Add SSHFP records for infrastructure hosts.

Reorganize layout for better readability and maintainability.
Remove SSHFP records for monitor.cacert.org, because they are illegal: monitor is a CNAME.
Add CNAME records for www.test.cacert.org and www.test2.cacert.org.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2543 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
wytze@deboca.net 2014-02-08 12:24:03 +00:00
parent be584cdb5e
commit d417978a99
2 changed files with 86 additions and 7 deletions

View file

@ -1,10 +1,10 @@
; DNS master zone file for cacert.org, under RCS control ; DNS master zone file for cacert.org, under RCS control
; @(#)(CAcert) $Id: cacert.org,v 1.75 2014/02/06 13:43:11 root Exp $ ; @(#)(CAcert) $Id: cacert.org,v 1.77 2014/02/08 12:20:55 root Exp $
$TTL 12h ; default TTL for zone data $TTL 12h ; default TTL for zone data
@ IN SOA ns1.cacert.org. hostmaster.cacert.org. ( @ IN SOA ns1.cacert.org. hostmaster.cacert.org. (
2014020601 ; Serial 2014020801 ; Serial
4h ; refresh time 4h ; refresh time
1h ; retry interval 1h ; retry interval
2d ; expire time 2d ; expire time
@ -22,12 +22,27 @@ $TTL 12h ; default TTL for zone data
@ IN TXT "v=spf1 ip4:213.154.225.245 ip4:213.154.225.246 ip4:213.154.225.247 ip6:2001:7b8:3:9c::245 ip6:2001:7b8:3:9c::246 ip6:2001:7b8:3:9c::247 ip4:213.154.225.228 ip4:213.154.225.230 ip4:213.154.225.239 -all" @ IN TXT "v=spf1 ip4:213.154.225.245 ip4:213.154.225.246 ip4:213.154.225.247 ip6:2001:7b8:3:9c::245 ip6:2001:7b8:3:9c::246 ip6:2001:7b8:3:9c::247 ip4:213.154.225.228 ip4:213.154.225.230 ip4:213.154.225.239 -all"
arbitration IN A 213.154.225.241 arbitration IN A 213.154.225.241
arbitration IN SSHFP 1 1 40d9c8ebcf8d41a04b990fbc5308675d029bf4ef
arbitration IN SSHFP 2 1 7474bfb01af775511805bf15c45bb9d7591d0ce6
audit IN A 78.46.255.66 audit IN A 78.46.255.66
blog IN A 213.154.225.234 blog IN A 213.154.225.234
blog IN SSHFP 1 1 32ca6e4ba3275aab0d65f0f46969b11a4c4b36e8
blog IN SSHFP 2 1 aafba94ebe5c5c45cdf5ef10d0bc31bea4d9ecec
board IN A 213.154.225.252 board IN A 213.154.225.252
board IN SSHFP 1 1 f5c02a860a1cc07aeefbf802540680c7476bde6e
board IN SSHFP 2 1 7b6eeb0ccdfb2e2cfe479e0aece36ff995fdd1f4
finance IN CNAME board.cacert.org.
bugs IN A 213.154.225.232 bugs IN A 213.154.225.232
bugs IN SSHFP 1 1 4b4bc32c4e655559b43a370b77cad4983e8c24f8
bugs IN SSHFP 2 1 7916e317983d8bc85d719bb793e5e46a6b4976b2
cacert-fw IN A 213.154.225.229 cacert-fw IN A 213.154.225.229
cacert-fw IN AAAA 2001:7b8:3:9c::4 cacert-fw IN AAAA 2001:7b8:3:9c::4
cacert-fw01 IN A 213.154.225.253 cacert-fw01 IN A 213.154.225.253
cacert-fw01 IN AAAA 2001:7b8:3:9c::5 cacert-fw01 IN AAAA 2001:7b8:3:9c::5
cacert-fw01 IN SSHFP 2 1 6a5497e3e430425439fe849b47a6b5a5add22241 cacert-fw01 IN SSHFP 2 1 6a5497e3e430425439fe849b47a6b5a5add22241
@ -36,6 +51,7 @@ cacert-fw01 IN SSHFP 3 1 3e8acf86c3360992eea677a1154b6c3f20811c56
cacert-fw01 IN SSHFP 3 2 c51db0de0b5cd2096f8326e0252903cc06838c060a3689e2088c215e951ef82c cacert-fw01 IN SSHFP 3 2 c51db0de0b5cd2096f8326e0252903cc06838c060a3689e2088c215e951ef82c
cacert-fw01 IN SSHFP 1 1 2dd0073329ec5f4ff8ecb7667f10a1bfe65ef6f4 cacert-fw01 IN SSHFP 1 1 2dd0073329ec5f4ff8ecb7667f10a1bfe65ef6f4
