Commit graph

88 commits

Author SHA1 Message Date
076d4d1466 Update ns1 A and AAAA records for cacert.{com,net,org} 2022-07-16 15:20:10 +00:00
8d1f2e0117 Update from ns2.cacert.org 2022-07-16 15:13:22 +00:00
8f11930cf1 Switch crl.cacert.org back to critical, add crl_egal 2022-07-16 14:26:05 +00:00
7f3670760f Add ping.cacert.org AAAA, remove webdb.cacert.org 2022-07-16 14:24:11 +00:00
6cbd6f92a6 Add AAAA record for webdb.cacert.org 2022-07-16 13:53:51 +00:00
6b9aa5cced Change AAAA record of crl.cacert.org 2022-07-16 13:48:30 +00:00
690dffbaac Update crl servers for cacert.org
- add crl2
- move crl to external address
2022-07-16 13:46:46 +00:00
493baa3a57 Update cacert.org AAAA records for ns1 and ns2 2022-07-16 13:42:54 +00:00
4659cac454 Add code.cacert.org and pgsql.cacert.org 2022-07-16 13:41:27 +00:00
f7b19773ff Update cacert.org NS records 2022-07-16 13:40:02 +00:00
8eb1b378c9 Sort SSHFP for hopper.cacert.org 2022-07-16 13:38:16 +00:00
cd11540381 Convert cacert.org to PowerDNS format 2022-07-16 13:36:23 +00:00
11f67755b2 Change cacert.net AAAA for ns1 and ns2 2022-07-16 13:33:23 +00:00
0961327761 Change NS records for cacert.net 2022-07-16 13:31:40 +00:00
ff17ba99ce Convert cacert.net for PowerDNS
- change zone syntax to absolute names
- add ns2, ns4, ns5
2022-07-16 13:29:22 +00:00
10c93e9cbb Remove cacert.community 2022-07-16 13:26:19 +00:00
99fcbe3e5f Change ns1/ns2 AAAA records for cacert.com 2022-07-16 13:24:40 +00:00
5ff4fa0ad6 Update cacert.com NS records 2022-07-16 13:19:28 +00:00
0da00703d6 Remove DNSSEC records from cacert.com, adapt NS records 2022-07-16 13:13:54 +00:00
fb36036ba8 Import nsd zone for cacert.com 2022-07-16 13:11:48 +00:00
91fbc3f21c Re-order IPv6 reverse DNS records 2022-07-16 13:04:21 +00:00
7742926d51 Add IPv6 PTR records for www.cacert.org 2022-07-16 12:59:52 +00:00
a0aa862a32 Bump IPv6 reverse SOA serial 2022-07-16 12:58:16 +00:00
886b2a1f3c Switch IPv6 reverse zone to PowerDNS syntax 2022-07-16 14:55:30 +02:00
dce203320e Update IPv4 reverse zone 2022-07-16 14:49:50 +02:00
72e71adb89 Add reverse zones from ns2
- use the correct names that will make the delegation from BIT work
2022-07-16 14:44:36 +02:00
0e0fd05c0e Remove obsolete files
- log files can be replaced by git history
- mk-tlsa-recs is not required for PowerDNS operation
2022-07-16 12:43:46 +02:00
dirk@cacert.org
c42b123843 Added webmail and infra03
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2751 14b1bab8-4ef6-0310-b690-991c95c89dfd
2020-06-13 21:26:01 +00:00
dirk@cacert.org
76d9ba641d Added IPv6 and updated SSHFP for blog/wiki
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2749 14b1bab8-4ef6-0310-b690-991c95c89dfd
2020-05-10 19:06:41 +00:00
wytze@deboca.net
1129b6e7c3 Disable ns-ext.nlnetlabs.nl for cacert.{org,com,net}.
Disable sns-pba.dm1.sns.isc.org for cacert.{com,net}.
Drop all records for ns5.cacert.{com,net} since ISC will be ending the
secondary name service on January 31, 2020.
Note: ns5.cacert.org should be dropped as well before January 31, 2020.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2741 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-10-19 15:20:32 +00:00
wytze@deboca.net
e09bf3160b Update records for email.cacert.org and emailout.cacert.org per e-mal request from Jan Dittberner on 06.08.2019.
Break up very long TXT record for spf1 in two parts to avoid hitting the 255 chars limit.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2736 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-08-06 14:06:38 +00:00
wytze@deboca.net
95293b329d Apply changes for infrastructure systems per e-mail request from Jan Dittberner on 03.08.2019.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2735 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-08-04 07:45:46 +00:00
wytze@deboca.net
e4637553b6 Updates for mk-tlsa-recs script:
- use ldns-dane from /usr/bin (parametrized)
- only generate TLSA records for symlink'ed certificates
- generate both domain and trust anchor TLSA records


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2728 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-06-06 09:22:44 +00:00
wytze@deboca.net
ef022f1e09 Add A and SSHFP records for test3.cacert.org per e-mail request from Jan Dittberner on 01.11.2018.
Re-enable IPv6 for ns3.cacert.org.
Add CNAME records for secure.test3.cacert,org and www.test3.cacert.org.
Shorten TLSA records (i.e. use 2 1 1 rather than 2 0 0).
Add extra SSHFP records for test.cacert.org and test2.cacert.org.
Drop ns4.cacert.org secondary server.
Add fingerprints for new CAcert root certificates.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2727 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-06-06 09:21:07 +00:00
wytze@deboca.net
af9fc0a42c Drop ns4.cacert.com/ns4.cacert.net secondary server.
Re-enable IPv6 address for ns3.cacert.com and ns.cacert.net..


