
+revision 1.9
+date: 2010/09/15 15:07:39;  author: root;  state: Exp;  lines: +3 -3
+Increase SOA refresh time from 2 hours to 4 hours.
+----------------------------
+revision 1.8
+date: 2010/08/27 15:44:02;  author: root;  state: Exp;  lines: +4 -2
+Add dlv TXT RR for validation by dlv.isc.org.
+----------------------------
+revision 1.7
+date: 2010/06/25 12:29:50;  author: root;  state: Exp;  lines: +2 -2
+Just bump up the serial number to check propagation of changes to slaves.
+----------------------------
+revision 1.6
+date: 2010/06/22 12:49:01;  author: root;  state: Exp;  lines: +3 -4
+Switch ns1 to official CAcert-hosted name server at ns.cacert.org.
+----------------------------
+revision 1.5
+date: 2010/01/08 14:23:48;  author: root;  state: Exp;  lines: +4 -8
+Switch completely to new name servers: ns[123].cacert.net.
+Update MX record to point to email.cacert.org -- needs checking!
+----------------------------
+revision 1.4
+date: 2010/01/06 14:34:36;  author: root;  state: Exp;  lines: +6 -4
+Add ns3.cacert.net (mars.overmeer.net).
+Add missing . in NS records for ns?.cacert.net.
+----------------------------
+revision 1.3
+date: 2010/01/06 11:04:48;  author: root;  state: Exp;  lines: +6 -3
+Add ns2.cacert.net (newsys.gun.de).
+ Document IP numbers of name servers used.
+----------------------------
+revision 1.2
+date: 2010/01/05 15:54:56;  author: root;  state: Exp;  lines: +4 -2
+Add A and AAAA for ns1.cacert.net.
+----------------------------
+revision 1.1
+date: 2010/01/04 15:45:10;  author: root;  state: Exp;
+Initial revision
+=============================================================================
--- a/cacert.org
+++ b/cacert.org
@ -0,0 +1,79 @@
+; DNS master zone file for cacert.org, under RCS control
+; @(#)(CAcert) $Id: cacert.org,v 1.45 2011/09/18 13:55:19 root Exp $
+
+$TTL	12h	;	default TTL for zone data
+
+@	IN	SOA	ns1.cacert.org. hostmaster.cacert.org. (
+					2011091801	; Serial
+					4h		; refresh time
+					1h		; retry interval
+					1w		; expire time
+					12h )		; negative caching TTL
+
+@		IN	NS	ns1.cacert.org.
+@		IN	NS	ns2.cacert.org.
+@		IN	NS	ns3.cacert.org.
+@		IN	NS	ns4.cacert.org.
+@		IN	NS	ns5.cacert.org.
+
+@		IN	A	213.154.225.245
+@		IN	MX	10 email.cacert.org.
+
+audit		IN	A	78.46.255.66
+blog		IN	A	213.154.225.234
+blog		IN	TXT	"v=spf1 -all"
+board		IN	A	213.154.225.252
+bugs		IN	A	213.154.225.232
+cats		IN	A	213.154.225.243
+cod		IN	A	213.154.225.252
+community	IN	A	213.154.225.239
+community-vpn	IN	A	78.47.142.76
+crl		IN	A	213.154.225.236
+dev		IN	A	78.46.255.66
+email		IN	A	213.154.225.228
+emailout	IN	A	213.154.225.239
+forum		IN	A	213.154.225.249
+*.forum		IN	A	213.154.225.249
+hashserver	IN	A	213.154.225.241
+hlin		IN	A	213.154.225.245
+irc		IN	A	213.154.225.233
+issue		IN	A	213.154.225.244
+l10n		IN	CNAME	translations.cacert.org.
+lists		IN	A	213.154.225.231
+cert.lists	IN	A	213.154.225.231
+nocert.lists	IN	A	213.154.225.231
+lists		IN	MX	10 email.cacert.org.
