Jan Dittberner
ad84697c8a
Merge pull request 'lists-upgrade' ( #13 ) from lists-upgrade into main
...
Reviewed-on: critical/dns-zones#13
Reviewed-by: Dirk Astrath <dirk@cacert.org>
1 year ago
Jan Dittberner
e3411f74eb
Update lists host keys
...
The lists system has been rebuilt on a new Debian 11 host with new host
keys.
1 year ago
Jan Dittberner
9cb7ac6da6
Update infra02 SSH host keys
...
- remove DSA key
- add ED25519 key
1 year ago
Jan Dittberner
7c02d092f1
Merge pull request 'Allow letsencrypt certificates for cacert.org' ( #10 ) from letsencrypt-for-code-cacert-org into main
...
Reviewed-on: critical/dns-zones#10
1 year ago
Jan Dittberner
7986084a40
Add letsencrypt as allowed CA for cacert.org zone
1 year ago
Jan Dittberner
7e0d88f8bf
Order records for code.cacert.org by type
1 year ago
Jan Dittberner
03b01fff79
Allow letsencrypt certificates for code.cacert.org
1 year ago
Jan Dittberner
b6fec8ad4b
Add OIDC demo application container
1 year ago
Jan Dittberner
565c2881b0
Add appregistration and idp records
...
Add records for appregistration.cacert.org and idp.cacert.org that are
meant to be used for the IDP (Identity Provider) and application
registration parts of the OpenID Connect/OAuth2 setup.
1 year ago
Jan Dittberner
d79167a436
Add authserver records
1 year ago
Jan Dittberner
992d534697
Tighten SPF record
...
PowerDNS cuts TXT records at 255 chars
(https://doc.powerdns.com/authoritative/appendices/types.html#txt ). This
commit reduces the size by using mx and a SPF policy entries.
1 year ago
Jan Dittberner
17106f7c86
Fix forward and reverse entries
...
- add missing AAAA records in cacert.org
- add missing PTR records in IPv6 reverse zone
- remove broken PTR records in IPv6 reverse zone
- fix SPF records
2 years ago
Jan Dittberner
302a6d26f5
Sort and clean zone cacert.org
2 years ago
Jan Dittberner
87e24a3b41
Merge branch 'main' into fix-pdnsutil-check-zone-warnings
2 years ago
Jan Dittberner
7744e78659
Remove services that are not available anymore
2 years ago
Jan Dittberner
50d3959257
Fix warnings from pdnsutil check-all-zones
2 years ago
Jan Dittberner
91a49d40dc
manual import from ns1.cacert.org
2 years ago
Jan Dittberner
f70a11c863
Fix warnings from pdnsutil check-zone
...
This commit removes explicit DNSKEY entries and invalid names from the
cacert.org zone.
2 years ago
Dirk Astrath
143cc348cb
Remove ns3, and ocsp1 from cacert.org.
...
Signed-off-by: Jan Dittberner <jandd@cacert.org>
2 years ago
Dirk Astrath
076d4d1466
Update ns1 A and AAAA records for cacert.{com,net,org}
2 years ago
Dirk Astrath
8f11930cf1
Switch crl.cacert.org back to critical, add crl_egal
2 years ago
Dirk Astrath
7f3670760f
Add ping.cacert.org AAAA, remove webdb.cacert.org
2 years ago
Dirk Astrath
6cbd6f92a6
Add AAAA record for webdb.cacert.org
2 years ago
Dirk Astrath
6b9aa5cced
Change AAAA record of crl.cacert.org
2 years ago
Dirk Astrath
690dffbaac
Update crl servers for cacert.org
...
- add crl2
- move crl to external address
2 years ago
Dirk Astrath
493baa3a57
Update cacert.org AAAA records for ns1 and ns2
2 years ago
Dirk Astrath
4659cac454
Add code.cacert.org and pgsql.cacert.org
2 years ago
Dirk Astrath
f7b19773ff
Update cacert.org NS records
2 years ago
Dirk Astrath
8eb1b378c9
Sort SSHFP for hopper.cacert.org
2 years ago
Dirk Astrath
cd11540381
Convert cacert.org to PowerDNS format
2 years ago
dirk@cacert.org
c42b123843
Added webmail and infra03
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2751 14b1bab8-4ef6-0310-b690-991c95c89dfd
4 years ago
dirk@cacert.org
76d9ba641d
Added IPv6 and updated SSHFP for blog/wiki
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2749 14b1bab8-4ef6-0310-b690-991c95c89dfd
4 years ago
wytze@deboca.net
e09bf3160b
Update records for email.cacert.org and emailout.cacert.org per e-mal request from Jan Dittberner on 06.08.2019.
...
Break up very long TXT record for spf1 in two parts to avoid hitting the 255 chars limit.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2736 14b1bab8-4ef6-0310-b690-991c95c89dfd
5 years ago
wytze@deboca.net
95293b329d
Apply changes for infrastructure systems per e-mail request from Jan Dittberner on 03.08.2019.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2735 14b1bab8-4ef6-0310-b690-991c95c89dfd
5 years ago
wytze@deboca.net
ef022f1e09
Add A and SSHFP records for test3.cacert.org per e-mail request from Jan Dittberner on 01.11.2018.
