Commit graph

123 commits

Author SHA1 Message Date
7c02d092f1 Merge pull request 'Allow letsencrypt certificates for cacert.org' (#10) from letsencrypt-for-code-cacert-org into main
Reviewed-on: critical/dns-zones#10
2023-06-21 19:39:13 +00:00
af50047a26 Merge pull request 'Add records for OpenID connect infrastructure' (#11) from oidc-records into main
Reviewed-on: critical/dns-zones#11
2023-06-21 19:38:56 +00:00
701db6bb50 Merge pull request 'Fix reverse DNS for infra02' (#12) from fix-infra02-ptr into main
Reviewed-on: critical/dns-zones#12
2023-06-21 19:38:41 +00:00
4ca0ff5e41 Fix reverse DNS for infra02 2023-06-14 19:14:49 +02:00
7986084a40 Add letsencrypt as allowed CA for cacert.org zone 2023-06-14 18:45:40 +02:00
7e0d88f8bf Order records for code.cacert.org by type 2023-06-14 14:55:22 +02:00
03b01fff79 Allow letsencrypt certificates for code.cacert.org 2023-06-14 10:39:23 +02:00
0bbd5741b1 Add IPv6 PTR records 2023-05-26 18:17:27 +02:00
b6fec8ad4b Add OIDC demo application container 2023-05-26 18:12:26 +02:00
565c2881b0 Add appregistration and idp records
Add records for appregistration.cacert.org and idp.cacert.org that are
meant to be used for the IDP (Identity Provider) and application
registration parts of the OpenID Connect/OAuth2 setup.
2023-05-26 18:12:26 +02:00
d79167a436 Add authserver records 2023-05-26 18:12:26 +02:00
ee97f88832 Merge pull request 'clean-cacert-org-zones' (#9) from clean-cacert-org-zone into main
Reviewed-on: critical/dns-zones#9
2023-05-26 15:18:22 +00:00
992d534697 Tighten SPF record
PowerDNS cuts TXT records at 255 chars
(https://doc.powerdns.com/authoritative/appendices/types.html#txt). This
commit reduces the size by using mx and a SPF policy entries.
2023-05-02 20:10:20 +02:00
17106f7c86 Fix forward and reverse entries
- add missing AAAA records in cacert.org
- add missing PTR records in IPv6 reverse zone
- remove broken PTR records in IPv6 reverse zone
- fix SPF records
2023-01-28 13:10:51 +01:00
1f976e4d65 Sort reverse DNS zones 2023-01-28 13:10:51 +01:00
302a6d26f5 Sort and clean zone cacert.org 2023-01-28 13:10:51 +01:00
b1891e9a5b Merge pull request 'Fix warnings from pdnsutil check-all-zones' (#6) from fix-pdnsutil-check-zone-warnings into main
Reviewed-on: critical/dns-zones#6
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2022-11-26 10:26:21 +00:00
87e24a3b41 Merge branch 'main' into fix-pdnsutil-check-zone-warnings 2022-11-26 09:46:28 +00:00
a3a661bfe2 Merge pull request 'Remove services that are not available anymore' (#7) from remove-dead-services into main
Reviewed-on: critical/dns-zones#7
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2022-11-26 09:46:13 +00:00
7744e78659 Remove services that are not available anymore 2022-10-29 19:45:19 +02:00
50d3959257 Fix warnings from pdnsutil check-all-zones 2022-10-29 18:41:33 +02:00
1d6b970a6a Merge pull request 'add-secondary-ns-support' (#5) from add-secondary-ns-support into main
Reviewed-on: critical/dns-zones#5
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2022-10-25 14:18:14 +00:00
2c896a85ac Add support for secondary nameservers
Fixes #4
2022-10-23 13:52:05 +02:00
5f7fb5235d Remove the import_zone script
This commit removes the older import_zone script to avoid accidential
usage.
2022-10-23 13:34:01 +02:00
3698bb4e53 Add README.md with usage documentation 2022-10-23 13:33:43 +02:00
f70ee9f182 Merge pull request 'Add AAAA RR for cacert.com and cacert.net' (#3) from add-missing-aaaa-records into main
Reviewed-on: critical/dns-zones#3
2022-10-23 10:08:20 +00:00
d3de6eb830 Add AAAA RR for cacert.com and cacert.net 2022-10-23 11:57:46 +02:00
91a49d40dc manual import from ns1.cacert.org 2022-10-23 10:41:58 +02:00
11b092beb0 Use git branch -D for reference_branch
This commit allows the use of a reference_branch that is not merged into
the current working directory.

Imports have been sorted by isort
2022-10-23 08:02:52 +00:00
424bd7954f Use sendmail instead of SMTP
- remove the SMTP requirement to be able to work with /usr/lib/sendmail
  instead
- use f-strings where appropriate to improve readability
- use text-parameter to subprocess.run to avoid extra decode calls
2022-10-23 08:02:52 +00:00
d93300732b Implement update-zones.py to update zones from git
- ignore temporary files and Python bytecode
- add update-zones.py
2022-10-23 08:02:52 +00:00
f70a11c863 Fix warnings from pdnsutil check-zone
This commit removes explicit DNSKEY entries and invalid names from the
cacert.org zone.
2022-09-17 10:04:38 +02:00
976a391df2 Use delegated 224-27.225.154.213.in-addr.arpa zone 2022-09-16 10:12:12 +02:00
1b231b8fb5 Add import_zone script from NS2
Signed-off-by: Jan Dittberner <jandd@cacert.org>
2022-09-15 17:11:31 +02:00
143cc348cb Remove ns3, and ocsp1 from cacert.org.
Signed-off-by: Jan Dittberner <jandd@cacert.org>
2022-09-11 09:58:21 +02:00
076d4d1466 Update ns1 A and AAAA records for cacert.{com,net,org} 2022-07-16 15:20:10 +00:00
8d1f2e0117 Update from ns2.cacert.org 2022-07-16 15:13:22 +00:00
8f11930cf1 Switch crl.cacert.org back to critical, add crl_egal 2022-07-16 14:26:05 +00:00
7f3670760f Add ping.cacert.org AAAA, remove webdb.cacert.org 2022-07-16 14:24:11 +00:00
6cbd6f92a6 Add AAAA record for webdb.cacert.org 2022-07-16 13:53:51 +00:00
6b9aa5cced Change AAAA record of crl.cacert.org 2022-07-16 13:48:30 +00:00
690dffbaac Update crl servers for cacert.org
- add crl2
- move crl to external address
2022-07-16 13:46:46 +00:00
493baa3a57 Update cacert.org AAAA records for ns1 and ns2 2022-07-16 13:42:54 +00:00
4659cac454 Add code.cacert.org and pgsql.cacert.org 2022-07-16 13:41:27 +00:00
f7b19773ff Update cacert.org NS records 2022-07-16 13:40:02 +00:00
8eb1b378c9 Sort SSHFP for hopper.cacert.org 2022-07-16 13:38:16 +00:00
cd11540381 Convert cacert.org to PowerDNS format 2022-07-16 13:36:23 +00:00
11f67755b2 Change cacert.net AAAA for ns1 and ns2 2022-07-16 13:33:23 +00:00
0961327761 Change NS records for cacert.net 2022-07-16 13:31:40 +00:00
ff17ba99ce Convert cacert.net for PowerDNS
- change zone syntax to absolute names
- add ns2, ns4, ns5
2022-07-16 13:29:22 +00:00