knilsson/dns-zones
1
0
Fork 0
forked from critical/dns-zones
Code Pull requests Activity
78 commits 2 branches 2 tags 248 KiB
Commit graph

55 commits

Author SHA1 Message Date
Dirk Astrath
8eb1b378c9 Sort SSHFP for hopper.cacert.org 2022-07-16 13:38:16 +00:00
Dirk Astrath
cd11540381 Convert cacert.org to PowerDNS format 2022-07-16 13:36:23 +00:00
dirk@cacert.org
c42b123843 Added webmail and infra03 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2751 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2020-06-13 21:26:01 +00:00
dirk@cacert.org
76d9ba641d Added IPv6 and updated SSHFP for blog/wiki 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2749 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2020-05-10 19:06:41 +00:00
wytze@deboca.net
e09bf3160b Update records for email.cacert.org and emailout.cacert.org per e-mal request from Jan Dittberner on 06.08.2019. 
Break up very long TXT record for spf1 in two parts to avoid hitting the 255 chars limit.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2736 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2019-08-06 14:06:38 +00:00
wytze@deboca.net
95293b329d Apply changes for infrastructure systems per e-mail request from Jan Dittberner on 03.08.2019. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2735 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2019-08-04 07:45:46 +00:00
wytze@deboca.net
ef022f1e09 Add A and SSHFP records for test3.cacert.org per e-mail request from Jan Dittberner on 01.11.2018. 
Re-enable IPv6 for ns3.cacert.org.
Add CNAME records for secure.test3.cacert,org and www.test3.cacert.org.
Shorten TLSA records (i.e. use 2 1 1 rather than 2 0 0).
Add extra SSHFP records for test.cacert.org and test2.cacert.org.
Drop ns4.cacert.org secondary server.
Add fingerprints for new CAcert root certificates.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2727 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2019-06-06 09:21:07 +00:00
wytze@deboca.net
8e9ff22085 Add CNAME for codedocs.cacert.org per e-mail request from Jan Dittberner on 27.10.2018 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2720 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2018-10-27 07:32:37 +00:00
wytze@deboca.net
76cdf889a6 Turn off TSIG for mars.overmeer.net because this server has been upgraded to OpenSUSE 15.0. 
The bind 9.11.2 contained in that release appears to be incompatible with respect to TSIG
handling with our NSD 4.1.12. Note that bind 9,9 and bind 9.10 work just fine ...
Upgrade nsd to new release: 4.1.23.
Update IPv6 address for hopper.cacert.org.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2714 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2018-07-30 08:18:46 +00:00
wytze@deboca.net
660fb8dff6 Update CAA record to contain a valid mailto: URL. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2705 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2018-05-02 13:15:58 +00:00
wytze@deboca.net
c669cccd54 Add IPv6 address for translations.cacert.org per e-mail request from Jan Dittberner on 15.04.2018. 
Add IPv6 address for bugs.cacert.org per e-mail request from Jan Dittberrner on 06.04.2018.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2702 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2018-04-17 07:20:48 +00:00
wytze@deboca.net
d21b8189a8 Add IPv6 address for bugs.cacert.org per e-mail request from Jan Dittberrner on 06.04.2018. 
Add AAAA and update SSHFP records for irc per e-mail request from Jan Dittberner on 03.04.2018.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2699 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2018-04-07 07:17:12 +00:00
wytze@deboca.net
20dc5d300d Add A record for proxyout per e-mail from Jan Dittbernet of 25.02.2018. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2697 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2018-02-26 11:17:17 +00:00
wytze@deboca.net
396ec2467c Zone updates up to 25 February 2018. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2695 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2018-02-25 09:45:00 +00:00
wytze@deboca.net
c2227d5a9d Upgrade to new release: 4.1.12. 
Set TTL for SOA to 1 hour, and SOA expire time to 7 days, per web recommendations.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2685 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2017-05-28 09:06:26 +00:00
wytze@deboca.net
4ca51d05f8 Update SSHFP records for hopper after migration to OpenSUSE 13.2. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2670 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2016-08-04 09:22:58 +00:00
wytze@deboca.net
ccbc0a84ca Upgrade OpenDNSSEC software to version 2.0.0-1. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2658 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2016-07-16 15:35:41 +00:00
wytze@deboca.net
ec8644b28d Add additional SSHFP records for git.cacert.org. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2656 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2016-07-15 10:34:27 +00:00
wytze@deboca.net
bcd0f029ba Add CNAME for infradocs.cacert,org pointing to webstatic.cacert.org, per e-mail request 
from Jan Dittberner on 05.05.2016.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2653 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2016-05-06 09:48:00 +00:00
wytze@deboca.net
cd5e89e784 Build and install the ldns example tools, so we can use the ldns-dane tool. 
Update SSHFP records for cats.cacert.org.
Add RRs for policy.cacert.org.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2630 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2015-12-16 16:51:27 +00:00
wytze@deboca.net
5dafcb4700 ODS-NOTES: Update instructions for key rollover. 
keylist: Status on 20151026 after KSK key rollover, submitting new DS hashes and issuing
     ods-ksmutil key ds-seen for the ready KSK's. The new KSK goes from ready to active,
     the old KSK from active to retire. Note that cacert.community still needs to be done.
cacert.*: Disable IPv6 address for ns3, because this host is currently lacking IPv6 connectivity.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2619 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2015-10-31 14:55:19 +00:00
wytze@deboca.net
0de4c64b93 Update SSHFP records for cacert-fw01 and cacert-fw02 after upgrading firewall OS to OpenBSD 5.7. 
Add RRs with fingerprints for CAcert root certificates (generated by cacert-fingerprints-to-dns).
Clean up fingerprints by dropping internal colons.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2601 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2015-05-29 07:53:00 +00:00
wytze@deboca.net
9c0e9a6848 Add A and SSHFP records for jenkins.cacert.org per e-mail request from Jan Dittberner. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2598 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2015-02-05 08:05:22 +00:00
wytze@deboca.net
462ded1819 Update SSHFP records for emailout per e-mail from Jan Dittberner on 02.02.2015. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2597 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2015-02-03 08:15:36 +00:00
wytze@deboca.net
cbaf82b142 Update SSHFP records for cacert-fw01 and cacert-fw02 after upgrading firewall OS to OpenBSD 5.6. 
Update IPv4 address for openppm.cacert.org per e-mail from Benedikt Heintel 08.01.2015.
Add A and SSHFP records for web, funding, webstatic per e-mail request from Jan Dittberner.
See also https://bugs.cacert.org/view.php?id=1363 for details about the shared IP setup.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2592 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2015-01-28 14:52:53 +00:00
wytze@deboca.net
3a45494988 Update IPv4 and IPv6 addresses for ns4.cacert.org aka ns-ext.nlnetlabs.nl. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2582 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2014-09-19 09:02:26 +00:00
wytze@deboca.net
0a3250a333 Add A record for hopper. 
Add additional SSHFP records for hopper.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2580 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2014-09-02 13:32:42 +00:00
wytze@deboca.net
acc6312310 Add IPv6 support for OCSP service. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2575 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2014-08-24 09:16:47 +00:00
wytze@deboca.net
bada7a02c3 Add IPv6 address for crl.cacert.org. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2574 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2014-08-12 07:12:40 +00:00
wytze@deboca.net
f773d5fa50 Add TLSA record for www.cacert.org and secure.cacert.org. 
This supports effective use of the DNSSEC/TLSA Validator browser plugin
available from CZ.NIC Labs.
The records have been created with https://www.huque.com/bin/gen_tlsa
using these parameters:
  certificate usage: DANE-TA (2) trust anchor
  selector:          full cert (0)
  matching type:     exact match (0)
  certificate:       https://www.cacert.org/certs/root.der