...
Re-enable IPv6 for ns3.cacert.org.
Add CNAME records for secure.test3.cacert,org and www.test3.cacert.org.
Shorten TLSA records (i.e. use 2 1 1 rather than 2 0 0).
Add extra SSHFP records for test.cacert.org and test2.cacert.org.
Drop ns4.cacert.org secondary server.
Add fingerprints for new CAcert root certificates.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2727 14b1bab8-4ef6-0310-b690-991c95c89dfd
5 years ago
wytze@deboca.net
8e9ff22085
Add CNAME for codedocs.cacert.org per e-mail request from Jan Dittberner on 27.10.2018
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2720 14b1bab8-4ef6-0310-b690-991c95c89dfd
6 years ago
wytze@deboca.net
76cdf889a6
Turn off TSIG for mars.overmeer.net because this server has been upgraded to OpenSUSE 15.0.
...
The bind 9.11.2 contained in that release appears to be incompatible with respect to TSIG
handling with our NSD 4.1.12. Note that bind 9,9 and bind 9.10 work just fine ...
Upgrade nsd to new release: 4.1.23.
Update IPv6 address for hopper.cacert.org.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2714 14b1bab8-4ef6-0310-b690-991c95c89dfd
6 years ago
wytze@deboca.net
660fb8dff6
Update CAA record to contain a valid mailto: URL.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2705 14b1bab8-4ef6-0310-b690-991c95c89dfd
6 years ago
wytze@deboca.net
c669cccd54
Add IPv6 address for translations.cacert.org per e-mail request from Jan Dittberner on 15.04.2018.
...
Add IPv6 address for bugs.cacert.org per e-mail request from Jan Dittberrner on 06.04.2018.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2702 14b1bab8-4ef6-0310-b690-991c95c89dfd
7 years ago
wytze@deboca.net
d21b8189a8
Add IPv6 address for bugs.cacert.org per e-mail request from Jan Dittberrner on 06.04.2018.
...
Add AAAA and update SSHFP records for irc per e-mail request from Jan Dittberner on 03.04.2018.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2699 14b1bab8-4ef6-0310-b690-991c95c89dfd
7 years ago
wytze@deboca.net
20dc5d300d
Add A record for proxyout per e-mail from Jan Dittbernet of 25.02.2018.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2697 14b1bab8-4ef6-0310-b690-991c95c89dfd
7 years ago
wytze@deboca.net
396ec2467c
Zone updates up to 25 February 2018.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2695 14b1bab8-4ef6-0310-b690-991c95c89dfd
7 years ago
wytze@deboca.net
c2227d5a9d
Upgrade to new release: 4.1.12.
...
Set TTL for SOA to 1 hour, and SOA expire time to 7 days, per web recommendations.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2685 14b1bab8-4ef6-0310-b690-991c95c89dfd
7 years ago
wytze@deboca.net
4ca51d05f8
Update SSHFP records for hopper after migration to OpenSUSE 13.2.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2670 14b1bab8-4ef6-0310-b690-991c95c89dfd
8 years ago
wytze@deboca.net
ccbc0a84ca
Upgrade OpenDNSSEC software to version 2.0.0-1.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2658 14b1bab8-4ef6-0310-b690-991c95c89dfd
8 years ago
wytze@deboca.net
ec8644b28d
Add additional SSHFP records for git.cacert.org.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2656 14b1bab8-4ef6-0310-b690-991c95c89dfd
8 years ago
wytze@deboca.net
bcd0f029ba
Add CNAME for infradocs.cacert,org pointing to webstatic.cacert.org, per e-mail request
...
from Jan Dittberner on 05.05.2016.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2653 14b1bab8-4ef6-0310-b690-991c95c89dfd
8 years ago
wytze@deboca.net
cd5e89e784
Build and install the ldns example tools, so we can use the ldns-dane tool.
...
Update SSHFP records for cats.cacert.org.
Add RRs for policy.cacert.org.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2630 14b1bab8-4ef6-0310-b690-991c95c89dfd
9 years ago
wytze@deboca.net
5dafcb4700
ODS-NOTES: Update instructions for key rollover.
...
keylist: Status on 20151026 after KSK key rollover, submitting new DS hashes and issuing
ods-ksmutil key ds-seen for the ready KSK's. The new KSK goes from ready to active,
the old KSK from active to retire. Note that cacert.community still needs to be done.
cacert.*: Disable IPv6 address for ns3, because this host is currently lacking IPv6 connectivity.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2619 14b1bab8-4ef6-0310-b690-991c95c89dfd
9 years ago
wytze@deboca.net
0de4c64b93
Update SSHFP records for cacert-fw01 and cacert-fw02 after upgrading firewall OS to OpenBSD 5.7.
...
Add RRs with fingerprints for CAcert root certificates (generated by cacert-fingerprints-to-dns).
Clean up fingerprints by dropping internal colons.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2601 14b1bab8-4ef6-0310-b690-991c95c89dfd
9 years ago