From 302a6d26f54cda68d21388317ff674d7e1eb91e9 Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Sat, 29 Oct 2022 19:43:26 +0200 Subject: [PATCH 1/4] Sort and clean zone cacert.org --- cacert.org | 236 +++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 167 insertions(+), 69 deletions(-) diff --git a/cacert.org b/cacert.org index ce8ece9..71c92cc 100644 --- a/cacert.org +++ b/cacert.org @@ -1,5 +1,54 @@ $ORIGIN . +; vim: set ft=dns noet: +; records in domain cacert.org +cacert.org 43200 IN SOA ns1.cacert.org hostmaster.cacert.org 2022102005 14400 3600 604800 43200 + +cacert.org 43200 IN A 213.154.225.245 +cacert.org 43200 IN AAAA 2001:7b8:3:9c::245 + +cacert.org 43200 IN CAA 0 issue "cacert.org" +cacert.org 43200 IN CAA 0 issuewild "cacert.org" +cacert.org 43200 IN CAA 0 iodef "mailto:critical-admin@cacert.org" + +cacert.org 43200 IN MX 10 email.cacert.org. + +cacert.org 43200 IN NS ns1.cacert.org. +cacert.org 43200 IN NS ns5.cacert.org. +cacert.org 43200 IN NS ns2.cacert.org. +cacert.org 43200 IN NS ns4.cacert.org. + +; SPF and DKIM +cacert.org 43200 IN TXT "v=spf1 ip4:213.154.225.245 ip4:213.154.225.246 ip4:213.154.225.247 ip6:2001:7b8:3:9c::245 ip6:2001:7b8:3:9c::246 ip6:2001:7b8:3:9c::247" " ip4:213.154.225.228 ip6:2001:7b8:616:162:2::228 ip4:213.154.225.230 ip4:213.154.225.239 ip6:2001:7b8:616:162:2::239 -all" + auto._domainkey.cacert.org 43200 IN TXT "v=DKIM1;g=*;k=rsa;t=y;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDNFxiNr+NHJwih3OPhGr4iwLE+BBDu72YrMSzUnU1FF50CW7iOtuhg796UZ6xrZ5VuhAix6YmmzcvF2UxYzoD/XpfZ4MzBu0ND4/nkt9/YOTyIBzwQqn9uMNve0Y76Zsel89dIJtOI+y+lfnFExV0jKwe53gzmxMVpMSSCcZPGwIDAQAB" +mail._domainkey.cacert.org 43200 IN TXT "v=DKIM1;g=*;k=rsa;t=y;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOZV5h3rm18QRiNfNnwXadX8jeSC3zjpU7GFNTfZk1ifjLxrlVrSsfAvlVfFvR2/uQXegwEkiNV5bd57d989T+VVLZZbSv+OAXX4ZwihsLkf3huDszKtJTvsybqUNh97OE00THSyJCrcowFDcLv5IN2ULCOlMjTqbZxZuaNW0S6wIDAQAB" +_adsp._domainkey.cacert.org 43200 IN TXT "dkim=unknown" + +; certificate fingerprints +_certs.g1._fp.cacert.org 43200 IN TXT "root_X0F class3_2021" +_md5.class3.g1._fp.cacert.org 43200 IN TXT "F72512824E67B5D08D92B77C0B867A42" +_md5.class3_2021.g1._fp.cacert.org 43200 IN TXT "C0DED85DF82B03269F371478125E8AB3" +_md5.class3_x0e.g1._fp.cacert.org 43200 IN TXT "2CFA3FF9F44A0A6D3F577EA8A82315BE" +_md5.root.g1._fp.cacert.org 43200 IN TXT "A61B375E390D9C3654EEBD2031461F6B" +_md5.root_x0f.g1._fp.cacert.org 43200 IN TXT "8AE61B1AF7679A9095A7E9E02DFF1FF3" +_oldcerts.g1._fp.cacert.org 43200 IN TXT "root class3 class3_X0E" +_sha1.class3.g1._fp.cacert.org 43200 IN TXT "AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE" +_sha1.class3_2021.g1._fp.cacert.org 43200 IN TXT "D8A83A64117FFD2194FEE1983DD25C7B32A8FFC8" +_sha1.class3_x0e.g1._fp.cacert.org 43200 IN TXT "A7C48FBE6B026DBD0EC1B465B88DD813EE1DEFA0" +_sha1.root.g1._fp.cacert.org 43200 IN TXT "135CEC36F49CB8E93B1AB270CD80884676CE8F33" +_sha1.root_x0f.g1._fp.cacert.org 43200 IN TXT "DDFCDA541E7577ADDCA87E8827A98A50603252A5" +_sha256.class3.g1._fp.cacert.org 43200 IN TXT "4EDDE9E55CA453B388887CAA25D5C5C5BCCF2891D73B87495808293D5FAC83C8" +_sha256.class3_2021.g1._fp.cacert.org 43200 IN TXT "1BC5A61A2C0C0132C52B284F3DA0D8DACF717A0F6C1DDF81D80B36EEE4442869" +_sha256.class3_x0e.g1._fp.cacert.org 43200 IN TXT "F6873D70D67596C2ACBA34401E69738B52701DD6AB06B49749BC55150936D544" +_sha256.root.g1._fp.cacert.org 43200 IN TXT "FF2A65CFF1149C7430101E0F65A07EC19183A3B633EF4A6510890DAD18316B3A" +_sha256.root_x0f.g1._fp.cacert.org 43200 IN TXT "07EDBD824A4988CFEF4215DA20D48C2B41D71529D7C900F570926F277CC230C5" +_url.class3.g1._fp.cacert.org 43200 IN TXT "http://www.cacert.org/certs/class3.crt" +_url.class3_2021.g1._fp.cacert.org 43200 IN TXT "http://www.cacert.org/certs/class3_2021.crt" +_url.class3_x0e.g1._fp.cacert.org 43200 IN TXT "http://www.cacert.org/certs/class3_X0E.crt" +_url.root.g1._fp.cacert.org 43200 IN TXT "http://www.cacert.org/certs/root.crt" +_url.root_x0f.g1._fp.cacert.org 43200 IN TXT "http://www.cacert.org/certs/root_X0F.crt" + +; Blog server blog.cacert.org 43200 IN A 213.154.225.234 blog.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::13 blog.cacert.org 43200 IN SSHFP 1 1 32ca6e4ba3275aab0d65f0f46969b11a4c4b36e8 @@ -8,9 +57,14 @@ blog.cacert.org 43200 IN SSHFP 3 1 8fa85a31215f10ea78fd0126d1c705c9a3662c86 blog.cacert.org 43200 IN SSHFP 3 2 86d330b900db9bf0a8bc9ec34b126aa8261fec9e02b123ab61c2aee0b56ae047 blog.cacert.org 43200 IN SSHFP 4 1 90903e8f4b35457bf41235f070adf592d7f724dd blog.cacert.org 43200 IN SSHFP 4 2 f24b770c16dcb91afc9461e62e6fe63a63d413efa4794751c039ed6d5213127b + +; board OpenERP board.cacert.org 43200 IN A 213.154.225.252 board.cacert.org 43200 IN SSHFP 1 1 f5c02a860a1cc07aeefbf802540680c7476bde6e board.cacert.org 43200 IN SSHFP 2 1 7b6eeb0ccdfb2e2cfe479e0aece36ff995fdd1f4 +finance.cacert.org 43200 IN CNAME board.cacert.org. + +; bug tracker bugs.cacert.org 43200 IN A 213.154.225.232 bugs.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::16 bugs.cacert.org 43200 IN SSHFP 1 1 4b4bc32c4e655559b43a370b77cad4983e8c24f8 @@ -21,8 +75,12 @@ bugs.cacert.org 43200 IN SSHFP 3 1 72737bd1240b446c2b8e0aad0acff889e3b72ec7 bugs.cacert.org 43200 IN SSHFP 3 2 152fc9f8d7d72979846757db7fa433bd3f6340cd0dcebcce5d681e60dc46ca44 bugs.cacert.org 43200 IN SSHFP 4 1 bb6b5f8599c3a93383392b80cc029a0d65ffc7f1 bugs.cacert.org 43200 IN SSHFP 4 2 caa52e4c5ddecc5ee144aa2b6965101961ff7e7518063b43908d133f1cdf6e15 + +; Firewall virtual IP cacert-fw.cacert.org 43200 IN A 213.154.225.229 cacert-fw.cacert.org 43200 IN AAAA 2001:7b8:3:9c::4 + +; Firewall 01 cacert-fw01.cacert.org 43200 IN A 213.154.225.253 cacert-fw01.cacert.org 43200 IN AAAA 2001:7b8:3:9c::5 cacert-fw01.cacert.org 43200 IN SSHFP 1 1 43a7c6105193d121a8b27f5cd1c59aae32a35c5a @@ -33,6 +91,8 @@ cacert-fw01.cacert.org 43200 IN SSHFP 3 1 c45e669fcd8f951e78e74340f75dbd6ae611ac cacert-fw01.cacert.org 43200 IN SSHFP 3 2 dc9d37b1cd325175437e5836ed1691d594f5af253a34e3b736b4522274c28f92 cacert-fw01.cacert.org 43200 IN SSHFP 4 1 119d5aa477a8a8dc79334fc84a64d1f3ea3a3319 cacert-fw01.cacert.org 43200 IN SSHFP 4 2 60d46e0d94070064e48a0d9de5a30778f00fd9c2c23dedb5a674c5ec873e3cdc + +; Firewall 02 cacert-fw02.cacert.org 43200 IN A 213.154.225.254 cacert-fw02.cacert.org 43200 IN AAAA 2001:7b8:3:9c::6 cacert-fw02.cacert.org 43200 IN SSHFP 1 1 43a7c6105193d121a8b27f5cd1c59aae32a35c5a @@ -43,18 +103,8 @@ cacert-fw02.cacert.org 43200 IN SSHFP 3 1 c45e669fcd8f951e78e74340f75dbd6ae611ac cacert-fw02.cacert.org 43200 IN SSHFP 3 2 dc9d37b1cd325175437e5836ed1691d594f5af253a34e3b736b4522274c28f92 cacert-fw02.cacert.org 43200 IN SSHFP 4 1 119d5aa477a8a8dc79334fc84a64d1f3ea3a3319 cacert-fw02.cacert.org 43200 IN SSHFP 4 2 60d46e0d94070064e48a0d9de5a30778f00fd9c2c23dedb5a674c5ec873e3cdc -cacert.org 43200 IN