a3a661bfe2
Merge pull request 'Remove services that are not available anymore' ( #7 ) from remove-dead-services into main
...
Reviewed-on: critical/dns-zones#7
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2022-11-26 09:46:13 +00:00
7744e78659
Remove services that are not available anymore
2022-10-29 19:45:19 +02:00
1d6b970a6a
Merge pull request 'add-secondary-ns-support' ( #5 ) from add-secondary-ns-support into main
...
Reviewed-on: critical/dns-zones#5
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2022-10-25 14:18:14 +00:00
2c896a85ac
Add support for secondary nameservers
...
Fixes #4
2022-10-23 13:52:05 +02:00
5f7fb5235d
Remove the import_zone script
...
This commit removes the older import_zone script to avoid accidential
usage.
2022-10-23 13:34:01 +02:00
3698bb4e53
Add README.md with usage documentation
2022-10-23 13:33:43 +02:00
f70ee9f182
Merge pull request 'Add AAAA RR for cacert.com and cacert.net' ( #3 ) from add-missing-aaaa-records into main
...
Reviewed-on: critical/dns-zones#3
2022-10-23 10:08:20 +00:00
d3de6eb830
Add AAAA RR for cacert.com and cacert.net
2022-10-23 11:57:46 +02:00
91a49d40dc
manual import from ns1.cacert.org
2022-10-23 10:41:58 +02:00
11b092beb0
Use git branch -D for reference_branch
...
This commit allows the use of a reference_branch that is not merged into
the current working directory.
Imports have been sorted by isort
2022-10-23 08:02:52 +00:00
424bd7954f
Use sendmail instead of SMTP
...
- remove the SMTP requirement to be able to work with /usr/lib/sendmail
instead
- use f-strings where appropriate to improve readability
- use text-parameter to subprocess.run to avoid extra decode calls
2022-10-23 08:02:52 +00:00
d93300732b
Implement update-zones.py to update zones from git
...
- ignore temporary files and Python bytecode
- add update-zones.py
2022-10-23 08:02:52 +00:00
f70a11c863
Fix warnings from pdnsutil check-zone
...
This commit removes explicit DNSKEY entries and invalid names from the
cacert.org zone.
2022-09-17 10:04:38 +02:00
976a391df2
Use delegated 224-27.225.154.213.in-addr.arpa zone
2022-09-16 10:12:12 +02:00
1b231b8fb5
Add import_zone script from NS2
...
Signed-off-by: Jan Dittberner <jandd@cacert.org>
2022-09-15 17:11:31 +02:00
143cc348cb
Remove ns3, and ocsp1 from cacert.org.
...
Signed-off-by: Jan Dittberner <jandd@cacert.org>
2022-09-11 09:58:21 +02:00
076d4d1466
Update ns1 A and AAAA records for cacert.{com,net,org}
2022-07-16 15:20:10 +00:00
8d1f2e0117
Update from ns2.cacert.org
2022-07-16 15:13:22 +00:00
8f11930cf1
Switch crl.cacert.org back to critical, add crl_egal
2022-07-16 14:26:05 +00:00
7f3670760f
Add ping.cacert.org AAAA, remove webdb.cacert.org
2022-07-16 14:24:11 +00:00
6cbd6f92a6
Add AAAA record for webdb.cacert.org
2022-07-16 13:53:51 +00:00
6b9aa5cced
Change AAAA record of crl.cacert.org
2022-07-16 13:48:30 +00:00
690dffbaac
Update crl servers for cacert.org
...
- add crl2
- move crl to external address
2022-07-16 13:46:46 +00:00
493baa3a57
Update cacert.org AAAA records for ns1 and ns2
2022-07-16 13:42:54 +00:00
4659cac454
Add code.cacert.org and pgsql.cacert.org
2022-07-16 13:41:27 +00:00
f7b19773ff
Update cacert.org NS records
2022-07-16 13:40:02 +00:00
8eb1b378c9
Sort SSHFP for hopper.cacert.org
2022-07-16 13:38:16 +00:00
cd11540381
Convert cacert.org to PowerDNS format
2022-07-16 13:36:23 +00:00
11f67755b2
Change cacert.net AAAA for ns1 and ns2
2022-07-16 13:33:23 +00:00
0961327761
Change NS records for cacert.net
2022-07-16 13:31:40 +00:00
ff17ba99ce
Convert cacert.net for PowerDNS
...
