From d79167a4369d3c42b226ab8463361424a20ec0f5 Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Thu, 15 Sep 2022 19:19:25 +0200 Subject: [PATCH 1/4] Add authserver records --- cacert.org | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cacert.org b/cacert.org index 7f76a7a..22f0f4e 100644 --- a/cacert.org +++ b/cacert.org @@ -49,6 +49,14 @@ _url.class3_x0e.g1._fp.cacert.org 43200 IN TXT "http://www.cacert.org/certs/clas _url.root.g1._fp.cacert.org 43200 IN TXT "http://www.cacert.org/certs/root.crt" _url.root_x0f.g1._fp.cacert.org 43200 IN TXT "http://www.cacert.org/certs/root_X0F.crt" +; OIDC autserver +authserver.cacert.org 43200 IN A 213.154.225.249 +authserver.cacert.org 43200 IN AAAA 2001:7b8:616:162:3::16 +authserver.cacert.org 43200 IN SSHFP 3 1 1fd3bf42ae262865d3a778e98b0cd08c8d67ce7e +authserver.cacert.org 43200 IN SSHFP 3 2 d18b73de8d69721469fafd239f0ef6bb2957ad6dbcb86b050f5cefd73c63ba8e +authserver.cacert.org 43200 IN SSHFP 4 1 3ef3c40b76a353d682bf5a7df1a6ecea8d91ccc0 +authserver.cacert.org 43200 IN SSHFP 4 2 c8357e097546481223bddb0bcef6d7a1100ea3ea11af9d14474b7f0fe07f8acb + ; Blog server blog.cacert.org 43200 IN A 213.154.225.234 blog.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::13 From 565c2881b0b221a9bdae0a538dff26695cbc1d4c Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Fri, 16 Sep 2022 10:09:21 +0200 Subject: [PATCH 2/4] Add appregistration and idp records Add records for appregistration.cacert.org and idp.cacert.org that are meant to be used for the IDP (Identity Provider) and application registration parts of the OpenID Connect/OAuth2 setup. --- cacert.org | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/cacert.org b/cacert.org index 22f0f4e..7f2947a 100644 --- a/cacert.org +++ b/cacert.org @@ -184,6 +184,15 @@ hopper.cacert.org 43200 IN SSHFP 2 2 de43b28a103b0afa685dd4918515f0b8ddbc4422b47 hopper.cacert.org 43200 IN SSHFP 3 1 f450a0cb1816e519b3f03e9ea9c8a54a94955071 hopper.cacert.org 43200 IN SSHFP 3 2 cc1b07f5bc75760dbb98a5bc515bf9cf7f3559bff032d56ba37b32bc38031375 +; OIDC identity provider +idp.cacert.org 43200 IN A 213.154.225.249 +idp.cacert.org 43200 IN AAAA 2001:7b8:616:162:3::17 +idp.cacert.org 43200 IN SSHFP 3 1 a20250aadcd56e45f9ca3eb8522187a39e39b948 +idp.cacert.org 43200 IN SSHFP 3 2 54e0e7a24bde42fc26c58a0b471f833a82f7a541041f1787c964a6d667107d0a +idp.cacert.org 43200 IN SSHFP 4 1 afa6bf0b29d6dc681fde48935406cbdcb45e5412 +idp.cacert.org 43200 IN SSHFP 4 2 67d07f30d4812562afc6ba424065e4fb232d08eff38ef8d59e23fd529acfc7fc +appregistration.cacert.org 43200 IN CNAME idp.cacert.org + ; infrastructure host infra02 infra02.cacert.org 43200 IN A 213.154.225.230 infra02.cacert.org 43200 IN AAAA 2001:7b8:616:162:1::10 From b6fec8ad4bb021a84d41f125ea8257a9bc64ef32 Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Sat, 28 Jan 2023 14:44:49 +0100 Subject: [PATCH 3/4] Add OIDC demo application container --- cacert.org | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cacert.org b/cacert.org index 7f2947a..373740c 100644 --- a/cacert.org +++ b/cacert.org @@ -325,6 +325,14 @@ ns5.cacert.org 43200 IN AAAA 2a02:c207:3004:6195::1 ocsp.cacert.org 43200 IN A 213.154.225.237 ocsp.cacert.org 43200 IN AAAA 2001:7b8:616:163::103 +; OIDC demo application +oidcdemo.cacert.org 43200 IN A 213.154.225.249 +oidcdemo.cacert.org 43200 IN AAAA 2001:7b8:616:162:3::18 +oidcdemo.cacert.org 43200 IN SSHFP 3 1 8509283c1a654410269643a14ecd8b9d38e907fc +oidcdemo.cacert.org 43200 IN SSHFP 3 2 695160a4d09c9148989fa6973f6ca05044a973e414d26c011d53d8e6f93347f4 +oidcdemo.cacert.org 43200 IN SSHFP 4 1 0f11d5a25cd6bec2f4c0522f19a2381a61dccbc8 +oidcdemo.cacert.org 43200 IN SSHFP 4 2 8004f6504bc32bab2025191b8977d910b71433a2263fff979e621924129ede96 + ; internal PostgreSQL service pgsql.cacert.org 43200 IN AAAA 2001:7b8:616:162:3::13 pgsql.cacert.org 43200 IN SSHFP 1 1 9f6405d67eab3da7b19c9decfd1df73908800cdb From 0bbd5741b1cd0da75736130e0752695fe3bc28fb Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Fri, 26 May 2023 18:17:27 +0200 Subject: [PATCH 4/4] Add IPv6 PTR records --- 6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa | 3 +++ 1 file changed, 3 insertions(+) diff --git a/6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa b/6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa index 1d9ce81..63e5797 100644 --- a/6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa +++ b/6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa @@ -43,13 +43,16 @@ $ORIGIN . 5.1.1.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR jenkins.cacert.org 5.3.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR proxyin.cacert.org 6.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR bugs.cacert.org +6.1.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR authserver.cacert.org 6.1.1.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR webstatic.cacert.org 6.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR translingo.cacert.org 6.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR web.cacert.org 7.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR lists.cacert.org +7.1.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR idp.cacert.org 7.1.1.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR motion.cacert.org 7.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR cats.cacert.org 8.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR monitor.cacert.org +8.1.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR oidcdemo.cacert.org 8.1.1.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR webmail.cacert.org 8.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR issue.cacert.org 8.2.2.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR email.cacert.org