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2726 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-06-06 09:18:43 +00:00
wytze@deboca.net
8e9ff22085 Add CNAME for codedocs.cacert.org per e-mail request from Jan Dittberner on 27.10.2018
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2720 14b1bab8-4ef6-0310-b690-991c95c89dfd
2018-10-27 07:32:37 +00:00
wytze@deboca.net
76cdf889a6 Turn off TSIG for mars.overmeer.net because this server has been upgraded to OpenSUSE 15.0.
The bind 9.11.2 contained in that release appears to be incompatible with respect to TSIG
handling with our NSD 4.1.12. Note that bind 9,9 and bind 9.10 work just fine ...
Upgrade nsd to new release: 4.1.23.
Update IPv6 address for hopper.cacert.org.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2714 14b1bab8-4ef6-0310-b690-991c95c89dfd
2018-07-30 08:18:46 +00:00
wytze@deboca.net
660fb8dff6 Update CAA record to contain a valid mailto: URL.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2705 14b1bab8-4ef6-0310-b690-991c95c89dfd
2018-05-02 13:15:58 +00:00
wytze@deboca.net
c669cccd54 Add IPv6 address for translations.cacert.org per e-mail request from Jan Dittberner on 15.04.2018.
Add IPv6 address for bugs.cacert.org per e-mail request from Jan Dittberrner on 06.04.2018.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2702 14b1bab8-4ef6-0310-b690-991c95c89dfd
2018-04-17 07:20:48 +00:00
wytze@deboca.net
d21b8189a8 Add IPv6 address for bugs.cacert.org per e-mail request from Jan Dittberrner on 06.04.2018.
Add AAAA and update SSHFP records for irc per e-mail request from Jan Dittberner on 03.04.2018.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2699 14b1bab8-4ef6-0310-b690-991c95c89dfd
2018-04-07 07:17:12 +00:00
wytze@deboca.net
20dc5d300d Add A record for proxyout per e-mail from Jan Dittbernet of 25.02.2018.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2697 14b1bab8-4ef6-0310-b690-991c95c89dfd
2018-02-26 11:17:17 +00:00
wytze@deboca.net
396ec2467c Zone updates up to 25 February 2018.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2695 14b1bab8-4ef6-0310-b690-991c95c89dfd
2018-02-25 09:45:00 +00:00
wytze@deboca.net
c2227d5a9d Upgrade to new release: 4.1.12.
Set TTL for SOA to 1 hour, and SOA expire time to 7 days, per web recommendations.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2685 14b1bab8-4ef6-0310-b690-991c95c89dfd
2017-05-28 09:06:26 +00:00
wytze@deboca.net
4ca51d05f8 Update SSHFP records for hopper after migration to OpenSUSE 13.2.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2670 14b1bab8-4ef6-0310-b690-991c95c89dfd
2016-08-04 09:22:58 +00:00
wytze@deboca.net
ccbc0a84ca Upgrade OpenDNSSEC software to version 2.0.0-1.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2658 14b1bab8-4ef6-0310-b690-991c95c89dfd
2016-07-16 15:35:41 +00:00
wytze@deboca.net
ec8644b28d Add additional SSHFP records for git.cacert.org.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2656 14b1bab8-4ef6-0310-b690-991c95c89dfd
2016-07-15 10:34:27 +00:00
wytze@deboca.net
bcd0f029ba Add CNAME for infradocs.cacert,org pointing to webstatic.cacert.org, per e-mail request
from Jan Dittberner on 05.05.2016.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2653 14b1bab8-4ef6-0310-b690-991c95c89dfd
2016-05-06 09:48:00 +00:00
wytze@deboca.net
12fb5c2d9c Add script to generate TLSA records for domains found in the certs subdirectory.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2632 14b1bab8-4ef6-0310-b690-991c95c89dfd
2015-12-16 16:55:43 +00:00
wytze@deboca.net
cd5e89e784 Build and install the ldns example tools, so we can use the ldns-dane tool.
Update SSHFP records for cats.cacert.org.
Add RRs for policy.cacert.org.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2630 14b1bab8-4ef6-0310-b690-991c95c89dfd
2015-12-16 16:51:27 +00:00
wytze@deboca.net
5dafcb4700 ODS-NOTES: Update instructions for key rollover.
keylist: Status on 20151026 after KSK key rollover, submitting new DS hashes and issuing
     ods-ksmutil key ds-seen for the ready KSK's. The new KSK goes from ready to active,
     the old KSK from active to retire. Note that cacert.community still needs to be done.
cacert.*: Disable IPv6 address for ns3, because this host is currently lacking IPv6 connectivity.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2619 14b1bab8-4ef6-0310-b690-991c95c89dfd
2015-10-31 14:55:19 +00:00