diff --git a/cacert.org b/cacert.org index 585ee17..c3cb574 100644 --- a/cacert.org +++ b/cacert.org @@ -1,10 +1,10 @@ ; DNS master zone file for cacert.org, under RCS control -; @(#)(CAcert) $Id: cacert.org,v 1.117 2018/10/27 07:13:44 root Exp $ +; @(#)(CAcert) $Id: cacert.org,v 1.123 2019/06/06 08:40:23 root Exp $ $TTL 12h ; default TTL for zone data @ 1h IN SOA ns1.cacert.org. hostmaster.cacert.org. ( - 2018102701 ; Serial + 2019060601 ; Serial 4h ; refresh time 1h ; retry interval 7d ; expire time @@ -12,7 +12,6 @@ $TTL 12h ; default TTL for zone data @ IN NS ns1.cacert.org. @ IN NS ns3.cacert.org. -@ IN NS ns4.cacert.org. @ IN NS ns5.cacert.org. @ IN A 213.154.225.245 @@ -201,10 +200,7 @@ ns1 IN A 213.154.225.251 ; ns.cacert.org ns1 IN AAAA 2001:7b8:616:0163::102 ns3 IN A 46.249.47.169 ; mars.overmeer.net -;; ns3 IN AAAA 2a00:1ca8:2a::31 - -ns4 IN A 185.49.140.62 ; ns-ext.nlnetlabs.nl -ns4 IN AAAA 2a04:b900::8:0:0:62 +ns3 IN AAAA 2a00:1ca8:2a::31 ns5 IN A 192.5.4.1 ; sns-pb.isc.org ns5 IN AAAA 2001:500:2e::1 @@ -229,7 +225,7 @@ pgpkeys IN CNAME infrastructure.cacert.org. secure IN A 213.154.225.246 secure IN AAAA 2001:7b8:3:9c::246 -_443._tcp.secure IN TLSA 2 0 0 3082073d30820525a003020102020100300d06092a864886f70d010104050030793110300e060355040a1307526f6f74204341311e301c060355040b1315687474703a2f2f7777772e6361636572742e6f7267312230200603550403131943412043657274205369676e696e6720417574686f726974793121301f06092a864886f70d0109011612737570706f7274406361636572742e6f7267301e170d3033303333303132323934395a170d3333303332393132323934395a30793110300e060355040a1307526f6f74204341311e301c060355040b1315687474703a2f2f7777772e6361636572742e6f7267312230200603550403131943412043657274205369676e696e6720417574686f726974793121301f06092a864886f70d0109011612737570706f7274406361636572742e6f726730820222300d06092a864886f70d01010105000382020f003082020a0282020100ce22c0e2467dec3628075096f2a033408c4bf13b663f31e56b0236dbd67cf6f1888f4e7736054195f909f012cf46867360b76e7ee8c05864aecdb0ad45170c63fa670ae8d6d2bf3ee798c4f04cfae003bb355d6c21de9e20d9bacd66323772faf708f5c7cd58c98ee70e5eea3efe1ca1140a156c86845b64662a7aa94b5379f588a27bee2f0a612b8db27e4d56a513eceada929eac44411e5860650566f8c044bdcb94f7427e0bf76568985105f0f30591041d1b1782ecc857bbc36b7a88f1b072cc255b2091ec1602128f32e9171848d0c7052e023042b8259c056b3faa3aa7eb5348f7e8d2b60798dc1bc6347f7fc91c827a05582b085bf338a2ab175d66c998d79e108ba2d2dd749af7710c7260dfcd6f98339d9634763e247a92b00e951e6fe6a0453847aad741ed4ab712f6d71b838a0f2ed809b659d7aa04ffd2937d682edd8b4bab58ba2f8dea95a7a0c35489a5fbdb8b51229db2c3be11be2c91868b9678ad20d38a2f1a3fc6d051658721b11901657f451c87f57cd0414c4f299821fd331f750c0451fa1977dbd4141cee81c31df598b769069122dd0050cc8131ac12077b38da685be62bd47ec95fade8eb724cf301e54b