Commit graph

104 commits

Author SHA1 Message Date
a3a661bfe2 Merge pull request 'Remove services that are not available anymore' (#7) from remove-dead-services into main
Reviewed-on: critical/dns-zones#7
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2022-11-26 09:46:13 +00:00
7744e78659 Remove services that are not available anymore 2022-10-29 19:45:19 +02:00
1d6b970a6a Merge pull request 'add-secondary-ns-support' (#5) from add-secondary-ns-support into main
Reviewed-on: critical/dns-zones#5
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2022-10-25 14:18:14 +00:00
2c896a85ac Add support for secondary nameservers
Fixes #4
2022-10-23 13:52:05 +02:00
5f7fb5235d Remove the import_zone script
This commit removes the older import_zone script to avoid accidential
usage.
2022-10-23 13:34:01 +02:00
3698bb4e53 Add README.md with usage documentation 2022-10-23 13:33:43 +02:00
f70ee9f182 Merge pull request 'Add AAAA RR for cacert.com and cacert.net' (#3) from add-missing-aaaa-records into main
Reviewed-on: critical/dns-zones#3
2022-10-23 10:08:20 +00:00
d3de6eb830 Add AAAA RR for cacert.com and cacert.net 2022-10-23 11:57:46 +02:00
91a49d40dc manual import from ns1.cacert.org 2022-10-23 10:41:58 +02:00
11b092beb0 Use git branch -D for reference_branch
This commit allows the use of a reference_branch that is not merged into
the current working directory.

