diff --git a/cacert.org b/cacert.org index ad51bb7..fe92005 100644 --- a/cacert.org +++ b/cacert.org @@ -1,10 +1,10 @@ ; DNS master zone file for cacert.org, under RCS control -; @(#)(CAcert) $Id: cacert.org,v 1.124 2019/08/04 07:33:19 root Exp $ +; @(#)(CAcert) $Id: cacert.org,v 1.126 2019/08/06 13:57:34 root Exp $ $TTL 12h ; default TTL for zone data @ 1h IN SOA ns1.cacert.org. hostmaster.cacert.org. ( - 2019080301 ; Serial + 2019080601 ; Serial 4h ; refresh time 1h ; retry interval 7d ; expire time @@ -17,8 +17,13 @@ $TTL 12h ; default TTL for zone data @ IN A 213.154.225.245 @ IN AAAA 2001:7b8:3:9c::245 @ IN MX 10 email.cacert.org. -; TODO: Remove 'ip4:213.154.225.239' after transition -@ IN TXT "v=spf1 ip4:213.154.225.245 ip4:213.154.225.246 ip4:213.154.225.247 ip6:2001:7b8:3:9c::245 ip6:2001:7b8:3:9c::246 ip6:2001:7b8:3:9c::247 ip4:213.154.225.228 ip4:213.154.225.230 ip4:213.154.225.239 -all" +; SPF record for allowed outgoing email +; *.228 is email.cacert.org +; *.239 is emailout.cacert.org +; *.245 is cacert.org/www.cacert.org +; *.246 is secure.cacert.org +; *.247 is tverify.cacert.org +@ IN TXT "v=spf1 ip4:213.154.225.245 ip4:213.154.225.246 ip4:213.154.225.247 ip6:2001:7b8:3:9c::245 ip6:2001:7b8:3:9c::246 ip6:2001:7b8:3:9c::247" " ip4:213.154.225.228 ip6:2001:7b8:616:162:2::228 ip4:213.154.225.230 ip4:213.154.225.239 ip6:2001:7b8:616:162:2::239 -all" @ IN CAA 0 issue "cacert.org" @ IN CAA 0 issuewild "cacert.org" @@ -100,15 +105,19 @@ crl IN A 213.154.225.236 crl IN AAAA 2001:7b8:616:163::104 email IN A 213.154.225.228 +email IN AAAA 2001:7b8:616:162:2::228 email IN SSHFP 1 1 bf391fd72656a275524d1d25a624c6045b44ae90 -email IN SSHFP 2 1 73b0d8acb492a7187016dd3c5fc1519b309a550f +email IN SSHFP 1 2 c8b68f3eb9a83902391b78686b4885a317fac0f74b0490a78b32ecbbee921df1 +email IN SSHFP 3 1 5ffbc51c37cdff52db9c488c08b89af9ffee06a0 +email IN SSHFP 3 2 a114de78fc26bd0dc6fa2206d7c04519ec875023cf203e446d4bbbbc4e24da19 +email IN SSHFP 4 1 18418515e94817f0624bf0a192331addf878ff66 +email IN SSHFP 4 2 d4fe3165206ba69baf4643253138561789918688375ed8ab89bcfc4411535221 community IN CNAME email.cacert.org. emailout IN A 213.154.225.239 +emailout IN AAAA 2001:7b8:616:162:2::239 emailout IN SSHFP 1 1 1ba1ab632911e8a68a69521130120695086d858c emailout IN SSHFP 1 2 6e50d5b2034006b69eb7ba19d3f3fd2c48015bea2bb3d5e2a0f8cf25ff030055 -emailout IN SSHFP 2 1 0e8888352604dbd1cc4d201bc1e985d80b9cf752 -emailout IN SSHFP 2 2 a7402f014b47b805663c904dabbc9590db7d8d0f350cea6d9f63e12bc27bac0c emailout IN SSHFP 3 1 527004f2091d2cef2c28b5f8241fc0e76307b2ba emailout IN SSHFP 3 2 9094dcf8860523a83542ec4cc46fbcfed396f5525bc202cfecf42d1a7044136d emailout IN SSHFP 4 1 63f40df8536052d33d2d515eceb111ccb7983619 diff --git a/cacert.org.log b/cacert.org.log index fd8c3dc..f8e9149 100644 --- a/cacert.org.log +++ b/cacert.org.log @@ -1,16 +1,24 @@ RCS file: /var/opendnssec/unsigned/RCS/cacert.org,v Working file: /var/opendnssec/unsigned/cacert.org -head: 1.124 +head: 1.126 branch: locks: strict access list: symbolic names: keyword substitution: kv -total revisions: 124; selected revisions: 124 +total revisions: 126; selected revisions: 126 description: cacert.org - zone file for cacert.org ---------------------------- +revision 1.126 +date: 2019/08/06 13:57:34; author: root; state: Exp; lines: +2 -2 +Break up very long TXT record for spf1 in two parts to avoid hitting the 255 chars limit. +---------------------------- +revision 1.125 +date: 2019/08/06 13:46:19; author: root; state: Exp; lines: +16 -7 +Update records for email.cacert.org and emailout.cacert.org per e-mal request from Jan Dittberner on 06.08.2019. +---------------------------- revision 1.124 date: 2019/08/04 07:33:19; author: root; state: Exp; lines: +24 -2 Apply changes for infrastructure systems per e-mail request from Jan Dittberner on 03.08.2019.