20bf9aa657ca9100018ba1752137b5630d673e464f702067cec5d659db02e0f0d2cbcdba62b79041e8dd20e429bc642942c822dc789aff43ec981b09514b5a5ac271f1c4cb73a9e5a10b0203010001a38201ce308201ca301d0603551d0e0416041416b5321bd4c7f3e0e68ef3bdd2b03aeeb23918d13081a30603551d2304819b308198801416b5321bd4c7f3e0e68ef3bdd2b03aeeb23918d1a17da47b30793110300e060355040a1307526f6f74204341311e301c060355040b1315687474703a2f2f7777772e6361636572742e6f7267312230200603550403131943412043657274205369676e696e6720417574686f726974793121301f06092a864886f70d0109011612737570706f7274406361636572742e6f7267820100300f0603551d130101ff040530030101ff30320603551d1f042b30293027a025a023862168747470733a2f2f7777772e6361636572742e6f72672f7265766f6b652e63726c303006096086480186f84201040423162168747470733a2f2f7777772e6361636572742e6f72672f7265766f6b652e63726c303406096086480186f842010804271625687474703a2f2f7777772e6361636572742e6f72672f696e6465782e7068703f69643d3130305606096086480186f842010d04491647546f2067657420796f7572206f776e20636572746966696361746520666f7220465245452068656164206f76657220746f20687474703a2f2f7777772e6361636572742e6f7267300d06092a864886f70d0101040500038202010028c7ee9c8202ba5c8012ca350a1d816f896a99ccf2680f7fa7e18d58953ebdf206c3905aacb560f6994301a388709c9d629da487af67580d30363be6ad48d3cb740286713ee22b0368f1346240463b53ea28f4acfb6695538a4d5dfd3bd960d7ca79693bb16592a6c681825c9ccdeb4d018aa5df1155aa15ca1f37c082987061db6a7c96a38e2e543e4f21a990efdc82bfdce845ad4d9073083c9465b00499767fe2bcc26a15aa97043724d81e944e6d0e51bed6c48fca966df743dfe83065273b7bbb434363c443f7b2ec68cce1198e22fb98e17b5a3e01373b8b08b0a2f3954e1acb9bcd9ab1dbb270f02d4adbd8b0e36f45483312fffe3c322a54f7c4f78af08823c247fe647a71c0d11ea663b0077ea42fd3018fdc9f2bb6c608a90f934825fc12fd9f42dcf3c43ef657b0d7dd69d10677340a4bd2caa0ff1cc68cc916bec4cc323768735f08fb51f7495336050a95024cf2791a10f6d83a759cf31df1a20d7067861bb316f52fe5a4eb7986f93d0bc2730ba599ac6ffc67b8e52f0ba618248d7bd14835291840ac9360e1968650b47a59d88f210b9fcf8291c63bbf6bdc0791b9975623aab66c94c648063ce4ce4eaae4f62f09dc536f2efc74eb3a6399c2a6ac89bca7b244a00d8a10e36cf224cbfa9b9f70472ede148bd4b2200996a264f1241cdca1359c15b2d4bc552e7d06f59c0e55f45ad693da76ad25734cc543 +_443._tcp.secure IN TLSA 2 1 1 6f2851409d710504a35115abcb9a6dd3f2577ec937c9ef1938926fa82fd6ff5d svn IN A 213.154.225.238 svn IN AAAA 2001:7b8:616:162:2::15 @@ -246,16 +242,36 @@ nocert.svn IN CNAME svn.cacert.org. test IN A 213.154.225.248 test IN SSHFP 1 1 11bcb0ab4d1fd39547426d9527b88afb8ff85209 +test IN SSHFP 1 2 e7022da53893a72d85f0bffdec46db6c1cc09bd8c612d0db2bb5648185f67225 test IN SSHFP 2 1 3414c17e5ae898b2f5db7b3ddf9e34c2f5e816ac +test IN SSHFP 2 2 2be417b26bea266516a8ab5ec322d515e8ddffb8f1be0671d2d2af05032fc218 +test IN SSHFP 3 1 eb64aefef0c8544bdebf15f71c6651e90b454ad0 +test