Imports have been sorted by isort
2022-10-23 08:02:52 +00:00
424bd7954f Use sendmail instead of SMTP
- remove the SMTP requirement to be able to work with /usr/lib/sendmail
  instead
- use f-strings where appropriate to improve readability
- use text-parameter to subprocess.run to avoid extra decode calls
2022-10-23 08:02:52 +00:00
d93300732b Implement update-zones.py to update zones from git
- ignore temporary files and Python bytecode
- add update-zones.py
2022-10-23 08:02:52 +00:00
f70a11c863 Fix warnings from pdnsutil check-zone
This commit removes explicit DNSKEY entries and invalid names from the
cacert.org zone.
2022-09-17 10:04:38 +02:00
976a391df2 Use delegated 224-27.225.154.213.in-addr.arpa zone 2022-09-16 10:12:12 +02:00
1b231b8fb5 Add import_zone script from NS2
Signed-off-by: Jan Dittberner <jandd@cacert.org>
2022-09-15 17:11:31 +02:00
143cc348cb Remove ns3, and ocsp1 from cacert.org.
Signed-off-by: Jan Dittberner <jandd@cacert.org>
2022-09-11 09:58:21 +02:00
076d4d1466 Update ns1 A and AAAA records for cacert.{com,net,org} 2022-07-16 15:20:10 +00:00
8d1f2e0117 Update from ns2.cacert.org 2022-07-16 15:13:22 +00:00
8f11930cf1 Switch crl.cacert.org back to critical, add crl_egal 2022-07-16 14:26:05 +00:00
7f3670760f Add ping.cacert.org AAAA, remove webdb.cacert.org 2022-07-16 14:24:11 +00:00
6cbd6f92a6 Add AAAA record for webdb.cacert.org 2022-07-16 13:53:51 +00:00
6b9aa5cced Change AAAA record of crl.cacert.org 2022-07-16 13:48:30 +00:00
690dffbaac Update crl servers for cacert.org
- add crl2
- move crl to external address
2022-07-16 13:46:46 +00:00
493baa3a57 Update cacert.org AAAA records for ns1 and ns2 2022-07-16 13:42:54 +00:00
4659cac454 Add code.cacert.org and pgsql.cacert.org 2022-07-16 13:41:27 +00:00
f7b19773ff Update cacert.org NS records 2022-07-16 13:40:02 +00:00
8eb1b378c9 Sort SSHFP for hopper.cacert.org 2022-07-16 13:38:16 +00:00
cd11540381 Convert cacert.org to PowerDNS format 2022-07-16 13:36:23 +00:00
11f67755b2 Change cacert.net AAAA for ns1 and ns2 2022-07-16 13:33:23 +00:00
0961327761 Change NS records for cacert.net 2022-07-16 13:31:40 +00:00
ff17ba99ce Convert cacert.net for PowerDNS
- change zone syntax to absolute names
- add ns2, ns4, ns5
2022-07-16 13:29:22 +00:00
10c93e9cbb Remove cacert.community 2022-07-16 13:26:19 +00:00
99fcbe3e5f Change ns1/ns2 AAAA records for cacert.com 2022-07-16 13:24:40 +00:00
5ff4fa0ad6 Update cacert.com NS records 2022-07-16 13:19:28 +00:00
0da00703d6 Remove DNSSEC records from cacert.com, adapt NS records 2022-07-16 13:13:54 +00:00
fb36036ba8 Import nsd zone for cacert.com 2022-07-16 13:11:48 +00:00
91fbc3f21c Re-order IPv6 reverse DNS records 2022-07-16 13:04:21 +00:00
7742926d51 Add IPv6 PTR records for www.cacert.org 2022-07-16 12:59:52 +00:00
a0aa862a32 Bump IPv6 reverse SOA serial 2022-07-16 12:58:16 +00:00
886b2a1f3c Switch IPv6 reverse zone to PowerDNS syntax 2022-07-16 14:55:30 +02:00
dce203320e Update IPv4 reverse zone 2022-07-16 14:49:50 +02:00
72e71adb89 Add reverse zones from ns2
- use the correct names that will make the delegation from BIT work
2022-07-16 14:44:36 +02:00
0e0fd05c0e Remove obsolete files
- log files can be replaced by git history
- mk-tlsa-recs is not required for PowerDNS operation
2022-07-16 12:43:46 +02:00
dirk@cacert.org
c42b123843 Added webmail and infra03
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2751 14b1bab8-4ef6-0310-b690-991c95c89dfd
2020-06-13 21:26:01 +00:00
dirk@cacert.org
76d9ba641d Added IPv6 and updated SSHFP for blog/wiki
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2749 14b1bab8-4ef6-0310-b690-991c95c89dfd
2020-05-10 19:06:41 +00:00
wytze@deboca.net
1129b6e7c3 Disable ns-ext.nlnetlabs.nl for cacert.{org,com,net}.
Disable sns-pba.dm1.sns.isc.org for cacert.{com,net}.
Drop all records for ns5.cacert.{com,net} since ISC will be ending the
secondary name service on January 31, 2020.
Note: ns5.cacert.org should be dropped as well before January 31, 2020.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2741 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-10-19 15:20:32 +00:00
wytze@deboca.net
e09bf3160b Update records for email.cacert.org and emailout.cacert.org per e-mal request from Jan Dittberner on 06.08.2019.
Break up very long TXT record for spf1 in two parts to avoid hitting the 255 chars limit.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2736 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-08-06 14:06:38 +00:00
wytze@deboca.net
95293b329d Apply changes for infrastructure systems per e-mail request from Jan Dittberner on 03.08.2019.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2735 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-08-04 07:45:46 +00:00
wytze@deboca.net
e4637553b6 Updates for mk-tlsa-recs script:
- use ldns-dane from /usr/bin (parametrized)
- only generate TLSA records for symlink'ed certificates
- generate both domain and trust anchor TLSA records


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2728 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-06-06 09:22:44 +00:00
wytze@deboca.net
ef022f1e09 Add A and SSHFP records for test3.cacert.org per e-mail request from Jan Dittberner on 01.11.2018.
Re-enable IPv6 for ns3.cacert.org.
Add CNAME records for secure.test3.cacert,org and www.test3.cacert.org.
Shorten TLSA records (i.e. use 2 1 1 rather than 2 0 0).
Add extra SSHFP records for test.cacert.org and test2.cacert.org.
Drop ns4.cacert.org secondary server.
Add fingerprints for new CAcert root certificates.


git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2727 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-06-06 09:21:07 +00:00