- change zone syntax to absolute names
- add ns2, ns4, ns5
2022-07-16 13:29:22 +00:00
10c93e9cbb
Remove cacert.community
2022-07-16 13:26:19 +00:00
99fcbe3e5f
Change ns1/ns2 AAAA records for cacert.com
2022-07-16 13:24:40 +00:00
5ff4fa0ad6
Update cacert.com NS records
2022-07-16 13:19:28 +00:00
0da00703d6
Remove DNSSEC records from cacert.com, adapt NS records
2022-07-16 13:13:54 +00:00
fb36036ba8
Import nsd zone for cacert.com
2022-07-16 13:11:48 +00:00
91fbc3f21c
Re-order IPv6 reverse DNS records
2022-07-16 13:04:21 +00:00
7742926d51
Add IPv6 PTR records for www.cacert.org
2022-07-16 12:59:52 +00:00
a0aa862a32
Bump IPv6 reverse SOA serial
2022-07-16 12:58:16 +00:00
886b2a1f3c
Switch IPv6 reverse zone to PowerDNS syntax
2022-07-16 14:55:30 +02:00
dce203320e
Update IPv4 reverse zone
2022-07-16 14:49:50 +02:00
72e71adb89
Add reverse zones from ns2
...
- use the correct names that will make the delegation from BIT work
2022-07-16 14:44:36 +02:00
0e0fd05c0e
Remove obsolete files
...
- log files can be replaced by git history
- mk-tlsa-recs is not required for PowerDNS operation
2022-07-16 12:43:46 +02:00
dirk@cacert.org
c42b123843
Added webmail and infra03
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2751 14b1bab8-4ef6-0310-b690-991c95c89dfd
2020-06-13 21:26:01 +00:00
dirk@cacert.org
76d9ba641d
Added IPv6 and updated SSHFP for blog/wiki
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2749 14b1bab8-4ef6-0310-b690-991c95c89dfd
2020-05-10 19:06:41 +00:00
wytze@deboca.net
1129b6e7c3
Disable ns-ext.nlnetlabs.nl for cacert.{org,com,net}.
...
Disable sns-pba.dm1.sns.isc.org for cacert.{com,net}.
Drop all records for ns5.cacert.{com,net} since ISC will be ending the
secondary name service on January 31, 2020.
Note: ns5.cacert.org should be dropped as well before January 31, 2020.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2741 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-10-19 15:20:32 +00:00
wytze@deboca.net
e09bf3160b
Update records for email.cacert.org and emailout.cacert.org per e-mal request from Jan Dittberner on 06.08.2019.
...
Break up very long TXT record for spf1 in two parts to avoid hitting the 255 chars limit.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2736 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-08-06 14:06:38 +00:00
wytze@deboca.net
95293b329d
Apply changes for infrastructure systems per e-mail request from Jan Dittberner on 03.08.2019.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2735 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-08-04 07:45:46 +00:00
wytze@deboca.net
e4637553b6
Updates for mk-tlsa-recs script:
...
- use ldns-dane from /usr/bin (parametrized)
- only generate TLSA records for symlink'ed certificates
- generate both domain and trust anchor TLSA records
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2728 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-06-06 09:22:44 +00:00
wytze@deboca.net
ef022f1e09
Add A and SSHFP records for test3.cacert.org per e-mail request from Jan Dittberner on 01.11.2018.
...
Re-enable IPv6 for ns3.cacert.org.
Add CNAME records for secure.test3.cacert,org and www.test3.cacert.org.
Shorten TLSA records (i.e. use 2 1 1 rather than 2 0 0).
Add extra SSHFP records for test.cacert.org and test2.cacert.org.
Drop ns4.cacert.org secondary server.
Add fingerprints for new CAcert root certificates.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2727 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-06-06 09:21:07 +00:00