IN SSHFP 3 2 988ec0793d7339e1216694351a8dd3830027cf2a86120cbc78f14689826ccb39 secure.test IN CNAME test.cacert.org. cats.test IN CNAME test.cacert.org. mgr.test IN CNAME test.cacert.org. www.test IN CNAME test.cacert.org. test2 IN A 213.154.225.249 +test2 IN SSHFP 1 1 6cf47397afd468336dc07a27f7fc00797693fe12 +test2 IN SSHFP 1 2 c008e67b906af92df0c9cf30a1c5df998d2b47cb518698fb2974193c07ce7f40 +test2 IN SSHFP 2 1 666df52c894aafa85fb3a890077bc29046df9b96 +test2 IN SSHFP 2 2 e5794cff631facb7c294cc6727a5335e15bd39041df3e73e3440db3a995ea43a secure.test2 IN CNAME test2.cacert.org. www.test2 IN CNAME test2.cacert.org. +test3 IN A 213.154.225.248 +secure.test3 IN CNAME test3.cacert.org. +www.test3 IN CNAME test3.cacert.org. +test3 IN SSHFP 1 1 39fd3b77396529f83e095ff09c59994c47d9e0d3 +test3 IN SSHFP 1 2 680fe134289e79678f7eaa5689fdce3db5efed9f6ebefd5bcfadce04a96475c1 +test3 IN SSHFP 2 1 70f5730c127bd701fc5c4baba329e93346a975c1 +test3 IN SSHFP 2 2 364252b906aec15a00994620d5c90c0f692a41cbc8c6f3bfc229149511209328 +test3 IN SSHFP 3 1 e4d81b532dc90ebb6d087ae732ce016b87945ebd +test3 IN SSHFP 3 2 71b5aedcc999e6ffc0f90eeb9254c8771ddaa6a4981cf55e8e2228f6bdee64ce +test3 IN SSHFP 4 1 50b22453f5c8d845895bacccbc1fc325d033f65d +test3 IN SSHFP 4 2 a928b84465769480d70dfc5ecd3af2e4cdb192ee11d1cffc4f31ea1fbed09d41 + translations IN A 213.154.225.240 translations IN AAAA 2001:7b8:616:162:2::31 translations IN SSHFP 1 1 1128972fb54f927477a781718e2f9c114e9ca383 @@ -297,10 +313,19 @@ wiki IN SSHFP 2 1 04f7ab767579f004cc3ab2cc42a4ccaa24e51154 www IN A 213.154.225.245 www IN AAAA 2001:7b8:3:9c::245 -_443._tcp.www IN TLSA 2 0 0 3082073d30820525a003020102020100300d06092a864886f70d010104050030793110300e060355040a1307526f6f74204341311e301c060355040b1315687474703a2f2f7777772e6361636572742e6f7267312230200603550403131943412043657274205369676e696e6720417574686f726974793121301f06092a864886f70d0109011612737570706f7274406361636572742e6f7267301e170d3033303333303132323934395a170d3333303332393132323934395a30793110300e060355040a1307526f6f74204341311e301c060355040b1315687474703a2f2f7777772e6361636572742e6f7267312230200603550403131943412043657274205369676e696e6720417574686f726974793121301f06092a864886f70d0109011612737570706f7274406361636572742e6f726730820222300d06092a864886f70d01010105000382020f003082020a0282020100ce22c0e2467dec3628075096f2a033408c4bf13b663f31e56b0236dbd67cf6f1888f4e7736054195f909f012cf46867360b76e7ee8c05864aecdb0ad45170c63fa670ae8d6d2bf3ee798c4f04cfae003bb355d6c21de9e20d9bacd66323772faf708f5c7cd58c98ee70e5eea3efe1ca1140a156c86845b64662a7aa94b5379f588a27bee2f0a612b8db27e4d56a513eceada929eac44411e5860650566f8c044bdcb94f7427e0bf76568985105f0f30591041d1b1782ecc857bbc36b7a88f1b072cc255b2091ec1602128f32e9171848d0c7052e023042b8259c056