A 213.154.225.245 -cacert.org 43200 IN AAAA 2001:7b8:3:9c::245 -cacert.org 43200 IN CAA 0 issue "cacert.org" -cacert.org 43200 IN CAA 0 issuewild "cacert.org" -cacert.org 43200 IN CAA 0 iodef "mailto:critical-admin@cacert.org" -cacert.org 43200 IN MX 10 email.cacert.org. -cacert.org 43200 IN NS ns1.cacert.org. -cacert.org 43200 IN NS ns5.cacert.org. -cacert.org 43200 IN NS ns2.cacert.org. -cacert.org 43200 IN NS ns4.cacert.org. -cacert.org 43200 IN SOA ns1.cacert.org hostmaster.cacert.org 2022102005 14400 3600 604800 43200 -cacert.org 43200 IN TXT "v=spf1 ip4:213.154.225.245 ip4:213.154.225.246 ip4:213.154.225.247 ip6:2001:7b8:3:9c::245 ip6:2001:7b8:3:9c::246 ip6:2001:7b8:3:9c::247" " ip4:213.154.225.228 ip6:2001:7b8:616:162:2::228 ip4:213.154.225.230 ip4:213.154.225.239 ip6:2001:7b8:616:162:2::239 -all" + +; CAcert Assurer Training System cats.cacert.org 43200 IN A 213.154.225.243 cats.cacert.org 43200 IN SSHFP 1 1 d29d4cc4662d5cb5f42c02823ca8677f05439589 cats.cacert.org 43200 IN SSHFP 1 2 605af57ce0f1ecf8eeac5c71901f1434bf65c06fc0796b932d0f10f21ddf65fe @@ -62,11 +112,8 @@ cats.cacert.org 43200 IN SSHFP 2 1 0342eb1e7325eb90a1c0483de3d6597e36e569c8 cats.cacert.org 43200 IN SSHFP 2 2 0835241a5b1905097c332b176faec92e05c690169ba125184f3fe2c9612d9718 cats.cacert.org 43200 IN SSHFP 3 1 cc7f9edc6f2b9ce4a3f3953ff97c951572ba0f8c cats.cacert.org 43200 IN SSHFP 3 2 1f54953c96de0e93cd19e66ca25085d6773ceefd3c376be2e77c1a337ccd008d -cats.test.cacert.org 43200 IN CNAME test.cacert.org. -cats.test2.cacert.org 43200 IN CNAME test2.cacert.org. -cats.test3.cacert.org 43200 IN CNAME test3.cacert.org. -cert.lists.cacert.org 43200 IN CNAME lists.cacert.org. -cert.svn.cacert.org 43200 IN CNAME svn.cacert.org. + +; code (Gitea) code.cacert.org 43200 IN A 213.154.225.249 code.cacert.org 43200 IN AAAA 2001:7b8:616:162:3::15 code.cacert.org 43200 IN SSHFP 1 1 99fe627866921e9cbb8e10fca89681518f7e6ed5 @@ -75,10 +122,12 @@ code.cacert.org 43200 IN SSHFP 3 1 e8021534def77726741a874945ec578ed6d84f31 code.cacert.org 43200 IN SSHFP 3 2 54e42fd9ac210cd6bd3ec1ca75b80bf4585eb47606a40b4627d1916f355dcb9f code.cacert.org 43200 IN SSHFP 4 1 33305c1b89678caa80ef42a31e29b3e8dc70ccb9 code.cacert.org 43200 IN SSHFP 4 2 cce03a264ec4b947d4a30ddc2b86fe80fc73d51f751baa834ff1ec848181b8eb -codedocs.cacert.org 43200 IN CNAME web.cacert.org. -community.cacert.org 43200 IN CNAME email.cacert.org. + +; public CRL service crl.cacert.org 43200 IN A 213.154.225.236 crl.cacert.org 43200 IN AAAA 2001:7b8:616:163::104 + +; community email (incoming) / MX email.cacert.org 43200 IN A 213.154.225.228 email.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::228 email.cacert.org 43200 IN SSHFP 1 1 bf391fd72656a275524d1d25a624c6045b44ae90 @@ -87,6 +136,9 @@ email.cacert.org 43200 IN SSHFP 3 1 5ffbc51c37cdff52db9c488c08b89af9ffee06a0 email.cacert.org 43200 IN SSHFP 3 2 a114de78fc26bd0dc6fa2206d7c04519ec875023cf203e446d4bbbbc4e24da19 email.cacert.org 43200 IN SSHFP 4 1 18418515e94817f0624bf0a192331addf878ff66 email.cacert.org 43200 IN SSHFP 4 2 d4fe3165206ba69baf4643253138561789918688375ed8ab89bcfc4411535221 +community.cacert.org 43200 IN CNAME email.cacert.org. + +; outgoing email relay emailout.cacert.org 43200 IN A 213.154.225.239 emailout.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::239 emailout.cacert.org 43200 IN SSHFP 1 1 1ba1ab632911e8a68a69521130120695086d858c @@ -95,8 +147,8 @@ emailout.cacert.org 43200 IN SSHFP 3 1 527004f2091d2cef2c28b5f8241fc0e76307b2ba emailout.cacert.org 43200 IN SSHFP 3 2 9094dcf8860523a83542ec4cc46fbcfed396f5525bc202cfecf42d1a7044136d emailout.cacert.org 43200 IN SSHFP 4 1 63f40df8536052d33d2d515eceb111ccb7983619 emailout.cacert.org 43200 IN SSHFP 4 2 4ceb488ad17ea7c8db161fdf3357e273d2ea1fe5be183794aacd7c4bfdfaa8a5 -finance.cacert.org 43200 IN CNAME board.cacert.org. -funding.cacert.org 43200 IN CNAME web.cacert.org. + +; git repository server git.cacert.org 43200 IN A 213.154.225.250 git.cacert.org 43200 IN SSHFP 1 1 23c7622d6db5822c809152c1c0fd9ea7838f76c6 git.cacert.org 43200 IN SSHFP 1 2 dabbe1766c7933071c4e6942a1dfc72c26d9d867d8dee84beda210c8ef9ea2c5 @@ -106,6 +158,8 @@ git.cacert.org 43200 IN SSHFP 3 1 60de5788bd83abc7f315b667f634bda5da8502ed git.cacert.org 43200 IN SSHFP 3 2 132bd98483440124f6b8117148b02a66645477f53c18f974e4decb32a7495644 git.cacert.org 43200 IN SSHFP 4 1 13d611007b43d073cf4d89784510398116623eb7 git.cacert.org 43200 IN SSHFP 4 2 40a61a25488fe01c056eaaff703ef0ff9c6b01bee00580a91b95741dfaa59751 + +; hopper for critical systems hopper.cacert.org 43200 IN A 213.136.19.144 hopper.cacert.org 43200 IN AAAA 2001:7b8:616:163::100 hopper.cacert.org 43200 IN SSHFP 1 1 0632f537b79c8c7216a56b5da37aadfca3ff2b0c @@ -114,7 +168,19 @@ hopper.cacert.org 43200 IN SSHFP 2 1 592affda35b209147e17d6a3b2c38c37371061e1 hopper.cacert.org 43200 IN SSHFP 2 2 de43b28a103b0afa685dd4918515f0b8ddbc4422b476a5af3374af63831ae22a hopper.cacert.org 43200 IN SSHFP 3 1 f450a0cb1816e519b3f03e9ea9c8a54a94955071 hopper.cacert.org 43200 IN SSHFP 3 2 cc1b07f5bc75760dbb98a5bc515bf9cf7f3559bff032d56ba37b32bc38031375 + +; infrastructure host infra02 +infrastructure.cacert.org 43200 IN A 213.154.225.230 +infrastructure.cacert.org 43200 IN AAAA 2001:7b8:616:162:1::10 +infrastructure.cacert.org 43200 IN SSHFP 1 1 5a82d3c150af002c05784f73250a067053aeed63 +infrastructure.cacert.org 43200 IN SSHFP 1 2 63b0d74a3f1ce61865a5eb0497ef05243bc4067ec983c69ab8e62f3cb940cc82 +infrastructure.cacert.org 43200 IN SSHFP 2 1 af8d8e3386eaa72997709632adf2b457e6fef0dc +infrastructure.cacert.org 43200 IN SSHFP 2 2 3a0188fc47d1fdd14d70a2fb78f51792d06ba11eae6ab16e73cb7bb8dd6a0dc8 +infrastructure.cacert.org 43200 IN SSHFP 3 1 3e1b9ebf85b726cf831c76ecb8c17786aedf40e8 +infrastructure.cacert.org 43200 IN SSHFP 3 2 3ae7f0035c2172977e99bfe312c7a8299650dea16a975ea13eece8fda426062a infra02.cacert.org 43200 IN CNAME infrastructure.cacert.org. + +; infrastructure host infra03 infra03.cacert.org 43200 IN A 213.154.225.249 infra03.cacert.org 43200 IN AAAA 2001:7b8:616:162:1::9 infra03.cacert.org 43200 IN SSHFP 1 1 a059afe0477b474deed1544724cdc559fc2f4fe0 @@ -123,15 +189,8 @@ infra03.cacert.org 43200 IN SSHFP 3 1 948540f6318c7dcc91f6620d70ce50c37dd5e455 infra03.cacert.org 43200 IN SSHFP 3 2 227d766e4b98e8992d20ea6c070e41cbcf62a7aa2f5a18b812bf06690cec6eb2 infra03.cacert.org 43200 IN SSHFP 4 1 37ea2d8a5faf0f14cc4b4c79c2a554620105765b infra03.cacert.org 43200 IN SSHFP 4 2 9b6081c212ea3b8ec7e62884a12ed82bb9808285cb788123984761ccd2264cf4 -infradocs.cacert.org 43200 IN CNAME web.cacert.org. -infrastructure.cacert.org 43200 IN A 213.154.225.230 -infrastructure.cacert.org 43200 IN AAAA 2001:7b8:616:162:1::10 -infrastructure.cacert.org 43200 IN SSHFP 1 1 5a82d3c150af002c05784f73250a067053aeed63 -infrastructure.cacert.org 43200 IN SSHFP 1 2 