From be584cdb5e208eff293348b04fceaa8dda1c377f Mon Sep 17 00:00:00 2001 From: "wytze@deboca.net" Date: Thu, 6 Feb 2014 13:51:52 +0000 Subject: [PATCH] Add PTR records for the full infra and critical networks. Add four new infrastructure systems. Put the "real" infrastructure systems in a /80 subnet to simplify firewall rules. Correct network addresses in comments. Name changes per e-mail request from Mario Lipinski on 05.02.2014. git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2542 14b1bab8-4ef6-0310-b690-991c95c89dfd --- 2001:07b8:616.ip6 | 44 +++++++++++++++++++++++++++++++++++++++++-- 2001:07b8:616.ip6.log | 18 ++++++++++++++++-- cacert.org | 12 ++++++++++-- cacert.org.log | 16 ++++++++++++++-- 4 files changed, 82 insertions(+), 8 deletions(-) diff --git a/2001:07b8:616.ip6 b/2001:07b8:616.ip6 index c63cf0d..c60534d 100644 --- a/2001:07b8:616.ip6 +++ b/2001:07b8:616.ip6 @@ -1,10 +1,10 @@ ; DNS master zone file for reverse IPv6 for cacert.org, under RCS control -; @(#)(CAcert) $Id: 2001:07b8:616.ip6,v 1.5 2014/01/27 16:00:45 root Exp $ +; @(#)(CAcert) $Id: 2001:07b8:616.ip6,v 1.8 2014/02/06 13:48:15 root Exp $ $TTL 12h ; default TTL for zone data @ IN SOA ns1.cacert.org. hostmaster.cacert.org. ( - 2014012701 ; Serial + 2014020601 ; Serial 4h ; refresh time 1h ; retry interval 2d ; expire time @@ -14,5 +14,45 @@ $TTL 12h ; default TTL for zone data @ IN NS ns3.cacert.org. @ IN NS ns5.cacert.org. +; infra - 2001:07b8:0616:0162::/64 +1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.6.1.0 PTR fw.cacert.org. +2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.6.1.0 PTR fw01.cacert.org. +3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.6.1.0 PTR fw02.cacert.org. 0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.2.6.1.0 PTR hopper.cacert.org. + +; infra - 2001:07b8:0616:0162:0001::/80 +9.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR infra01.cacert.org. +0.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR infra02.cacert.org. +1.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR ldap.cacert.org. +2.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR wiki.cacert.org. +3.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR blog.cacert.org. +4.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR irc.cacert.org. +5.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR svn.cacert.org. +6.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR bugs.cacert.org. +7.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR lists.cacert.org. +8.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR monitor.cacert.org. +9.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR email.cacert.org. +0.2.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR community.cacert.org. +1.2.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR mail.cacert.org. +6.2.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR translingo.cacert.org. +7.2.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR cats.cacert.org. +8.2.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR issue.cacert.org. +9.2.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR logging.cacert.org. +1.3.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR translations.cacert.org. +1.3.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR l10n.cacert.org. +2.3.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR emailout.cacert.org. +4.3.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR board.cacert.org. +4.3.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR cod.cacert.org. +1.4.2.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR arbitration.cacert.org. +8.4.2.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR test.cacert.org. +9.4.2.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR test2.cacert.org. +0.5.2.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0 PTR git.cacert.org. + +; critical - 2001:07b8:0616:0163::/64 +1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0 PTR fw.cacert.org. +2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0 PTR fw01.cacert.org. +3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0 PTR fw02.cacert.org. +0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0 PTR hopper.cacert.org. 2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0 PTR ns1.cacert.org. +3.