cacert-fw01 IN SSHFP 1 2 a508ec95e20a465a231f0d6b86afc46ab1486ca7a88272d4ccfdc4b260366885 cacert-fw01 IN SSHFP 1 2 a508ec95e20a465a231f0d6b86afc46ab1486ca7a88272d4ccfdc4b260366885
cacert-fw02 IN A 213.154.225.254 cacert-fw02 IN A 213.154.225.254
cacert-fw02 IN AAAA 2001:7b8:3:9c::6 cacert-fw02 IN AAAA 2001:7b8:3:9c::6
cacert-fw02 IN SSHFP 2 1 6e47b51da962818bdf884eb527252019397599ac cacert-fw02 IN SSHFP 2 1 6e47b51da962818bdf884eb527252019397599ac
@ -44,24 +60,51 @@ cacert-fw02 IN SSHFP 3 1 4b136c402acb26cb01a04de243f0c8412d211bbd
cacert-fw02 IN SSHFP 3 2 9c4fc8f7cb81bd45a48313114e55ab261a6379abd6fcc7fd878d05b7206210d7 cacert-fw02 IN SSHFP 3 2 9c4fc8f7cb81bd45a48313114e55ab261a6379abd6fcc7fd878d05b7206210d7
cacert-fw02 IN SSHFP 1 1 3bbc40993094812db7188fc01f3dc8b89536bd69 cacert-fw02 IN SSHFP 1 1 3bbc40993094812db7188fc01f3dc8b89536bd69
cacert-fw02 IN SSHFP 1 2 8e0cc3bcabfed1470f82f85c9726c2f002fb8dbc8f636601a7262c7b489b7d6e cacert-fw02 IN SSHFP 1 2 8e0cc3bcabfed1470f82f85c9726c2f002fb8dbc8f636601a7262c7b489b7d6e
cats IN A 213.154.225.243 cats IN A 213.154.225.243
community IN CNAME email.cacert.org. cats IN SSHFP 1 1 d29d4cc4662d5cb5f42c02823ca8677f05439589
cats IN SSHFP 2 1 0342eb1e7325eb90a1c0483de3d6597e36e569c8
community-vpn IN A 78.47.142.76 community-vpn IN A 78.47.142.76
crl IN A 213.154.225.236 crl IN A 213.154.225.236
dev IN A 78.46.255.66 dev IN A 78.46.255.66
email IN A 213.154.225.228 email IN A 213.154.225.228
email IN SSHFP 1 1 bf391fd72656a275524d1d25a624c6045b44ae90
email IN SSHFP 2 1 73b0d8acb492a7187016dd3c5fc1519b309a550f
community IN CNAME email.cacert.org.
emailout IN A 213.154.225.239 emailout IN A 213.154.225.239
emailout IN SSHFP 1 1 07414db5fbfd102c6cd497228748df70406a642b
emailout IN SSHFP 2 1 ab2cf20c0064ea415e8d8a1e339e36e3ce27741d
eu IN A 213.154.225.242 eu IN A 213.154.225.242
finance IN CNAME board.cacert.org.
git IN A 213.154.225.250 git IN A 213.154.225.250
git IN SSHFP 1 1 23c7622d6db5822c809152c1c0fd9ea7838f76c6
git IN SSHFP 2 1 8509db491902fe10ab84c8f24b02f10c1adf0e7f
hopper IN AAAA 2001:7b8:616:0162::100 hopper IN AAAA 2001:7b8:616:0162::100
hopper IN SSHFP 1 1 22f35bfddd356b119c1555c3bf4f86edd8ae8dfd hopper IN SSHFP 1 1 22f35bfddd356b119c1555c3bf4f86edd8ae8dfd
hopper IN SSHFP 2 1 026d7dda6753c2d8810466336fe758d37aed899d hopper IN SSHFP 2 1 026d7dda6753c2d8810466336fe758d37aed899d
infrastructure IN A 213.154.225.230 infrastructure IN A 213.154.225.230
infrastructure IN SSHFP 1 1 5a82d3c150af002c05784f73250a067053aeed63
infrastructure IN SSHFP 2 1 af8d8e3386eaa72997709632adf2b457e6fef0dc
irc IN A 213.154.225.233 irc IN A 213.154.225.233
irc IN SSHFP 1 1 c123f73001682277de5346923518d17cc94e298e
irc IN SSHFP 2 1 b85941c077732f78be290b8f0b44b0a5e8a0e51d
issue IN A 213.154.225.244 issue IN A 213.154.225.244
l10n IN CNAME translations.cacert.org. issue IN SSHFP 1 1 3f55e52b51d142ef9d15eeaa9ca25b3aa30c7c6e
issue IN SSHFP 2 1 fd9a5c79c4a9057b87ae8e639fd223b386af4bdb
lists IN A 213.154.225.231 lists IN A 213.154.225.231
lists IN SSHFP 1 1 87f75b9124326b566ed22dcf65a9740eede8f0ff
lists IN SSHFP 2 1 8d79e68e731ed72667f3d286c477245df653083b
cert.lists IN CNAME lists.cacert.org. cert.lists IN CNAME lists.cacert.org.
nocert.lists IN CNAME lists.cacert.org. nocert.lists IN CNAME lists.cacert.org.
lists IN MX 10 email.cacert.org. lists IN MX 10 email.cacert.org.