63b0d74a3f1ce61865a5eb0497ef05243bc4067ec983c69ab8e62f3cb940cc82 -infrastructure.cacert.org 43200 IN SSHFP 2 1 af8d8e3386eaa72997709632adf2b457e6fef0dc -infrastructure.cacert.org 43200 IN SSHFP 2 2 3a0188fc47d1fdd14d70a2fb78f51792d06ba11eae6ab16e73cb7bb8dd6a0dc8 -infrastructure.cacert.org 43200 IN SSHFP 3 1 3e1b9ebf85b726cf831c76ecb8c17786aedf40e8 -infrastructure.cacert.org 43200 IN SSHFP 3 2 3ae7f0035c2172977e99bfe312c7a8299650dea16a975ea13eece8fda426062a + +; incoming traffic SNI proxy on infra03 ingress03.cacert.org 43200 IN A 213.154.225.249 ingress03.cacert.org 43200 IN AAAA 2001:7b8:616:162:3::10 ingress03.cacert.org 43200 IN SSHFP 1 1 244bbca474c91548e245da702428dc4d44ecd66b @@ -140,6 +199,8 @@ ingress03.cacert.org 43200 IN SSHFP 3 1 58ccf651d3d5a7e515fcee3a2e0f63e473245b13 ingress03.cacert.org 43200 IN SSHFP 3 2 a3b002c65d219226286d5fa09a7ad5dde685d3d76db5d87af4ad93e9b90eee31 ingress03.cacert.org 43200 IN SSHFP 4 1 e6bd4af384ab9b10c3e4549970727e243d5fe1cf ingress03.cacert.org 43200 IN SSHFP 4 2 1c0f2acc2f13eb65a98801ede880a55b1c21a7686983d0a326e70f3cac8fbd4c + +; IRC service irc.cacert.org 43200 IN A 213.154.225.233 irc.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::14 irc.cacert.org 43200 IN SSHFP 1 1 39b6c81b9fe76bd3c112f891ad3198f7a6102f4c @@ -150,9 +211,13 @@ irc.cacert.org 43200 IN SSHFP 3 1 5b9191613e743082fd4aa64e1f3a4601ed77f366 irc.cacert.org 43200 IN SSHFP 3 2 b88f898cd5251b2b6e315a2e266873747b7cd237c0f92458916af938e4694f96 irc.cacert.org 43200 IN SSHFP 4 1 866a42ee920b7f38a86ca9f3b07af808aae9768c irc.cacert.org 43200 IN SSHFP 4 2 68d44bc21d05550c8aab62163b9257c85b9bcf0a4cab1c96ad2ca674b803601c + +; support issue tracker issue.cacert.org 43200 IN A 213.154.225.244 issue.cacert.org 43200 IN SSHFP 1 1 3f55e52b51d142ef9d15eeaa9ca25b3aa30c7c6e issue.cacert.org 43200 IN SSHFP 2 1 fd9a5c79c4a9057b87ae8e639fd223b386af4bdb + +; Jenkins CI/CD service jenkins.cacert.org 43200 IN A 213.154.225.242 jenkins.cacert.org 43200 IN SSHFP 1 1 2caebe197c0f1c25404890adfedabb371fb05650 jenkins.cacert.org 43200 IN SSHFP 1 2 6110a42530a5197ab1180417ee32b2eb581813ca773498177481b11d969bb529 @@ -162,14 +227,20 @@ jenkins.cacert.org 43200 IN SSHFP 3 1 1ce55a42b27bf42a78e281440f146da17255a97d jenkins.cacert.org 43200 IN SSHFP 3 2 20763231fecf9518c2cecab05ac76e4483f563c0853f8b8a53e469316da75381 jenkins.cacert.org 43200 IN SSHFP 4 1 157ca8b4329dd78f2f83a6cdc0fc11009387c47f jenkins.cacert.org 43200 IN SSHFP 4 2 db988ff234a4948bbcb1a61ff21c080efed454825141b0a1d041921f78573562 -l10n.cacert.org 43200 IN CNAME translations.cacert.org. + +; mailing list service lists.cacert.org 43200 IN A 213.154.225.231 lists.cacert.org 43200 IN MX 10 email.cacert.org. lists.cacert.org 43200 IN SSHFP 1 1 87f75b9124326b566ed22dcf65a9740eede8f0ff lists.cacert.org 43200 IN SSHFP 2 1 8d79e68e731ed72667f3d286c477245df653083b lists.cacert.org 43200 IN TXT "v=spf1 ip4:213.154.225.231 -all" +cert.lists.cacert.org 43200 IN CNAME lists.cacert.org. +nocert.lists.cacert.org 43200 IN CNAME lists.cacert.org. + +_adsp._domainkey.lists.cacert.org 43200 IN TXT "dkim=all" lists._domainkey.lists.cacert.org 43200 IN TXT "v=DKIM1;g=*;k=rsa;t=y;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCs2Hu5HQpT5FWj2TrqHZwFM/h0Tc35idlBviaArkdp5fRPx402ID+pMYZZW6lVM/IJlmeTqPGO73oQyl/tFlnXWj/X8p809IFqWnKWzGKJLhnxMAZW7bmzyjR8siK3It93+s5mu9r/4pwHCW3bEbdtKartd7cud84JO15cLJYA+QIDAQAB" -mail._domainkey.cacert.org 43200 IN TXT "v=DKIM1;g=*;k=rsa;t=y;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOZV5h3rm18QRiNfNnwXadX8jeSC3zjpU7GFNTfZk1ifjLxrlVrSsfAvlVfFvR2/uQXegwEkiNV5bd57d989T+VVLZZbSv+OAXX4ZwihsLkf3huDszKtJTvsybqUNh97OE00THSyJCrcowFDcLv5IN2ULCOlMjTqbZxZuaNW0S6wIDAQAB" + +; internal MariaDB service mariadb.cacert.org 43200 IN AAAA 2001:7b8:616:162:3::11 mariadb.cacert.org 43200 IN SSHFP 1 1 adaa9a3d2effffac9ae6dad83848ad48c1386e02 mariadb.cacert.org 43200 IN SSHFP 1 2 040a0a486739ae2e78feea6e3300802196d268ea801939cb3c06af31c34ea110 @@ -177,9 +248,8 @@ mariadb.cacert.org 43200 IN SSHFP 3 1 77fedbfba8727b84589e3fc3250f7c74c80c6b8d mariadb.cacert.org 43200 IN SSHFP 3 2 ab677f8f4814dbf6a409da98cfaa35752e603f5821e89308e66b086de47c9374 mariadb.cacert.org 43200 IN SSHFP 4 1 57130ae9b976b7d9f7473a690784a22cd94f4d56 mariadb.cacert.org 43200 IN SSHFP 4 2 ea3a52ceab2728e37c5ab8229b399105e3213a3db759f4c7741f4d87d142af92 -mgr.test.cacert.org 43200 IN CNAME test.cacert.org. -mgr.test2.cacert.org 43200 IN CNAME test2.cacert.org. -mgr.test3.cacert.org 43200 IN CNAME test3.cacert.org. + +; Icinga monitoring for infrastructure monitor.cacert.org 43200 IN A 213.154.225.230 monitor.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::18 monitor.cacert.org 43200 IN SSHFP 1 1 1128972fb54f927477a781718e2f9c114e9ca383 @@ -190,6 +260,8 @@ monitor.cacert.org 43200 IN SSHFP 3 1 f2178de365fc5539681c4c1a8d4111688a7403d6 monitor.cacert.org 43200 IN SSHFP 3 2 196bd8aa1414b7d20d87fed5455bba67660e468cbf633801c4d0665fe66f32c9 monitor.cacert.org 43200 IN SSHFP 4 1 442f4f28905fc6a58bfe12c3f2eafe2938f25573 monitor.cacert.org 43200 IN SSHFP 4 2 2f9ae80bcebb6efc432747246e12103add80f4d875450055b882455b0acf2c60 + +; Board motion system motion.cacert.org 43200 IN A 213.154.225.241 motion.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::35 motion.cacert.org 43200 IN SSHFP 2 2 53dedfd2c566011db80311528eba15fd000b0a5092ab1fc8104ca5804490cd18 @@ -200,6 +272,8 @@ motion.cacert.org 43200 IN SSHFP 4 2 ca108fc298cb08406fe02454d9245ee1cf26c724169 motion.cacert.org 43200 IN SSHFP 1 1 f018202c72749af5f48d45d5d536422f9c364fbb motion.cacert.org 43200 IN SSHFP 1 2 0d17bbfe2efa97edbb13ffe3e6bfd3b4b9be5117f3c831a2f1a55b6c50e92fd4 motion.cacert.org 43200 IN SSHFP 2 1 ee6f2e346a5d5164100721f99765a4d3d08c6dce + +; Community nextcloud nextcloud.cacert.org 43200 IN A 213.154.225.249 nextcloud.cacert.org 43200 IN AAAA 2001:7b8:616:162:3::12 nextcloud.cacert.org 43200 IN SSHFP 1 1 5f7f6b6fbb86c469ca52b4705bb034aae6ea0dc9 @@ -208,8 +282,8 @@ nextcloud.cacert.org 43200 IN SSHFP 3 1 abd6257bfc4e47909e4d41b06914a196b8b2b4f1 nextcloud.cacert.org 43200 IN SSHFP 3 2 c6f857e69cf509443ff011505b3a774bfa3a149926a7818cd37167c211bec55b nextcloud.cacert.org 43200 IN SSHFP 4 1 dc1c48fd2e62a98672ea70126b2209d604cbc758 nextcloud.cacert.org 43200 IN SSHFP 4 2 5563549548d8be620aab5b609f2b48a15be0d80986f79e3a5b28c1f4a974617b -nocert.lists.cacert.org 43200 IN CNAME lists.cacert.org. -nocert.svn.cacert.org 43200 IN CNAME svn.cacert.org. + +; Name servers ns1.cacert.org 43200 IN A 213.154.225.251 ns1.cacert.org 43200 IN AAAA 2001:7b8:616:163::102 ns2.cacert.org 43200 IN A 213.154.225.237 @@ -218,8 +292,12 @@ ns4.cacert.org 43200 IN A 45.77.40.159 ns4.cacert.org 43200 IN AAAA 2001:19f0:4400:407d::1313 ns5.cacert.org 43200 IN A 167.86.117.119 ns5.cacert.org 43200 IN AAAA 2a02:c207:3004:6195::1 + +; public OCSP ocsp.cacert.org 43200 IN A 213.154.225.237 ocsp.cacert.org 43200 IN AAAA 2001:7b8:616:163::103 + +; internal PostgreSQL service pgsql.cacert.org 43200 IN AAAA 2001:7b8:616:162:3::13 pgsql.cacert.org 43200 IN SSHFP 1 1 9f6405d67eab3da7b19c9decfd1df73908800cdb pgsql.cacert.org 43200 IN SSHFP 1 2 b4ca5a545a6801e23c2f75193ac3bda65e3524750cd588ef8a3a709104ee01f5 @@ -227,7 +305,12 @@ pgsql.cacert.org 43200 IN SSHFP 3 1 be1c6266a7bc9c85c60505475ca834d1edb50a05 pgsql.cacert.org 43200 IN SSHFP 3 2 90e6efd10d99e08e6d200261cdb8b3e6798921cb7e8d44a0fffa2aabe5f31e81 pgsql.cacert.org 43200 IN SSHFP 4 1 a90a3d944b848ffda49b1c814b07d0a4368a6195 pgsql.cacert.org 43200 IN SSHFP 4 2 4319929ff7c2dd0edcc69d1fec2b8f660737dbd1ba8d49f719daddaceb4d08d1 + +; email ping for users +; TODO: needs to be referenced in the SPF record for cacert.org ping.cacert.org 43200 IN AAAA 2001:7b8:616:28:50::11 + +; incoming proxy on infra02 proxyin.cacert.org 43200 IN A 213.154.225.241 proxyin.