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0 PTR ocsp.cacert.org. +4.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0 PTR crl.cacert.org. diff --git a/2001:07b8:616.ip6.log b/2001:07b8:616.ip6.log index d24e56c..f75ed80 100644 --- a/2001:07b8:616.ip6.log +++ b/2001:07b8:616.ip6.log @@ -1,16 +1,30 @@ RCS file: /var/opendnssec/unsigned/RCS/2001:07b8:616.ip6,v Working file: /var/opendnssec/unsigned/2001:07b8:616.ip6 -head: 1.5 +head: 1.8 branch: locks: strict access list: symbolic names: keyword substitution: kv -total revisions: 5; selected revisions: 5 +total revisions: 8; selected revisions: 8 description: 2001:07b8:616.ip6 - zone file for reverse IPv6 of cacert.org ---------------------------- +revision 1.8 +date: 2014/02/06 13:48:15; author: root; state: Exp; lines: +3 -3 +Name changes per e-mail request from Mario Lipinski on 05.02.2014. +---------------------------- +revision 1.7 +date: 2014/01/29 13:33:25; author: root; state: Exp; lines: +32 -26 +Add four new infrastructure systems. +Put the "real" infrastructure systems in a /80 subnet to simplify firewall rules. +Correct network addresses in comments. +---------------------------- +revision 1.6 +date: 2014/01/28 09:18:48; author: root; state: Exp; lines: +36 -2 +Add PTR records for the full infra and critical networks. +---------------------------- revision 1.5 date: 2014/01/27 16:00:45; author: root; state: Exp; lines: +3 -3 Add PTR record for ns1.cacert.org. diff --git a/cacert.org b/cacert.org index 9aa6aa7..838f282 100644 --- a/cacert.org +++ b/cacert.org @@ -1,10 +1,10 @@ ; DNS master zone file for cacert.org, under RCS control -; @(#)(CAcert) $Id: cacert.org,v 1.72 2014/01/27 16:03:20 root Exp $ +; @(#)(CAcert) $Id: cacert.org,v 1.75 2014/02/06 13:43:11 root Exp $ $TTL 12h ; default TTL for zone data @ IN SOA ns1.cacert.org. hostmaster.cacert.org. ( - 2014012601 ; Serial + 2014020601 ; Serial 4h ; refresh time 1h ; retry interval 2d ; expire time @@ -21,6 +21,7 @@ $TTL 12h ; default TTL for zone data ; TODO: Remove 'ip4:213.154.225.239' after transition @ IN TXT "v=spf1 ip4:213.154.225.245 ip4:213.154.225.246 ip4:213.154.225.247 ip6:2001:7b8:3:9c::245 ip6:2001:7b8:3:9c::246 ip6:2001:7b8:3:9c::247 ip4:213.154.225.228 ip4:213.154.225.230 ip4:213.154.225.239 -all" +arbitration IN A 213.154.225.241 audit IN A 78.46.255.66 blog IN A 213.154.225.234 board IN A 213.154.225.252 @@ -52,6 +53,7 @@ email IN A 213.154.225.228 emailout IN A 213.154.225.239 eu IN A 213.154.225.242 finance IN CNAME board.cacert.org. +git IN A 213.154.225.250 hopper IN AAAA 2001:7b8:616:0162::100 hopper IN SSHFP 1 1 22f35bfddd356b119c1555c3bf4f86edd8ae8dfd hopper IN SSHFP 2 1 026d7dda6753c2d8810466336fe758d37aed899d @@ -86,6 +88,12 @@ secure IN AAAA 2001:7b8:3:9c::246 svn IN A 213.154.225.238 cert.svn IN CNAME svn.cacert.org. nocert.svn IN CNAME svn.cacert.org. +test IN A 213.154.225.248 +secure.test IN CNAME test.cacert.org. +cats.test IN CNAME test.cacert.org. +mgr.test IN CNAME test.cacert.org. +test2 IN A 213.154.225.249 +secure.test2 IN CNAME test2.cacert.org. translations IN A 213.154.225.240 tverify IN A 213.154.225.247 tverify IN AAAA 2001:7b8:3:9c::247 diff --git a/cacert.org.log b/cacert.org.log index 8dd58cd..57da4e0 100644 --- a/cacert.org.log +++ b/cacert.org.log @@ -1,16 +1,28 @@ RCS file: /var/opendnssec/unsigned/RCS/cacert.org,v Working file: /var/opendnssec/unsigned/cacert.org -head: 1.72 +head: 1.75 branch: locks: strict access list: symbolic names: keyword substitution: kv -total revisions: 72; selected revisions: 72 +total revisions: 75; selected revisions: 75 description: cacert.org - zone file for cacert.org ---------------------------- +revision 1.75 +date: 2014/02/06 13:43:11; author: root; state: Exp; lines: +7 -7 +Remove indentation added in previous commit: it is not allowed by ods-signer. +---------------------------- +revision 1.74 +date: 2014/02/06 13:37:58; author: root; state: Exp; lines: +9 -5 +Name changes per e-mail request from Mario Lipinski on 05.02.2014. +---------------------------- +revision 1.73 +date: 2014/01/29 13:24:18; author: root; state: Exp; lines: +6 -2 +Add four new infrastructure systems. +---------------------------- revision 1.72 date: 2014/01/27 16:03:20; author: root; state: Exp; lines: +3 -2 Add AAAA record for ns1.cacert.org.