+lists		IN	TXT	"v=spf1 ip4:213.154.225.228 -all"
+_adsp._domainkey       IN TXT	"dkim=unknown"
+_adsp._domainkey.lists IN TXT	"dkim=all"
+lists._domainkey.lists IN TXT	"v=DKIM1\;g=*\;k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs2Hu5HQpT5FWj2TrqHZwFM/h0Tc35idlBviaArkdp5fRPx402ID+pMYZZW6lVM/IJlmeTqPGO73oQyl/tFlnXWj/X8p809IFqWnKWzGKJLhnxMAZW7bmzyjR8siK3It93+s5mu9r/4pwHCW3bEbdtKartd7cud84JO15cLJYA+QIDAQAB"
+mail._domainkey	IN	TXT	"v=DKIM1\;g=*\;k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOZV5h3rm18QRiNfNnwXadX8jeSC3zjpU7GFNTfZk1ifjLxrlVrSsfAvlVfFvR2/uQXegwEkiNV5bd57d989T+VVLZZbSv+OAXX4ZwihsLkf3huDszKtJTvsybqUNh97OE00THSyJCrcowFDcLv5IN2ULCOlMjTqbZxZuaNW0S6wIDAQAB"
+auto._domainkey IN	TXT	"v=DKIM1\;g=*\;k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDNFxiNr+NHJwih3OPhGr4iwLE+BBDu72YrMSzUnU1FF50CW7iOtuhg796UZ6xrZ5VuhAix6YmmzcvF2UxYzoD/XpfZ4MzBu0ND4/nkt9/YOTyIBzwQqn9uMNve0Y76Zsel89dIJtOI+y+lfnFExV0jKwe53gzmxMVpMSSCcZPGwIDAQAB"	; ----- DKIM auto for cacert.org
+ns		IN	A	213.154.225.251		; master
+ns1		IN	A	213.154.225.251		; ns.cacert.org
+ns2		IN	A	195.34.169.146		; newsys.gun.de
+ns2		IN	AAAA	2001:470:1f0a:1a4e::2
+ns3		IN	A	193.200.132.194		; mark.overmeer.net
+ns3		IN	AAAA	2a02:2308:10::6:2
+ns4		IN	A	213.154.224.4		; ns-ext.nlnetlabs.nl
+ns4		IN	AAAA	2001:7b8:206:1::4:53
+ns5		IN	A	192.5.4.1		; sns-pb.isc.org
+ns5		IN	AAAA	2001:500:2e::1
+ocsp		IN	A	213.154.225.237
+ocsp1 		IN	A	213.154.225.237
+paypal		IN	A	213.154.225.250
+research	IN	A	78.41.115.142
+secure		IN	A	213.154.225.246
+stamp		IN	CNAME	hlin.cacert.org.
+svn		IN	A	213.154.225.238
+cert.svn	IN	CNAME	svn.cacert.org.
+nocert.svn	IN	CNAME	svn.cacert.org.
+test2		IN	A	213.154.225.248
+timestamp	IN	CNAME	hlin.cacert.org.
+translations	IN	A	213.154.225.240
+translingo	IN	A	213.154.225.242
+tverify		IN	A	213.154.225.247
+wiki		IN	A	213.154.225.235
+www		IN	A	213.154.225.245
+wwwmail		IN	A	213.154.225.245
+wwwmail		IN	AAAA	2001:7b8:3:9c::245
--- a/cacert.org.log
+++ b/cacert.org.log
@ -0,0 +1,229 @@
+
+RCS file: /var/opendnssec/unsigned/RCS/cacert.org,v
+Working file: /var/opendnssec/unsigned/cacert.org
+head: 1.45
+branch:
+locks: strict
+access list:
+symbolic names:
+keyword substitution: kv
+total revisions: 45;	selected revisions: 45
+description:
+cacert.org - zone file for cacert.org
+----------------------------
+revision 1.45
+date: 2011/09/18 13:55:19;  author: root;  state: Exp;  lines: +4 -2
+Add A record for translations.cacert.org and CNAME record for l10n alias,
+per e-mail from Mario Lipinski on 17.09.2011.
+----------------------------
+revision 1.44
+date: 2011/08/25 09:46:32;  author: root;  state: Exp;  lines: +3 -2
+Add A record for community-vpn per e-mail request from Dominik George on
+24.08.2011.
+----------------------------
+revision 1.43
+date: 2011/07/14 15:30:42;  author: root;  state: Exp;  lines: +3 -2
+Add IPv6 address for ns3 (per e-mail from Mark Overmeer on July 7, 2011).
+----------------------------
+revision 1.42
+date: 2011/07/02 11:16:34;  author: root;  state: Exp;  lines: +3 -2
+Add A record for emailout.cacert.org, attempting to solve e-mail problems
+as requested by Michael Taenzer.
+----------------------------
+revision 1.41
+date: 2011/04/26 07:48:24;  author: root;  state: Exp;  lines: +2 -4
+Drop A records for ldap (per e-mail Mario Lipinski 25.04.2011) and ocsp2
+(was only used during physical migration in June 2010, may be resurrected
+in the future though at some other address).
+----------------------------
+revision 1.40
+date: 2011/04/25 11:50:02;  author: root;  state: Exp;  lines: +3 -3
+Update IPv4 address for cod from .240 to .252 per e-mail from Mario Lipinski
+on 25.04.2011.
+----------------------------
+revision 1.39
+date: 2011/04/13 11:19:00;  author: root;  state: Exp;  lines: +4 -2
+Add cert.svn and nocert.svn as CNAMEs for svn.cacert.org, per e-mail request
+from Jan Dittberner on April 12, 2011.