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::35 proxyin.cacert.org 43200 IN SSHFP 1 1 c7c559bc06d236b4128e6d720a573d805a27727a @@ -238,6 +321,8 @@ proxyin.cacert.org 43200 IN SSHFP 3 1 b9581a544ca96fe071341acb450a2cf74b1b7c9f proxyin.cacert.org 43200 IN SSHFP 3 2 be3dd21fde37042659a25143cb5171b39d22ea2c846745af9c098003a9004185 proxyin.cacert.org 43200 IN SSHFP 4 1 9b4ba8c78b6585abaf2b46bce78a6f366f1e9bac proxyin.cacert.org 43200 IN SSHFP 4 2 59125e8706a208fa8eed2b5994ec60f7ba8e31b1c26d90ce909d78a0027359ef + +; outgoing proxy and APT repository cache proxyout.cacert.org 43200 IN A 213.154.225.230 proxyout.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::201 proxyout.cacert.org 43200 IN SSHFP 1 1 9666fa7a0850e1ba358bb4a7ff701ba66d81a0d9 @@ -246,13 +331,17 @@ proxyout.cacert.org 43200 IN SSHFP 3 1 abc0a160b7b7e1b33e6d5857514e3fbcaf112ef9 proxyout.cacert.org 43200 IN SSHFP 3 2 77bf57015934a6ca4856823b8b87dfa2133b3e3681309761d49e32bfee19e66b proxyout.cacert.org 43200 IN SSHFP 4 1 89d5470cfccd0bacb292a74c824ffa40433ef28a proxyout.cacert.org 43200 IN SSHFP 4 2 dbaca22544f735faa91432e00205d2b112fba6932222936a2a67c388cc6902a7 + +; secure part of webdb providing client certificate login secure.cacert.org 43200 IN A 213.154.225.246 secure.cacert.org 43200 IN AAAA 2001:7b8:3:9c::246 -secure.test.cacert.org 43200 IN CNAME test.cacert.org. -secure.test2.cacert.org 43200 IN CNAME test2.cacert.org. -secure.test3.cacert.org 43200 IN CNAME test3.cacert.org. +_443._tcp.secure.cacert.org 43200 IN TLSA 2 1 1 6f2851409d710504a35115abcb9a6dd3f2577ec937c9ef1938926fa82fd6ff5d + +; community self service selfservice.cacert.org 43200 IN A 213.154.225.241 selfservice.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::35 + +; subversion scm service svn.cacert.org 43200 IN A 213.154.225.238 svn.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::15 svn.cacert.org 43200 IN SSHFP 1 1 1128972fb54f927477a781718e2f9c114e9ca383 @@ -263,18 +352,34 @@ svn.cacert.org 43200 IN SSHFP 3 1 ea3eeac6cb50f9bbd2e2bb7d5fc39c13348d4a23 svn.cacert.org 43200 IN SSHFP 3 2 56fb13ba24d88b3dcfd7de0c33d6f0b5e65c2b0c8b8bf44c5877746b74c49986 svn.cacert.org 43200 IN SSHFP 4 1 537d0496fd72a5dfcbc196aac7b02ad7d02896bb svn.cacert.org 43200 IN SSHFP 4 2 3a06b4ea07382dab0dfe54dbe926739587e0e8715e327e518279be1bd847b73c +cert.svn.cacert.org 43200 IN CNAME svn.cacert.org. +nocert.svn.cacert.org 43200 IN CNAME svn.cacert.org. + +; test system 1 test.cacert.org 43200 IN A 213.154.225.241 test.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::248 test.cacert.org 43200 IN SSHFP 1 1 11bcb0ab4d1fd39547426d9527b88afb8ff85209 test.cacert.org 43200 IN SSHFP 1 2 e7022da53893a72d85f0bffdec46db6c1cc09bd8c612d0db2bb5648185f67225 test.cacert.org 43200 IN SSHFP 3 1 eb64aefef0c8544bdebf15f71c6651e90b454ad0 test.cacert.org 43200 IN SSHFP 3 2 988ec0793d7339e1216694351a8dd3830027cf2a86120cbc78f14689826ccb39 +cats.test.cacert.org 43200 IN CNAME test.cacert.org. +mgr.test.cacert.org 43200 IN CNAME test.cacert.org. +secure.test.cacert.org 43200 IN CNAME test.cacert.org. +www.test.cacert.org 43200 IN CNAME test.cacert.org. + +; test system 2 test2.cacert.org 43200 IN A 213.154.225.241 test2.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::249 test2.cacert.org 43200 IN SSHFP 1 1 6cf47397afd468336dc07a27f7fc00797693fe12 test2.cacert.org 43200 IN SSHFP 1 2 c008e67b906af92df0c9cf30a1c5df998d2b47cb518698fb2974193c07ce7f40 test2.cacert.org 43200 IN SSHFP 2 1 666df52c894aafa85fb3a890077bc29046df9b96 test2.cacert.org 43200 IN SSHFP 2 2 e5794cff631facb7c294cc6727a5335e15bd39041df3e73e3440db3a995ea43a +cats.test2.cacert.org 43200 IN CNAME test2.cacert.org. +mgr.test2.cacert.org 43200 IN CNAME test2.cacert.org. +secure.test2.cacert.org 43200 IN CNAME test2.cacert.org. +www.test2.cacert.org 43200 IN CNAME test2.cacert.org. + +; test system 3 test3.cacert.org 43200 IN A 213.154.225.241 test3.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::149 test3.cacert.org 43200 IN SSHFP 1 1 39fd3b77396529f83e095ff09c59994c47d9e0d3 @@ -283,6 +388,12 @@ test3.cacert.org 43200 IN SSHFP 3 1 e4d81b532dc90ebb6d087ae732ce016b87945ebd test3.cacert.org 43200 IN SSHFP 3 2 71b5aedcc999e6ffc0f90eeb9254c8771ddaa6a4981cf55e8e2228f6bdee64ce test3.cacert.org 43200 IN SSHFP 4 1 50b22453f5c8d845895bacccbc1fc325d033f65d test3.cacert.org 43200 IN SSHFP 4 2 a928b84465769480d70dfc5ecd3af2e4cdb192ee11d1cffc4f31ea1fbed09d41 +cats.test3.cacert.org 43200 IN CNAME test3.cacert.org. +mgr.test3.cacert.org 43200 IN CNAME test3.cacert.org. +secure.test3.cacert.org 43200 IN CNAME test3.cacert.org. +www.test3.cacert.org 43200 IN CNAME test3.cacert.org. + +; Translation service translations.cacert.org 43200 IN A 213.154.225.240 translations.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::31 translations.cacert.org 43200 IN SSHFP 1 1 1128972fb54f927477a781718e2f9c114e9ca383 @@ -293,6 +404,9 @@ translations.cacert.org 43200 IN SSHFP 3 1 0f0cbd9c188d619d743859a249238f684d6cc translations.cacert.org 43200 IN SSHFP 3 2 441d76eb651022a8c5810c6946cbdec47504e97ad669b073ec9d6e27791a7c4d translations.cacert.org 43200 IN SSHFP 4 1 a4102e1fbf1be1acd53f2e7653dd8898e567c437 translations.cacert.org 43200 IN SSHFP 4 2 6fe3334b51e68f9f650b00d13f504306029b71a76c5aff54873d72b24ed19dd5 +l10n.cacert.org 43200 IN CNAME translations.cacert.org. + +; community web site hosting web.cacert.org 43200 IN A 213.154.225.242 web.cacert.org 43200 IN SSHFP 1 1 85f5338d90930200cbbfce1aab56988b4c8f0f22 web.cacert.org 43200 IN SSHFP 1 2 d39cbd51588f322f7b4384274cf0166f25b10f54a6cd153ed7251ff30b5b516e @@ -302,6 +416,11 @@ web.cacert.org 43200 IN SSHFP 3 1 7b62d8d1e093c28cda0f3d2444846128b41c10de web.cacert.org 43200 IN SSHFP 3 2 0917da677c9e6caf1818c1151ec2a813623a2b2955a1a850f260d64ef041400b web.cacert.org 43200 IN SSHFP 4 1 e835735157ee3f75663b9c18adbe12b49b28ca96 web.cacert.org 43200 IN SSHFP 4 2 2079bd1a37f4bbbe770033be58360b16e1f03cadd17807b5d35c46fcd782c189 +codedocs.cacert.org 43200 IN CNAME web.cacert.org. +funding.cacert.org 43200 IN CNAME web.cacert.org. +infradocs.cacert.org 43200 IN CNAME web.cacert.org. + +; community webmail webmail.cacert.org 43200 IN A 213.154.225.239 webmail.