@ -71,32 +114,57 @@ _adsp._domainkey.lists IN TXT "dkim=all"
lists._domainkey.lists IN TXT "v=DKIM1\;g=*\;k=rsa\;t=y\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs2Hu5HQpT5FWj2TrqHZwFM/h0Tc35idlBviaArkdp5fRPx402ID+pMYZZW6lVM/IJlmeTqPGO73oQyl/tFlnXWj/X8p809IFqWnKWzGKJLhnxMAZW7bmzyjR8siK3It93+s5mu9r/4pwHCW3bEbdtKartd7cud84JO15cLJYA+QIDAQAB" lists._domainkey.lists IN TXT "v=DKIM1\;g=*\;k=rsa\;t=y\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs2Hu5HQpT5FWj2TrqHZwFM/h0Tc35idlBviaArkdp5fRPx402ID+pMYZZW6lVM/IJlmeTqPGO73oQyl/tFlnXWj/X8p809IFqWnKWzGKJLhnxMAZW7bmzyjR8siK3It93+s5mu9r/4pwHCW3bEbdtKartd7cud84JO15cLJYA+QIDAQAB"
mail._domainkey IN TXT "v=DKIM1\;g=*\;k=rsa\;t=y\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOZV5h3rm18QRiNfNnwXadX8jeSC3zjpU7GFNTfZk1ifjLxrlVrSsfAvlVfFvR2/uQXegwEkiNV5bd57d989T+VVLZZbSv+OAXX4ZwihsLkf3huDszKtJTvsybqUNh97OE00THSyJCrcowFDcLv5IN2ULCOlMjTqbZxZuaNW0S6wIDAQAB" mail._domainkey IN TXT "v=DKIM1\;g=*\;k=rsa\;t=y\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOZV5h3rm18QRiNfNnwXadX8jeSC3zjpU7GFNTfZk1ifjLxrlVrSsfAvlVfFvR2/uQXegwEkiNV5bd57d989T+VVLZZbSv+OAXX4ZwihsLkf3huDszKtJTvsybqUNh97OE00THSyJCrcowFDcLv5IN2ULCOlMjTqbZxZuaNW0S6wIDAQAB"
auto._domainkey IN TXT "v=DKIM1\;g=*\;k=rsa\;t=y\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDNFxiNr+NHJwih3OPhGr4iwLE+BBDu72YrMSzUnU1FF50CW7iOtuhg796UZ6xrZ5VuhAix6YmmzcvF2UxYzoD/XpfZ4MzBu0ND4/nkt9/YOTyIBzwQqn9uMNve0Y76Zsel89dIJtOI+y+lfnFExV0jKwe53gzmxMVpMSSCcZPGwIDAQAB" ; ----- DKIM auto for cacert.org auto._domainkey IN TXT "v=DKIM1\;g=*\;k=rsa\;t=y\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDNFxiNr+NHJwih3OPhGr4iwLE+BBDu72YrMSzUnU1FF50CW7iOtuhg796UZ6xrZ5VuhAix6YmmzcvF2UxYzoD/XpfZ4MzBu0ND4/nkt9/YOTyIBzwQqn9uMNve0Y76Zsel89dIJtOI+y+lfnFExV0jKwe53gzmxMVpMSSCcZPGwIDAQAB" ; ----- DKIM auto for cacert.org
monitor IN CNAME infrastructure.cacert.org. monitor IN CNAME infrastructure.cacert.org.