+----------------------------
+revision 1.38
+date: 2011/01/24 16:13:31;  author: root;  state: Exp;  lines: +2 -4
+Drop dlv TXT RR for validation by dlv.isc.org, because we don't use dlv
+anymore for this zone, its DS record has been uploaded to the registry.
+----------------------------
+revision 1.37
+date: 2010/12/09 13:08:01;  author: root;  state: Exp;  lines: +5 -2
+Add A and AAAA records for ns5.cacert.org (sns-pb.isc.org) and enable
+an NS record for it.
+----------------------------
+revision 1.36
+date: 2010/10/27 14:55:25;  author: root;  state: Exp;  lines: +3 -2
+Enable NS record for ns4.
+----------------------------
+revision 1.35
+date: 2010/10/21 09:55:49;  author: root;  state: Exp;  lines: +4 -2
+Add A and AAAA records for ns4.cacert.org (ns-ext.nlnetlabs.nl).
+----------------------------
+revision 1.34
+date: 2010/10/20 15:48:45;  author: root;  state: Exp;  lines: +2 -4
+Drop dns1.go-now.at. and dns2.go-now.at. from the NS list, since they are
+unable to provide DNSSEC or TSIG service now or in the near future.
+----------------------------
+revision 1.33
+date: 2010/10/15 13:47:05;  author: root;  state: Exp;  lines: +4 -2
+Add dlv TXT RR for validation by dlv.isc.org.
+----------------------------
+revision 1.32
+date: 2010/10/13 09:40:14;  author: root;  state: Exp;  lines: +4 -2
+Add A and AAAA records for wwwmail.cacert.org, to be used as the mailname
+in the postfix configuration of www.cacert.org. To make this fully work,
+we will also request reverse mappings for these A and AAAA addresses
+pointing to wwwmail.cacert.org to be added by BIT.
+----------------------------
+revision 1.31
+date: 2010/10/11 11:19:28;  author: root;  state: Exp;  lines: +3 -4
+Remove obsolete CNAME pastebin pointing to obsoleted druantia.cacert.org.
+Replace CNAME for www.cacert.org by direct A record.
+----------------------------
+revision 1.30
+date: 2010/10/04 15:10:59;  author: root;  state: Exp;  lines: +3 -6
+Drop NS record pointing to dns4.go-now.at. since that machine does not
+provide helpful responses to DNS queries.
+Drop old cruft: records for br.cacert.org and druantia.cacert.org.
+Add IPv6 address for ns2.cacert.org.
+----------------------------
+revision 1.29
+date: 2010/10/03 20:05:15;  author: root;  state: Exp;  lines: +3 -2
+Add A record for board.cacert.org.
+----------------------------
+revision 1.28
+date: 2010/09/15 15:07:39;  author: root;  state: Exp;  lines: +3 -3
+Increase SOA refresh time from 2 hours to 4 hours.
+----------------------------
+revision 1.27
+date: 2010/06/24 21:08:22;  author: root;  state: Exp;  lines: +2 -3
+Remove obsolete A record for *.br.cacert.org.
+----------------------------
+revision 1.26
+date: 2010/06/22 12:49:01;  author: root;  state: Exp;  lines: +3 -4
+Switch ns1 to official CAcert-hosted name server at ns.cacert.org.
+----------------------------
+revision 1.25
+date: 2010/06/21 09:19:27;  author: root;  state: Exp;  lines: +5 -6
+Drop shortened TTLs, migration has finished so we don't need them anymore.
+Drop A record for www2 (only used for migration).
+Add A record for ns.cacert.org, the new master name server for CAcert.
+----------------------------
+revision 1.24
+date: 2010/06/15 16:54:25;  author: root;  state: Exp;  lines: +3 -3
+Fix broken IP address!!!
+----------------------------
+revision 1.23
+date: 2010/06/15 16:17:18;  author: root;  state: Exp;  lines: +5 -5
+Revert to official servers after move to BIT-2B.
+----------------------------
+revision 1.22
+date: 2010/06/15 07:13:00;  author: root;  state: Exp;  lines: +6 -6
+Switch www and ocsp to temporary service.
+Drop special TTL setting for ocsp1 and ocsp2 (not necessary).
+----------------------------
+revision 1.21
+date: 2010/06/11 14:23:56;  author: root;  state: Exp;  lines: +2 -7
+Drop A records for *.way[12345].vhost.cacert.org, since we have no idea
+what they are good for (probably some historic artefact). Main reason for
+doing this now is to check whether our slave servers are picking up the
+notify in time.
+----------------------------
+revision 1.20
+date: 2010/06/04 10:00:19;  author: root;  state: Exp;  lines: +10 -8
+Prepare for dropping dns[124].go-now.at. NS records forever ...