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2570 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2014-07-22 09:45:16 +00:00
wytze@deboca.net
12f67876e4 Update INSTALL script for boxbackup client. 
Drop A records for audit.cacert.org and dev.cacert.org (no longer existing) and
add A record for openppm.cacert.org, per e-mail request from Benedik Heintel on
June 1, 2014.
Add resource records for critmon.cacert.org.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2560 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2014-06-10 13:07:29 +00:00
wytze@deboca.net
5e86a71ef5 Add experimental AAAA record for ocsp-ipv6.cacert.org. 
Add some missing SSHFP records for infrastructure.cacert.org.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2559 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2014-05-30 15:37:28 +00:00
wytze@deboca.net
4c2106515c Add two CNAME records per e-mail request from Mario Lipinski on 23.02.2014. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2548 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2014-02-23 20:44:27 +00:00
wytze@deboca.net
d417978a99 Add SSHFP records for infrastructure hosts. 
Reorganize layout for better readability and maintainability.
Remove SSHFP records for monitor.cacert.org, because they are illegal: monitor is a CNAME.
Add CNAME records for www.test.cacert.org and www.test2.cacert.org.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2543 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2014-02-08 12:24:03 +00:00
wytze@deboca.net
be584cdb5e Add PTR records for the full infra and critical networks. 
Add four new infrastructure systems.
Put the "real" infrastructure systems in a /80 subnet to simplify firewall rules.
Correct network addresses in comments.
Name changes per e-mail request from Mario Lipinski on 05.02.2014.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2542 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2014-02-06 13:51:52 +00:00
wytze@deboca.net
0bb876704e Upgrade nsd to new release: 3.2.17. 
Add PTR record for ns1.cacert.org in 2001:07b8:616.ip6 zone.
Drop dummy PTR record from 2001:07b8:616.ip6 zone.
Add AAAA record for ns1.cacert.org. to cacert.org zone.
Configure nsd for external access over IPv6.
Expand firewall script to support IPv6.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2534 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2014-01-27 16:27:37 +00:00
wytze@deboca.net
3234773ffd Add A record for eu.cacert.org (which is actually cacert.eu), 
to show that the IPv4 address in our range is taken.
Add IPv6 address, SSHFP and PTR records for hopper.cacert.org.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2533 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2014-01-26 09:27:38 +00:00
wytze@deboca.net
7935fda852 Drop wwwmail (mail name for www server) from the DNS. 
Add new zone 224-27.225.154.213.in-addr.arpa (reverse IPv4 of cacert.org).