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::118 webmail.cacert.org 43200 IN SSHFP 1 1 b56a68f3c30c5d5b7854c615cb0f20b6807c7aef @@ -310,6 +429,8 @@ webmail.cacert.org 43200 IN SSHFP 3 1 e0bfb3bcf37c22caf5ae6a6216abe82d0ccad329 webmail.cacert.org 43200 IN SSHFP 3 2 b9c7f264f9327ca62c5678255d716b5a6f05be783cbdb7c44ef278f3053370ef webmail.cacert.org 43200 IN SSHFP 4 1 bf7d5531a2daba84171b8706217897b1c7a8f16d webmail.cacert.org 43200 IN SSHFP 4 2 4411a6a0820eb811474bcd71e82f00c007030b79bff11df971d1c1bf1a5cc8ff + +; static websites webstatic.cacert.org 43200 IN A 213.154.225.242 webstatic.cacert.org 43200 IN SSHFP 1 1 30897a7a984d8350495946d54c6374e9331237ef webstatic.cacert.org 43200 IN SSHFP 1 2 32bb10c5cf48532d077066e012230058ddf3cce731c561f228e310eb7a546e3f @@ -319,6 +440,8 @@ webstatic.cacert.org 43200 IN SSHFP 3 1 7fc847cec20b9d65296d4a0edafba22a14ee9dc4 webstatic.cacert.org 43200 IN SSHFP 3 2 68879264e0ed5d0914797bf2292436fb32cca24683dcf5d927a53589c1bfb6d7 webstatic.cacert.org 43200 IN SSHFP 4 1 a087ef97f4d014b4281a9e462ddc080354231873 webstatic.cacert.org 43200 IN SSHFP 4 2 342df8975a92b9fac1763c63264ef9a0e9e686b416d5590b20bb0e84995eefb0 + +; wiki wiki.cacert.org 43200 IN A 213.154.225.235 wiki.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::12 wiki.cacert.org 43200 IN SSHFP 1 1 5c3e0d3265782405e0141c47bf0e16ec14b12e08 @@ -326,36 +449,11 @@ wiki.cacert.org 43200 IN SSHFP 1 2 69101872cb629e30a78ca4aac781720e1217c3733f6bb wiki.cacert.org 43200 IN SSHFP 3 2 88d73c828d56d3cccac530558bf0a1b2678c238f285c3ef6b61fa05ea782fd60 wiki.cacert.org 43200 IN SSHFP 4 1 c1d79ceb8986b02b6b477f8c9e50b2623a15cfe8 wiki.cacert.org 43200 IN SSHFP 4 2 6cfa531e0eebbb01b226444d33c238b83c96cc134d23662f95a36c095c4dfbdf + +; main CAcert website www.cacert.org 43200 IN A 213.154.225.245 www.cacert.org 43200 IN AAAA 2001:7b8:3:9c::245 -www.test.cacert.org 43200 IN CNAME test.cacert.org. -www.test2.cacert.org 43200 IN CNAME test2.cacert.org. -www.test3.cacert.org 43200 IN CNAME test3.cacert.org. +_443._tcp.www.cacert.org 43200 IN TLSA 2 1 1 6f2851409d710504a35115abcb9a6dd3f2577ec937c9ef1938926fa82fd6ff5d + www1.cacert.org 43200 IN A 213.154.225.247 www1.cacert.org 43200 IN AAAA 2001:7b8:3:9c::247 -_443._tcp.secure.cacert.org 43200 IN TLSA 2 1 1 6f2851409d710504a35115abcb9a6dd3f2577ec937c9ef1938926fa82fd6ff5d -_443._tcp.www.cacert.org 43200 IN TLSA 2 1 1 6f2851409d710504a35115abcb9a6dd3f2577ec937c9ef1938926fa82fd6ff5d -_adsp._domainkey.cacert.org 43200 IN TXT "dkim=unknown" -_adsp._domainkey.lists.cacert.org 43200 IN TXT "dkim=all" -_certs.g1._fp.cacert.org 43200 IN TXT "root_X0F class3_2021" -_md5.class3.g1._fp.cacert.org 43200 IN TXT "F72512824E67B5D08D92B77C0B867A42" -_md5.class3_2021.g1._fp.cacert.org 43200 IN TXT "C0DED85DF82B03269F371478125E8AB3" -_md5.class3_x0e.g1._fp.cacert.org 43200 IN TXT "2CFA3FF9F44A0A6D3F577EA8A82315BE" -_md5.root.g1._fp.cacert.org 43200 IN TXT "A61B375E390D9C3654EEBD2031461F6B" -_md5.root_x0f.g1._fp.cacert.org 43200 IN TXT "8AE61B1AF7679A9095A7E9E02DFF1FF3" -_oldcerts.g1._fp.cacert.org 43200 IN TXT "root class3 class3_X0E" -_sha1.class3.g1._fp.cacert.org 43200 IN TXT "AD7C3F64FC4439FEF4E90BE8F47C6CFA8AADFDCE" -_sha1.class3_2021.g1._fp.cacert.org 43200 IN TXT "D8A83A64117FFD2194FEE1983DD25C7B32A8FFC8" -_sha1.class3_x0e.g1._fp.cacert.org 43200 IN TXT "A7C48FBE6B026DBD0EC1B465B88DD813EE1DEFA0" -_sha1.root.g1._fp.cacert.org 43200 IN TXT "135CEC36F49CB8E93B1AB270CD80884676CE8F33" -_sha1.root_x0f.g1._fp.cacert.org 43200 IN TXT "DDFCDA541E7577ADDCA87E8827A98A50603252A5" -_sha256.class3.g1._fp.cacert.org 43200 IN TXT "4EDDE9E55CA453B388887CAA25D5C5C5BCCF2891D73B87495808293D5FAC83C8" -_sha256.class3_2021.g1._fp.cacert.org 43200 IN TXT "1BC5A61A2C0C0132C52B284F3DA0D8DACF717A0F6C1DDF81D80B36EEE4442869" -_sha256.class3_x0e.g1._fp.cacert.org 43200 IN TXT "F6873D70D67596C2ACBA34401E69738B52701DD6AB06B49749BC55150936D544" -_sha256.root.g1._fp.cacert.org 43200 IN TXT "FF2A65CFF1149C7430101E0F65A07EC19183A3B633EF4A6510890DAD18316B3A" -_sha256.root_x0f.g1._fp.cacert.org 43200 IN TXT "07EDBD824A4988CFEF4215DA20D48C2B41D71529D7C900F570926F277CC230C5" -_url.class3.g1._fp.cacert.org 43200 IN TXT "http://www.cacert.org/certs/class3.crt" -_url.class3_2021.g1._fp.cacert.org 43200 IN TXT "http://www.cacert.org/certs/class3_2021.crt" -_url.class3_x0e.g1._fp.cacert.org 43200 IN TXT "http://www.cacert.org/certs/class3_X0E.crt" -_url.root.g1._fp.cacert.org 43200 IN TXT "http://www.cacert.org/certs/root.crt" -_url.root_x0f.g1._fp.cacert.org 43200 IN TXT "http://www.cacert.org/certs/root_X0F.crt" From 1f976e4d654b5fee2e072d55595784b540824bdd Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Sun, 30 Oct 2022 09:46:51 +0100 Subject: [PATCH 2/4] Sort reverse DNS zones --- 224-27.225.154.213.in-addr.arpa | 5 ++++- 6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa | 17 ++++++++++------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/224-27.225.154.213.in-addr.arpa b/224-27.225.154.213.in-addr.arpa index b01c910..96770c9 100644 --- a/224-27.225.154.213.in-addr.arpa +++ b/224-27.225.154.213.in-addr.arpa @@ -1,10 +1,13 @@ $ORIGIN . +; vim: set ft=dns noet: +; IPv4 reverse DNS zone for 213.154.225.224/27 +224-27.225.154.213.in-addr.arpa 3600 IN SOA ns1.cacert.org hostmaster.cacert.org 2022102001 10800 3600 604800 3600 224-27.225.154.213.in-addr.arpa 3600 IN NS ns1.cacert.org. 224-27.225.154.213.in-addr.arpa 3600 IN NS ns2.cacert.org. 224-27.225.154.213.in-addr.arpa 3600 IN NS ns3.cacert.org. 224-27.225.154.213.in-addr.arpa 3600 IN NS ns4.cacert.org. 224-27.225.154.213.in-addr.arpa 3600 IN NS ns5.cacert.org. -224-27.225.154.213.in-addr.arpa 3600 IN SOA a.misconfigured.dns.server.invalid hostmaster.224-27.225.154.213.in-addr.arpa 2022102001 10800 3600 604800 3600 + 225.224-27.225.154.213.in-addr.arpa 3600 IN PTR oophaga-gw.network.bit.nl 226.224-27.225.154.213.in-addr.arpa 3600 IN PTR oophaga-vrrp1.network.bit.nl 227.224-27.225.154.213.in-addr.arpa 3600 IN PTR oophaga-vrrp2.network.bit.nl diff --git a/6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa b/6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa index 8f7baaa..678cbe9 100644 --- a/6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa +++ b/6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa @@ -1,4 +1,13 @@ $ORIGIN . +; vim: set ft=dns noet: +; IPv6 reverse DNS zone for 2001:7b8:616::/48 +6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN SOA ns1.cacert.org hostmaster.cacert.org 2022102001 10800 3600 604800 3600 +6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN NS ns1.cacert.org. +6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN NS ns2.cacert.org. +6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN NS ns3.cacert.org. +6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN NS ns4.cacert.org. +6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN NS ns5.cacert.org. + 0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR hopper.cacert.org 0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR hopper.cacert.org 0.