+Add second ocsp record, and explicit name ocsp1 for first (main) ocsp server.
+----------------------------
+revision 1.19
+date: 2010/06/02 10:13:22;  author: root;  state: Exp;  lines: +4 -2
+Add A records for www2 and ocsp2 (backup services at HCC Hobbynet).
+----------------------------
+revision 1.18
+date: 2010/06/01 11:40:33;  author: root;  state: Exp;  lines: +4 -4
+Reduce TTL for A records of cacert.org and ocsp.cacert.org to 5 minutes,
+in anticipation of temporary re-routing during move of BIT server room.
+----------------------------
+revision 1.17
+date: 2010/02/28 10:13:56;  author: root;  state: Exp;  lines: +4 -2
+Add cert.lists.cacert.org and nocert.lists.cacert.org per email request
+from Daniel Black, 20100228.
+----------------------------
+revision 1.16
+date: 2010/01/06 14:36:44;  author: root;  state: Exp;  lines: +4 -2
+Add ns3.cacert.org (mars.overmeer.net).
+----------------------------
+revision 1.15
+date: 2010/01/06 11:06:02;  author: root;  state: Exp;  lines: +6 -3
+Add ns2.cacert.org (newsys.gun.de).
+Document IP numbers of name servers.
+----------------------------
+revision 1.14
+date: 2010/01/05 15:55:21;  author: root;  state: Exp;  lines: +4 -2
+Add A and AAAA RR for ns1.cacert.org (currently housed on ns.deboca.net).
+----------------------------
+revision 1.13
+date: 2009/12/25 15:51:26;  author: wytze;  state: Exp;  lines: +3 -2
+Add ldap.cacert.org A record per e-mail request from Brian Henson.
+----------------------------
+revision 1.12
+date: 2009/10/12 07:56:24;  author: wytze;  state: Exp;  lines: +4 -3
+Rename _ssp._domainkey.lists to _adsp._domainkey.lists and update its
+contents to comply with RFC 5617.
+Add "dkim=unknown" record for _adsp._domainkey.
+Changes requested by Daniel Black, e-mail 12.10.2009 02:19.
+----------------------------
+revision 1.11
+date: 2009/09/17 10:47:04;  author: wytze;  state: Exp;  lines: +3 -3
+Update A record for research per request from Philipp Gühring 16.09.2009.
+----------------------------
+revision 1.10
+date: 2009/09/01 08:02:34;  author: wytze;  state: Exp;  lines: +3 -3
+Renumber paypal from .229 to .250, since .229 appears to be in use as
+the main IP of the mirror firewall.
+----------------------------
+revision 1.9
+date: 2009/08/30 18:16:38;  author: wytze;  state: Exp;  lines: +3 -2
+Add A record for *.forum per request from Christopher Hoth.
+----------------------------
+revision 1.8
+date: 2009/08/29 15:47:50;  author: wytze;  state: Exp;  lines: +2 -2
+Just up the serial number after performin some (failing) tests.
+----------------------------
+revision 1.7
+date: 2009/08/29 15:27:58;  author: wytze;  state: Exp;  lines: +6 -2
+Add four new A records for paypal (.229), cod (.240), test2 (.248) and
+forum (.249).
+----------------------------
+revision 1.6
+date: 2009/08/28 19:07:03;  author: wytze;  state: Exp;  lines: +3 -2
+Add DKIM TXT record for auto._domainkey per request from Daniel Black.
+----------------------------
+revision 1.5
+date: 2009/07/03 10:03:44;  author: wytze;  state: Exp;  lines: +3 -2
+Add new A record for issue.cacert.org per request from Daniel Black.
+----------------------------
+revision 1.4
+date: 2009/06/15 12:24:26;  author: wytze;  state: Exp;  lines: +2 -3
+Remove NS record pointing to dns3.go-now.at. because this one is not
+registered with .ORG, and is also refusing to listen to our notify.
+----------------------------
+revision 1.3
+date: 2009/06/15 12:16:14;  author: wytze;  state: Exp;  lines: +54 -54
+Set default TTL to 12 hours, and remove all explicit TTL settings.
+Adjust some timings in the SOA record.
+This addresses e-mail from Daniel Black on June 14, 2009 and this message:
+https://lists.cacert.org/wws/arc/cacert-support/2009-06/msg00021.html
+----------------------------
+revision 1.2
+date: 2009/06/12 10:18:19;  author: wytze;  state: Exp;  lines: +6 -4
+Perform updates as requested from Georg Markus Kainz on June 5 & 8, 2009.
+----------------------------
+revision 1.1
+date: 2009/06/12 10:11:13;  author: wytze;  state: Exp;
+Initial revision
+=============================================================================