b3faa3aa7eb5348f7e8d2b60798dc1bc6347f7fc91c827a05582b085bf338a2ab175d66c998d79e108ba2d2dd749af7710c7260dfcd6f98339d9634763e247a92b00e951e6fe6a0453847aad741ed4ab712f6d71b838a0f2ed809b659d7aa04ffd2937d682edd8b4bab58ba2f8dea95a7a0c35489a5fbdb8b51229db2c3be11be2c91868b9678ad20d38a2f1a3fc6d051658721b11901657f451c87f57cd0414c4f299821fd331f750c0451fa1977dbd4141cee81c31df598b769069122dd0050cc8131ac12077b38da685be62bd47ec95fade8eb724cf301e54b20bf9aa657ca9100018ba1752137b5630d673e464f702067cec5d659db02e0f0d2cbcdba62b79041e8dd20e429bc642942c822dc789aff43ec981b09514b5a5ac271f1c4cb73a9e5a10b0203010001a38201ce308201ca301d0603551d0e0416041416b5321bd4c7f3e0e68ef3bdd2b03aeeb23918d13081a30603551d2304819b308198801416b5321bd4c7f3e0e68ef3bdd2b03aeeb23918d1a17da47b30793110300e060355040a1307526f6f74204341311e301c060355040b1315687474703a2f2f7777772e6361636572742e6f7267312230200603550403131943412043657274205369676e696e6720417574686f726974793121301f06092a864886f70d0109011612737570706f7274406361636572742e6f7267820100300f0603551d130101ff040530030101ff30320603551d1f042b30293027a025a023862168747470733a2f2f7777772e6361636572742e6f72672f7265766f6b652e63726c303006096086480186f84201040423162168747470733a2f2f7777772e6361636572742e6f72672f7265766f6b652e63726c303406096086480186f842010804271625687474703a2f2f7777772e6361636572742e6f72672f696e6465782e7068703f69643d3130305606096086480186f842010d04491647546f2067657420796f7572206f776e20636572746966696361746520666f7220465245452068656164206f76657220746f20687474703a2f2f7777772e6361636572742e6f7267300d06092a864886f70d0101040500038202010028c7ee9c8202ba5c8012ca350a1d816f896a99ccf2680f7fa7e18d58953ebdf206c3905aacb560f6994301a388709c9d629da487af67580d30363be6ad48d3cb740286713ee22b0368f1346240463b53ea28f4acfb6695538a4d5dfd3bd960d7ca79693bb16592a6c681825c9ccdeb4d018aa5df1155aa15ca1f37c082987061db6a7c96a38e2e543e4f21a990efdc82bfdce845ad4d9073083c9465b00499767fe2bcc26a15aa97043724d81e944e6d0e51bed6c48fca966df743dfe83065273b7bbb434363c443f7b2ec68cce1198e22fb98e17b5a3e01373b8b08b0a2f3954e1acb9bcd9ab1dbb270f02d4adbd8b0e36f45483312fffe3c322a54f7c4f78af08823c247fe647a71c0d11ea663b0077ea42fd3018fdc9f2bb6c608a90f934825fc12fd9f42dcf3c43ef657b0d7dd69d10677340a4bd2caa0ff1cc68cc916bec4cc323768735f08fb51f7495336050a95024cf2791a10f6d83a759cf31df1a20d7067861bb316f52fe5a4eb7986f93d0bc2730ba599ac6ffc67b8e52f0ba618248d7bd14835291840ac9360e1968650b47a59d88f210b9fcf8291c63bbf6bdc0791b9975623aab66c94c648063ce4ce4eaae4f62f09dc536f2efc74eb3a6399c2a6ac89bca7b244a00d8a10e36cf224cbfa9b9f70472ede148bd4b2200996a264f1241cdca1359c15b2d4bc552e7d06f59c0e55f45ad693da76ad25734cc543 +_443._tcp.www IN TLSA 2 1 1 6f2851409d710504a35115abcb9a6dd3f2577ec937c9ef1938926fa82fd6ff5d ; fingerprints for CAcert root certificates (generated by