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR infrastructure.cacert.org @@ -12,8 +21,8 @@ $ORIGIN . 1.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR ldap.cacert.org 1.2.0.0.0.0.0.0.0.0.0.0.0.5.0.0.8.2.0.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR ping.cacert.org 1.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR mail.cacert.org -1.3.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR translations.cacert.org 1.3.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR l10n.cacert.org +1.3.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR translations.cacert.org 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR fw01.cacert.org 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR fw01.cacert.org 2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR ns1.cacert.org @@ -31,12 +40,6 @@ $ORIGIN . 5.1.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR code.cacert.org 5.3.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR proxyin.cacert.org 6.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR bugs.cacert.org -6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN NS ns1.cacert.org. -6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN NS ns2.cacert.org. -6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN NS ns3.cacert.org. -6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN NS ns4.cacert.org. -6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN NS ns5.cacert.org. -6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN SOA ns1.cacert.org hostmaster.cacert.org 2022102001 10800 3600 604800 3600 6.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR translingo.cacert.org 7.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR lists.cacert.org 7.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR cats.cacert.org From 17106f7c86851ec686e948ecf063d05f659e000d Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Sun, 30 Oct 2022 12:31:57 +0100 Subject: [PATCH 3/4] Fix forward and reverse entries - add missing AAAA records in cacert.org - add missing PTR records in IPv6 reverse zone - remove broken PTR records in IPv6 reverse zone - fix SPF records --- 6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa | 22 ++++++++++---- cacert.org | 49 ++++++++++++++++++++------------ 2 files changed, 47 insertions(+), 24 deletions(-) diff --git a/6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa b/6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa index 678cbe9..1d9ce81 100644 --- a/6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa +++ b/6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa @@ -10,42 +10,52 @@ $ORIGIN . 0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR hopper.cacert.org 0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR hopper.cacert.org -0.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR infrastructure.cacert.org +0.1.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR infra02.cacert.org 0.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR infra02.cacert.org +0.1.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR ingress03.cacert.org 0.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR community.cacert.org 0.5.2.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR git.cacert.org 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR fw.cacert.org 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR fw.cacert.org +1.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR infra03.cacert.org 1.0.2.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR proxyout.cacert.org 1.1.0.0.0.0.0.0.0.0.0.0.0.5.0.0.8.2.0.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR ping.cacert.org 1.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR ldap.cacert.org +1.1.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR mariadb.cacert.org 1.2.0.0.0.0.0.0.0.0.0.0.0.5.0.0.8.2.0.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR ping.cacert.org -1.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR mail.cacert.org -1.3.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR l10n.cacert.org 1.3.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR translations.cacert.org 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR fw01.cacert.org 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR fw01.cacert.org 2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR ns1.cacert.org +2.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR ns2.cacert.org 2.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR wiki.cacert.org -2.3.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR emailout.cacert.org +2.1.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR nextcloud.cacert.org 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR fw02.cacert.org 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR fw02.cacert.org 3.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR ocsp.cacert.org 3.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR blog.cacert.org +3.1.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR pgsql.cacert.org 4.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.3.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR crl.cacert.org 4.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR irc.cacert.org 4.3.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR board.cacert.org -4.3.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR cod.cacert.org 5.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR svn.cacert.org 5.1.0.0.0.0.0.0.0.0.0.0.3.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR code.cacert.org +5.1.1.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR jenkins.cacert.org 5.3.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR proxyin.cacert.org 6.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR bugs.cacert.org +6.1.1.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR webstatic.cacert.org 6.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR translingo.cacert.org +6.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR web.cacert.org 7.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR lists.cacert.org +7.1.1.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR motion.cacert.org 7.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR cats.cacert.org 8.