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2531 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2013-12-26 11:45:34 +00:00
wytze@deboca.net
f01c9a7ad7 Zone file updates. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2528 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2013-12-17 16:42:44 +00:00
wytze@deboca.net
208362da77 Update TXT spf1 record for blog.cacert.org. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2527 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2013-11-27 16:40:02 +00:00
wytze@deboca.net
d720f4cb4b Synchronize with real server. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2519 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2013-10-26 20:06:40 +00:00
wytze@deboca.net
d66f23b210 Update A and AAAA records for ns3 after server migration of mars.overmeer.net. 
Drop obsolete name 'hlin' from the cacert.org zone.
Drop wwwdb and securedb entries which were added for testing new web server.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2503 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2013-06-01 09:16:53 +00:00
wytze@deboca.net
9da4b0b01b Drop nameserver ns2 because it will be taken out of service soon. 
A corresponding change has already been made in the GKG.NET registry.
Drop newsys.gun.de secondary nameserver for cacert.{org,net,com} because it
will be taken out of service soon, and drop its TSIG key as well.
Add temporary experimental A and AAAA records for wwwdb and securedb,
as part of the migration of CAcert's main webserver to new hardware.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2482 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2013-03-17 10:24:21 +00:00
wytze@deboca.net
458788978e Update SPF record for lists.cacert.org because it appears that this host is now 
sending mail directly instead of via the cacert.org mail host, as a result of
the recent Tunix firewall changes.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2390 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2012-06-12 15:09:08 +00:00
wytze@deboca.net
8cf45a34bd Also add IPv6 address for cacert.org itself. 
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2388 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2012-06-07 08:57:43 +00:00
wytze@deboca.net
8fee8bffc4 Add IPv6 addresses for {www,secure,tverify}.cacert.org in preparation for 
World IPv6 Launch on 6 June 2012.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2386 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2012-06-04 09:59:01 +00:00
wytze@deboca.net
16bbfbae33 Add A records for infrastructure.cacert.org and monitor.cacert.org, both pointing 
to 213.154.225.230, per e-mail request from Mario Lipinski on May 23, 2012.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2384 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2012-05-23 09:27:20 +00:00
wytze@deboca.net
a519fee7de Remove A records for cod.cacert.org and translingo.cacert.org per e-mail request 
from Mario Lipinski on 20.05.2012.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2383 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2012-05-21 08:44:10 +00:00
wytze@deboca.net
aeb3bc5df4 Reduce SOA expiration timer from 1 week to 2 days, in order to comply with a 
recommendation made in RFC 4641bis: the SOA expiration timer should be between
1/4th and 1/3rd of the size of the signature validity period (1 week at CAcert).


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2370 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2012-04-17 07:10:49 +00:00
wytze@deboca.net
f11071c031 Drop CNAME records for stamp and timestamp, since this service hasn't been 
supported anymore for years, and has also been removed from the Apache2
webserver configuration on the CAcert webdb server.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2365 14b1bab8-4ef6-0310-b690-991c95c89dfd
 2012-04-04 15:49:41 +00:00