cacert-fingerprints-to-dns) -_certs.g1._fp IN TXT "root class3" +_certs.g1._fp IN TXT "root_X0F class3_X0E" +_url.root_X0F.g1._fp IN TXT "http://www.cacert.org/certs/root_X0F.crt" +_md5.root_X0F.g1._fp IN TXT "8AE61B1AF7679A9095A7E9E02DFF1FF3" +_sha1.root_X0F.g1._fp IN TXT "DDFCDA541E7577ADDCA87E8827A98A50603252A5" +_sha256.root_X0F.g1._fp IN TXT "07EDBD824A4988CFEF4215DA20D48C2B41D71529D7C900F570926F277CC230C5" +_url.class3_X0E.g1._fp IN TXT "http://www.cacert.org/certs/class3_X0E.crt" +_md5.class3_X0E.g1._fp IN TXT "2CFA3FF9F44A0A6D3F577EA8A82315BE" +_sha1.class3_X0E.g1._fp IN TXT "A7C48FBE6B026DBD0EC1B465B88DD813EE1DEFA0" +_sha256.class3_X0E.g1._fp IN TXT "F6873D70D67596C2ACBA34401E69738B52701DD6AB06B49749BC55150936D544" +_oldcerts.g1._fp IN TXT "root class3" _url.root.g1._fp IN TXT "http://www.cacert.org/certs/root.crt" _md5.root.g1._fp IN TXT "A61B375E390D9C3654EEBD2031461F6B" _sha1.root.g1._fp IN TXT "135CEC36F49CB8E93B1AB270CD80884676CE8F33" diff --git a/cacert.org.log b/cacert.org.log index 740d54e..9b21b67 100644 --- a/cacert.org.log +++ b/cacert.org.log @@ -1,16 +1,41 @@ RCS file: /var/opendnssec/unsigned/RCS/cacert.org,v Working file: /var/opendnssec/unsigned/cacert.org -head: 1.117 +head: 1.123 branch: locks: strict access list: symbolic names: keyword substitution: kv -total revisions: 117; selected revisions: 117 +total revisions: 123; selected revisions: 123 description: cacert.org - zone file for cacert.org ---------------------------- +revision 1.123 +date: 2019/06/06 08:40:23; author: root; state: Exp; lines: +12 -7 +Drop ns4.cacert.org secondary server. +Add fingerprints for new CAcert root certificates. +---------------------------- +revision 1.122 +date: 2019/04/30 10:26:34; author: root; state: Exp; lines: +10 -2 +Add extra SSHFP records for test.cacert.org and test2.cacert.org. +---------------------------- +revision 1.121 +date: 2019/04/02 15:41:31; author: root; state: Exp; lines: +4 -4 +Shorten TLSA records (i.e. use 2 1 1 rather than 2 0 0). +---------------------------- +revision 1.120 +date: 2018/11/21 09:33:19; author: root; state: Exp; lines: +4 -2 +Add CNAME records for secure.test3.cacert,org and www.test3.cacert.org. +---------------------------- +revision 1.119 +date: 2018/11/17 10:49:57; author: root; state: Exp; lines: +3 -3 +Re-enable IPv6 for ns3.cacert.org. +---------------------------- +revision 1.118 +date: 2018/11/01 16:36:38; author: root; state: Exp; lines: +12 -2 +Add A and SSHFP records for test3.cacert.org per e-mail request from Jan Dittberner on 01.11.2018. +---------------------------- revision 1.117 date: 2018/10/27 07:13:44; author: root; state: Exp; lines: +4 -2 Add CNAME for codedocs.cacert.org per e-mail request from Jan Dittberner on 27.10.2018.