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR monitor.cacert.org +8.1.1.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR webmail.cacert.org 8.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR issue.cacert.org +8.2.2.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR email.cacert.org 8.4.2.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR test.cacert.org -9.1.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR email.cacert.org +9.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR infra03.cacert.org 9.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR logging.cacert.org +9.3.2.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR emailout.cacert.org +9.4.1.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR test3.cacert.org 9.4.2.0.0.0.0.0.0.0.0.0.2.0.0.0.2.6.1.0.6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa 3600 IN PTR test2.cacert.org diff --git a/cacert.org b/cacert.org index 71c92cc..9065e6b 100644 --- a/cacert.org +++ b/cacert.org @@ -18,7 +18,8 @@ cacert.org 43200 IN NS ns2.cacert.org. cacert.org 43200 IN NS ns4.cacert.org. ; SPF and DKIM -cacert.org 43200 IN TXT "v=spf1 ip4:213.154.225.245 ip4:213.154.225.246 ip4:213.154.225.247 ip6:2001:7b8:3:9c::245 ip6:2001:7b8:3:9c::246 ip6:2001:7b8:3:9c::247" " ip4:213.154.225.228 ip6:2001:7b8:616:162:2::228 ip4:213.154.225.230 ip4:213.154.225.239 ip6:2001:7b8:616:162:2::239 -all" +; SPF allows www, secure, www1, email, infra02, emailout, ping +cacert.org 43200 IN TXT "v=spf1 ip4:213.154.225.245 ip4:213.154.225.246 ip4:213.154.225.247 ip6:2001:7b8:3:9c::245 ip6:2001:7b8:3:9c::246 ip6:2001:7b8:3:9c::247 ip4:213.154.225.228 ip6:2001:7b8:616:162:2::228 ip4:213.154.225.230 ip6:2001:7b8:616:162:1::10 ip4:213.154.225.239 ip6:2001:7b8:616:162:2::239 ip6:2001:7b8:616:28:50::11 -all" auto._domainkey.cacert.org 43200 IN TXT "v=DKIM1;g=*;k=rsa;t=y;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDNFxiNr+NHJwih3OPhGr4iwLE+BBDu72YrMSzUnU1FF50CW7iOtuhg796UZ6xrZ5VuhAix6YmmzcvF2UxYzoD/XpfZ4MzBu0ND4/nkt9/YOTyIBzwQqn9uMNve0Y76Zsel89dIJtOI+y+lfnFExV0jKwe53gzmxMVpMSSCcZPGwIDAQAB" mail._domainkey.cacert.org 43200 IN TXT "v=DKIM1;g=*;k=rsa;t=y;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOZV5h3rm18QRiNfNnwXadX8jeSC3zjpU7GFNTfZk1ifjLxrlVrSsfAvlVfFvR2/uQXegwEkiNV5bd57d989T+VVLZZbSv+OAXX4ZwihsLkf3huDszKtJTvsybqUNh97OE00THSyJCrcowFDcLv5IN2ULCOlMjTqbZxZuaNW0S6wIDAQAB" @@ -60,6 +61,7 @@ blog.cacert.org 43200 IN SSHFP 4 2 f24b770c16dcb91afc9461e62e6fe63a63d413efa4794 ; board OpenERP board.cacert.org 43200 IN A 213.154.225.252 +board.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::34 board.cacert.org 43200 IN SSHFP 1 1 f5c02a860a1cc07aeefbf802540680c7476bde6e board.cacert.org 43200 IN SSHFP 2 1 7b6eeb0ccdfb2e2cfe479e0aece36ff995fdd1f4 finance.cacert.org 43200 IN CNAME board.cacert.org. @@ -76,11 +78,12 @@ bugs.cacert.org 43200 IN SSHFP 3 2 152fc9f8d7d72979846757db7fa433bd3f6340cd0dceb bugs.cacert.org 43200 IN SSHFP 4 1 bb6b5f8599c3a93383392b80cc029a0d65ffc7f1 bugs.cacert.org 43200 IN SSHFP 4 2 caa52e4c5ddecc5ee144aa2b6965101961ff7e7518063b43908d133f1cdf6e15 -; Firewall virtual IP +; Firewall virtual IPv6 and IPv4 gateway address cacert-fw.cacert.org 43200 IN A 213.154.225.229 cacert-fw.cacert.org 43200 IN AAAA 2001:7b8:3:9c::4 -; Firewall 01 +; Firewall 01, reachable via dedicated jump hosts only +; IPv6 is wrong https://code.cacert.org/critical/dns-zones/issues/8 cacert-fw01.cacert.org 43200 IN A 213.154.225.253 cacert-fw01.cacert.org 43200 IN AAAA 2001:7b8:3:9c::5 cacert-fw01.cacert.org 43200 IN SSHFP 1 1 43a7c6105193d121a8b27f5cd1c59aae32a35c5a @@ -92,7 +95,8 @@ cacert-fw01.cacert.org 43200 IN SSHFP 3 2 dc9d37b1cd325175437e5836ed1691d594f5af cacert-fw01.cacert.org 43200 IN SSHFP 4 1 119d5aa477a8a8dc79334fc84a64d1f3ea3a3319 cacert-fw01.cacert.org 43200 IN SSHFP 4 2 60d46e0d94070064e48a0d9de5a30778f00fd9c2c23dedb5a674c5ec873e3cdc -; Firewall 02 +; Firewall 02, reachable via dedicated jump hosts only +; IPv6 is wrong https://code.cacert.org/critical/dns-zones/issues/8 cacert-fw02.cacert.org 43200 IN A 213.154.225.254 cacert-fw02.cacert.org 43200 IN AAAA 2001:7b8:3:9c::6 cacert-fw02.cacert.org 43200 IN SSHFP 1 1 43a7c6105193d121a8b27f5cd1c59aae32a35c5a @@ -106,6 +110,7 @@ cacert-fw02.cacert.org 43200 IN SSHFP 4 2 60d46e0d94070064e48a0d9de5a30778f00fd9 ; CAcert Assurer Training System cats.cacert.org 43200 IN A 213.154.225.243 +cats.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::27 cats.cacert.org 43200 IN SSHFP 1 1 d29d4cc4662d5cb5f42c02823ca8677f05439589 cats.cacert.org 43200 IN SSHFP 1 2 605af57ce0f1ecf8eeac5c71901f1434bf65c06fc0796b932d0f10f21ddf65fe cats.cacert.org 43200 IN SSHFP 2 1 0342eb1e7325eb90a1c0483de3d6597e36e569c8 @@ -150,6 +155,7 @@ emailout.cacert.org 43200 IN SSHFP 4 2 4ceb488ad17ea7c8db161fdf3357e273d2ea1fe5b ; git repository server git.cacert.org 43200 IN A 213.154.225.250 +git.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::250 git.cacert.org 43200 IN SSHFP 1 1 23c7622d6db5822c809152c1c0fd9ea7838f76c6 git.cacert.org 43200 IN SSHFP 1 2 dabbe1766c7933071c4e6942a1dfc72c26d9d867d8dee84beda210c8ef9ea2c5 git.cacert.org 43200 IN SSHFP 2 1 8509db491902fe10ab84c8f24b02f10c1adf0e7f @@ -160,6 +166,7 @@ git.cacert.org 43200 IN SSHFP 4 1 13d611007b43d073cf4d89784510398116623eb7 git.cacert.org 43200 IN SSHFP 4 2 40a61a25488fe01c056eaaff703ef0ff9c6b01bee00580a91b95741dfaa59751 ; hopper for critical systems +; need to clarify https://nextcloud.cacert.org/apps/deck/#/board/10/card/64 hopper.cacert.org 43200 IN A 213.136.19.144 hopper.cacert.org 43200 IN AAAA 2001:7b8:616:163::100 hopper.cacert.org 43200 IN SSHFP 1 1 0632f537b79c8c7216a56b5da37aadfca3ff2b0c @@ -170,15 +177,14 @@ hopper.cacert.org 43200 IN SSHFP 3 1 f450a0cb1816e519b3f03e9ea9c8a54a94955071 hopper.cacert.org 43200 IN SSHFP 3 2 cc1b07f5bc75760dbb98a5bc515bf9cf7f3559bff032d56ba37b32bc38031375 ; infrastructure host infra02 -infrastructure.cacert.org 43200 IN A 213.154.225.230 -infrastructure.cacert.org 43200 IN AAAA 2001:7b8:616:162:1::10 -infrastructure.cacert.org 43200 IN SSHFP 1 1 5a82d3c150af002c05784f73250a067053aeed63 -infrastructure.cacert.org 43200 IN SSHFP 1 2 63b0d74a3f1ce61865a5eb0497ef05243bc4067ec983c69ab8e62f3cb940cc82 -infrastructure.cacert.org 43200 IN SSHFP 2 1 af8d8e3386eaa72997709632adf2b457e6fef0dc -infrastructure.cacert.org 43200 IN SSHFP 2 2 3a0188fc47d1fdd14d70a2fb78f51792d06ba11eae6ab16e73cb7bb8dd6a0dc8 -infrastructure.cacert.org 43200 IN SSHFP 3 1 3e1b9ebf85b726cf831c76ecb8c17786aedf40e8 -infrastructure.cacert.org 43200 IN SSHFP 3 2 3ae7f0035c2172977e99bfe312c7a8299650dea16a975ea13eece8fda426062a -infra02.cacert.org 43200 IN CNAME infrastructure.cacert.org. +infra02.cacert.org 43200 IN A 213.154.225.230 +infra02.cacert.org 43200 IN AAAA 2001:7b8:616:162:1::10 +infra02.cacert.org 43200 IN SSHFP 1 1 5a82d3c150af002c05784f73250a067053aeed63 +infra02.cacert.org 43200 IN SSHFP 1 2 63b0d74a3f1ce61865a5eb0497ef05243bc4067ec983c69ab8e62f3cb940cc82 +infra02.cacert.org 43200 IN SSHFP 2 1 af8d8e3386eaa72997709632adf2b457e6fef0dc +infra02.cacert.org 43200 IN SSHFP 2 2 3a0188fc47d1fdd14d70a2fb78f51792d06ba11eae6ab16e73cb7bb8dd6a0dc8 +infra02.cacert.org 43200 IN SSHFP 3 1 3e1b9ebf85b726cf831c76ecb8c17786aedf40e8 +infra02.cacert.org 43200 IN SSHFP 3 2 3ae7f0035c2172977e99bfe312c7a8299650dea16a975ea13eece8fda426062a ; infrastructure host infra03 infra03.cacert.org 43200 IN A 213.154.225.249 @@ -214,11 +220,13 @@ irc.cacert.org 43200 IN SSHFP 4 2 68d44bc21d05550c8aab62163b9257c85b9bcf0a4cab1c ; support issue tracker issue.cacert.org 43200 IN A 213.154.225.244 +issue.