ns IN A 213.154.225.251 ; master ns IN A 213.154.225.251 ; master
ns1 IN A 213.154.225.251 ; ns.cacert.org ns1 IN A 213.154.225.251 ; ns.cacert.org
ns1 IN AAAA 2001:7b8:616:0163::102 ns1 IN AAAA 2001:7b8:616:0163::102
ns3 IN A 46.249.47.169 ; mars.overmeer.net ns3 IN A 46.249.47.169 ; mars.overmeer.net
ns3 IN AAAA 2a00:1ca8:2a::31 ns3 IN AAAA 2a00:1ca8:2a::31
ns4 IN A 213.154.224.4 ; ns-ext.nlnetlabs.nl ns4 IN A 213.154.224.4 ; ns-ext.nlnetlabs.nl
ns4 IN AAAA 2001:7b8:206:1::4:53 ns4 IN AAAA 2001:7b8:206:1::4:53
ns5 IN A 192.5.4.1 ; sns-pb.isc.org ns5 IN A 192.5.4.1 ; sns-pb.isc.org
ns5 IN AAAA 2001:500:2e::1 ns5 IN AAAA 2001:500:2e::1
ocsp IN A 213.154.225.237 ocsp IN A 213.154.225.237
ocsp1 IN A 213.154.225.237 ocsp1 IN A 213.154.225.237
secure IN A 213.154.225.246 secure IN A 213.154.225.246
secure IN AAAA 2001:7b8:3:9c::246 secure IN AAAA 2001:7b8:3:9c::246
svn IN A 213.154.225.238 svn IN A 213.154.225.238
svn IN SSHFP 1 1 1128972fb54f927477a781718e2f9c114e9ca383
svn IN SSHFP 2 1 3a36e5df06304c481f01fc723fd88a086e82d986
cert.svn IN CNAME svn.cacert.org. cert.svn IN CNAME svn.cacert.org.
nocert.svn IN CNAME svn.cacert.org. nocert.svn IN CNAME svn.cacert.org.
test IN A 213.154.225.248 test IN A 213.154.225.248
test IN SSHFP 1 1 11bcb0ab4d1fd39547426d9527b88afb8ff85209
test IN SSHFP 2 1 3414c17e5ae898b2f5db7b3ddf9e34c2f5e816ac
secure.test IN CNAME test.cacert.org. secure.test IN CNAME test.cacert.org.
cats.test IN CNAME test.cacert.org. cats.test IN CNAME test.cacert.org.
mgr.test IN CNAME test.cacert.org. mgr.test IN CNAME test.cacert.org.
www.test IN CNAME test.cacert.org.
test2 IN A 213.154.225.249 test2 IN A 213.154.225.249
secure.test2 IN CNAME test2.cacert.org. secure.test2 IN CNAME test2.cacert.org.
www.test2 IN CNAME test2.cacert.org.
translations IN A 213.154.225.240 translations IN A 213.154.225.240
translations IN SSHFP 1 1 1128972fb54f927477a781718e2f9c114e9ca383
translations IN SSHFP 2 1 3a36e5df06304c481f01fc723fd88a086e82d986
l10n IN CNAME translations.cacert.org.
tverify IN A 213.154.225.247 tverify IN A 213.154.225.247
tverify IN AAAA 2001:7b8:3:9c::247 tverify IN AAAA 2001:7b8:3:9c::247
wiki IN A 213.154.225.235 wiki IN A 213.154.225.235
wiki IN SSHFP 1 1 5c3e0d3265782405e0141c47bf0e16ec14b12e08
wiki IN SSHFP 2 1 04f7ab767579f004cc3ab2cc42a4ccaa24e51154
www IN A 213.154.225.245 www IN A 213.154.225.245
www IN AAAA 2001:7b8:3:9c::245 www IN AAAA 2001:7b8:3:9c::245

View file

@ -1,16 +1,27 @@
RCS file: /var/opendnssec/unsigned/RCS/cacert.org,v RCS file: /var/opendnssec/unsigned/RCS/cacert.org,v
Working file: /var/opendnssec/unsigned/cacert.org Working file: /var/opendnssec/unsigned/cacert.org
head: 1.75 head: 1.77
branch: branch:
locks: strict locks: strict
access list: access list:
symbolic names: symbolic names:
keyword substitution: kv keyword substitution: kv
total revisions: 75; selected revisions: 75 total revisions: 77; selected revisions: 77
description: description:
cacert.org - zone file for cacert.org cacert.org - zone file for cacert.org
---------------------------- ----------------------------
revision 1.77
date: 2014/02/08 12:20:55; author: root; state: Exp; lines: +4 -4
Remove SSHFP records for monitor.cacert.org, because they are illegal: monitor is a CNAME.
Add CNAME records for www.test.cacert.org and www.test2.cacert.org per e-mail request
from Mario Lipinski on 08.02.2014.
----------------------------
revision 1.76
date: 2014/02/06 15:40:10; author: root; state: Exp; lines: +73 -5
Add SSHFP records for infrastructure hosts.
Reorganize layout for better readability and maintainability.
----------------------------
revision 1.75 revision 1.75
date: 2014/02/06 13:43:11; author: root; state: Exp; lines: +7 -7 date: 2014/02/06 13:43:11; author: root; state: Exp; lines: +7 -7
Remove indentation added in previous commit: it is not allowed by ods-signer. Remove indentation added in previous commit: it is not allowed by ods-signer.