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::28 issue.cacert.org 43200 IN SSHFP 1 1 3f55e52b51d142ef9d15eeaa9ca25b3aa30c7c6e issue.cacert.org 43200 IN SSHFP 2 1 fd9a5c79c4a9057b87ae8e639fd223b386af4bdb ; Jenkins CI/CD service jenkins.cacert.org 43200 IN A 213.154.225.242 +jenkins.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::115 jenkins.cacert.org 43200 IN SSHFP 1 1 2caebe197c0f1c25404890adfedabb371fb05650 jenkins.cacert.org 43200 IN SSHFP 1 2 6110a42530a5197ab1180417ee32b2eb581813ca773498177481b11d969bb529 jenkins.cacert.org 43200 IN SSHFP 2 1 4ce4eef515bdee033d68b92419f71679880b2fd5 @@ -230,10 +238,11 @@ jenkins.cacert.org 43200 IN SSHFP 4 2 db988ff234a4948bbcb1a61ff21c080efed4548251 ; mailing list service lists.cacert.org 43200 IN A 213.154.225.231 +lists.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::17 lists.cacert.org 43200 IN MX 10 email.cacert.org. lists.cacert.org 43200 IN SSHFP 1 1 87f75b9124326b566ed22dcf65a9740eede8f0ff lists.cacert.org 43200 IN SSHFP 2 1 8d79e68e731ed72667f3d286c477245df653083b -lists.cacert.org 43200 IN TXT "v=spf1 ip4:213.154.225.231 -all" +lists.cacert.org 43200 IN TXT "v=spf1 ip4:213.154.225.231 ip6:2001:7b8:616:162:2::17 -all" cert.lists.cacert.org 43200 IN CNAME lists.cacert.org. nocert.lists.cacert.org 43200 IN CNAME lists.cacert.org. @@ -263,7 +272,7 @@ monitor.cacert.org 43200 IN SSHFP 4 2 2f9ae80bcebb6efc432747246e12103add80f4d875 ; Board motion system motion.cacert.org 43200 IN A 213.154.225.241 -motion.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::35 +motion.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::117 motion.cacert.org 43200 IN SSHFP 2 2 53dedfd2c566011db80311528eba15fd000b0a5092ab1fc8104ca5804490cd18 motion.cacert.org 43200 IN SSHFP 3 1 6d4a9ec30f30aa0634b8879cded8ce884498e290 motion.cacert.org 43200 IN SSHFP 3 2 325ee301da21844adb8f12c0011b8d73709be8b2b9f375829224ac79c8fdfa6e @@ -288,8 +297,10 @@ ns1.cacert.org 43200 IN A 213.154.225.251 ns1.cacert.org 43200 IN AAAA 2001:7b8:616:163::102 ns2.cacert.org 43200 IN A 213.154.225.237 ns2.cacert.org 43200 IN AAAA 2001:7b8:616:163::202 +ns3.cacert.org 43200 IN A 46.249.47.169 +ns3.cacert.org 43200 IN AAAA 2001:19f0:4400:407d::1313 ns4.cacert.org 43200 IN A 45.77.40.159 -ns4.cacert.org 43200 IN AAAA 2001:19f0:4400:407d::1313 +ns4.cacert.org 43200 IN AAAA 2a00:1ca8:2a::31 ns5.cacert.org 43200 IN A 167.86.117.119 ns5.cacert.org 43200 IN AAAA 2a02:c207:3004:6195::1 @@ -307,7 +318,7 @@ pgsql.cacert.org 43200 IN SSHFP 4 1 a90a3d944b848ffda49b1c814b07d0a4368a6195 pgsql.cacert.org 43200 IN SSHFP 4 2 4319929ff7c2dd0edcc69d1fec2b8f660737dbd1ba8d49f719daddaceb4d08d1 ; email ping for users -; TODO: needs to be referenced in the SPF record for cacert.org +; needs to be referenced in the SPF record for cacert.org ping.cacert.org 43200 IN AAAA 2001:7b8:616:28:50::11 ; incoming proxy on infra02 @@ -408,6 +419,7 @@ l10n.cacert.org 43200 IN CNAME translations.cacert.org. ; community web site hosting web.cacert.org 43200 IN A 213.154.225.242 +web.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::26 web.cacert.org 43200 IN SSHFP 1 1 85f5338d90930200cbbfce1aab56988b4c8f0f22 web.cacert.org 43200 IN SSHFP 1 2 d39cbd51588f322f7b4384274cf0166f25b10f54a6cd153ed7251ff30b5b516e web.cacert.org 43200 IN SSHFP 2 1 906f0c17bb0e233b0f52ce33cfe64038d45ac4f2 @@ -420,7 +432,7 @@ codedocs.cacert.org 43200 IN CNAME web.cacert.org. funding.cacert.org 43200 IN CNAME web.cacert.org. infradocs.cacert.org 43200 IN CNAME web.cacert.org. -; community webmail +; community webmail -- vm-community on infra02 webmail.cacert.org 43200 IN A 213.154.225.239 webmail.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::118 webmail.cacert.org 43200 IN SSHFP 1 1 b56a68f3c30c5d5b7854c615cb0f20b6807c7aef @@ -432,6 +444,7 @@ webmail.cacert.org 43200 IN SSHFP 4 2 4411a6a0820eb811474bcd71e82f00c007030b79bf ; static websites webstatic.cacert.org 43200 IN A 213.154.225.242 +webstatic.cacert.org 43200 IN AAAA 2001:7b8:616:162:2::116 webstatic.cacert.org 43200 IN SSHFP 1 1 30897a7a984d8350495946d54c6374e9331237ef webstatic.cacert.org 43200 IN SSHFP 1 2 32bb10c5cf48532d077066e012230058ddf3cce731c561f228e310eb7a546e3f webstatic.cacert.org 43200 IN SSHFP 2 1 868361a51ec60607bfd964d0f8f3e4ee5e803fc6 From 992d534697cab53d5a9e00b75ca2a18356dc9f4e Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Tue, 2 May 2023 20:10:20 +0200 Subject: [PATCH 4/4] Tighten SPF record PowerDNS cuts TXT records at 255 chars (https://doc.powerdns.com/authoritative/appendices/types.html#txt). This commit reduces the size by using mx and a SPF policy entries. --- cacert.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cacert.org b/cacert.org index 9065e6b..7f76a7a 100644 --- a/cacert.org +++ b/cacert.org @@ -19,7 +19,7 @@ cacert.org 43200 IN NS ns4.cacert.org. ; SPF and DKIM ; SPF allows www, secure, www1, email, infra02, emailout, ping -cacert.org 43200 IN TXT "v=spf1 ip4:213.154.225.245 ip4:213.154.225.246 ip4:213.154.225.247 ip6:2001:7b8:3:9c::245 ip6:2001:7b8:3:9c::246 ip6:2001:7b8:3:9c::247 ip4:213.154.225.228 ip6:2001:7b8:616:162:2::228 ip4:213.154.225.230 ip6:2001:7b8:616:162:1::10 ip4:213.154.225.239 ip6:2001:7b8:616:162:2::239 ip6:2001:7b8:616:28:50::11 -all" +cacert.org 43200 IN TXT "v=spf1 a mx a:emailout.cacert.org a:secure.cacert.org a:www1.cacert.org ip4:213.154.225.230 ip6:2001:7b8:616:162:1::10 ip6:2001:7b8:616:28:50::11 -all" auto._domainkey.cacert.org 43200 IN TXT "v=DKIM1;g=*;k=rsa;t=y;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDNFxiNr+NHJwih3OPhGr4iwLE+BBDu72YrMSzUnU1FF50CW7iOtuhg796UZ6xrZ5VuhAix6YmmzcvF2UxYzoD/XpfZ4MzBu0ND4/nkt9/YOTyIBzwQqn9uMNve0Y76Zsel89dIJtOI+y+lfnFExV0jKwe53gzmxMVpMSSCcZPGwIDAQAB" mail._domainkey.cacert.org 43200 IN TXT "v=DKIM1;g=*;k=rsa;t=y;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOZV5h3rm18QRiNfNnwXadX8jeSC3zjpU7GFNTfZk1ifjLxrlVrSsfAvlVfFvR2/uQXegwEkiNV5bd57d989T+VVLZZbSv+OAXX4ZwihsLkf3huDszKtJTvsybqUNh97OE00THSyJCrcowFDcLv5IN2ULCOlMjTqbZxZuaNW0S6wIDAQAB"