ad84697c8a
Merge pull request 'lists-upgrade' ( #13 ) from lists-upgrade into main
...
Reviewed-on: critical/dns-zones#13
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2023-07-17 16:42:24 +00:00
e3411f74eb
Update lists host keys
...
The lists system has been rebuilt on a new Debian 11 host with new host
keys.
2023-07-16 19:26:03 +02:00
9cb7ac6da6
Update infra02 SSH host keys
...
- remove DSA key
- add ED25519 key
2023-07-16 19:25:26 +02:00
7c02d092f1
Merge pull request 'Allow letsencrypt certificates for cacert.org' ( #10 ) from letsencrypt-for-code-cacert-org into main
...
Reviewed-on: critical/dns-zones#10
2023-06-21 19:39:13 +00:00
7986084a40
Add letsencrypt as allowed CA for cacert.org zone
2023-06-14 18:45:40 +02:00
7e0d88f8bf
Order records for code.cacert.org by type
2023-06-14 14:55:22 +02:00
03b01fff79
Allow letsencrypt certificates for code.cacert.org
2023-06-14 10:39:23 +02:00
b6fec8ad4b
Add OIDC demo application container
2023-05-26 18:12:26 +02:00
565c2881b0
Add appregistration and idp records
...
Add records for appregistration.cacert.org and idp.cacert.org that are
meant to be used for the IDP (Identity Provider) and application
registration parts of the OpenID Connect/OAuth2 setup.
2023-05-26 18:12:26 +02:00
d79167a436
Add authserver records
2023-05-26 18:12:26 +02:00
992d534697
Tighten SPF record
...
PowerDNS cuts TXT records at 255 chars
(https://doc.powerdns.com/authoritative/appendices/types.html#txt ). This
commit reduces the size by using mx and a SPF policy entries.
2023-05-02 20:10:20 +02:00
17106f7c86
Fix forward and reverse entries
...
- add missing AAAA records in cacert.org
- add missing PTR records in IPv6 reverse zone
- remove broken PTR records in IPv6 reverse zone
- fix SPF records
2023-01-28 13:10:51 +01:00
302a6d26f5
Sort and clean zone cacert.org
2023-01-28 13:10:51 +01:00
87e24a3b41
Merge branch 'main' into fix-pdnsutil-check-zone-warnings
2022-11-26 09:46:28 +00:00
7744e78659
Remove services that are not available anymore
2022-10-29 19:45:19 +02:00
50d3959257
Fix warnings from pdnsutil check-all-zones
2022-10-29 18:41:33 +02:00
91a49d40dc
manual import from ns1.cacert.org
2022-10-23 10:41:58 +02:00
f70a11c863
Fix warnings from pdnsutil check-zone
...
This commit removes explicit DNSKEY entries and invalid names from the
cacert.org zone.
2022-09-17 10:04:38 +02:00
143cc348cb
Remove ns3, and ocsp1 from cacert.org.
...
Signed-off-by: Jan Dittberner <jandd@cacert.org>
2022-09-11 09:58:21 +02:00
076d4d1466
Update ns1 A and AAAA records for cacert.{com,net,org}
2022-07-16 15:20:10 +00:00
8f11930cf1
Switch crl.cacert.org back to critical, add crl_egal
2022-07-16 14:26:05 +00:00
7f3670760f
Add ping.cacert.org AAAA, remove webdb.cacert.org
2022-07-16 14:24:11 +00:00
6cbd6f92a6
Add AAAA record for webdb.cacert.org
2022-07-16 13:53:51 +00:00
6b9aa5cced
Change AAAA record of crl.cacert.org
2022-07-16 13:48:30 +00:00
690dffbaac
Update crl servers for cacert.org
...
- add crl2
- move crl to external address
2022-07-16 13:46:46 +00:00
493baa3a57
Update cacert.org AAAA records for ns1 and ns2
2022-07-16 13:42:54 +00:00
4659cac454
Add code.cacert.org and pgsql.cacert.org
2022-07-16 13:41:27 +00:00
f7b19773ff
Update cacert.org NS records
2022-07-16 13:40:02 +00:00
8eb1b378c9
Sort SSHFP for hopper.cacert.org
2022-07-16 13:38:16 +00:00
cd11540381
Convert cacert.org to PowerDNS format
2022-07-16 13:36:23 +00:00
dirk@cacert.org
c42b123843
Added webmail and infra03
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2751 14b1bab8-4ef6-0310-b690-991c95c89dfd
2020-06-13 21:26:01 +00:00
dirk@cacert.org
76d9ba641d
Added IPv6 and updated SSHFP for blog/wiki
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2749 14b1bab8-4ef6-0310-b690-991c95c89dfd
2020-05-10 19:06:41 +00:00
wytze@deboca.net
e09bf3160b
Update records for email.cacert.org and emailout.cacert.org per e-mal request from Jan Dittberner on 06.08.2019.
...
Break up very long TXT record for spf1 in two parts to avoid hitting the 255 chars limit.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2736 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-08-06 14:06:38 +00:00
wytze@deboca.net
95293b329d
Apply changes for infrastructure systems per e-mail request from Jan Dittberner on 03.08.2019.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2735 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-08-04 07:45:46 +00:00
wytze@deboca.net
ef022f1e09
Add A and SSHFP records for test3.cacert.org per e-mail request from Jan Dittberner on 01.11.2018.
...
Re-enable IPv6 for ns3.cacert.org.
Add CNAME records for secure.test3.cacert,org and www.test3.cacert.org.
Shorten TLSA records (i.e. use 2 1 1 rather than 2 0 0).
Add extra SSHFP records for test.cacert.org and test2.cacert.org.
Drop ns4.cacert.org secondary server.
Add fingerprints for new CAcert root certificates.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2727 14b1bab8-4ef6-0310-b690-991c95c89dfd
2019-06-06 09:21:07 +00:00
wytze@deboca.net
8e9ff22085
Add CNAME for codedocs.cacert.org per e-mail request from Jan Dittberner on 27.10.2018
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2720 14b1bab8-4ef6-0310-b690-991c95c89dfd
2018-10-27 07:32:37 +00:00
wytze@deboca.net
76cdf889a6
Turn off TSIG for mars.overmeer.net because this server has been upgraded to OpenSUSE 15.0.
...
The bind 9.11.2 contained in that release appears to be incompatible with respect to TSIG
handling with our NSD 4.1.12. Note that bind 9,9 and bind 9.10 work just fine ...
Upgrade nsd to new release: 4.1.23.
Update IPv6 address for hopper.cacert.org.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2714 14b1bab8-4ef6-0310-b690-991c95c89dfd
2018-07-30 08:18:46 +00:00
wytze@deboca.net
660fb8dff6
Update CAA record to contain a valid mailto: URL.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2705 14b1bab8-4ef6-0310-b690-991c95c89dfd
2018-05-02 13:15:58 +00:00
wytze@deboca.net
c669cccd54
Add IPv6 address for translations.cacert.org per e-mail request from Jan Dittberner on 15.04.2018.
...
Add IPv6 address for bugs.cacert.org per e-mail request from Jan Dittberrner on 06.04.2018.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2702 14b1bab8-4ef6-0310-b690-991c95c89dfd
2018-04-17 07:20:48 +00:00
wytze@deboca.net
d21b8189a8
Add IPv6 address for bugs.cacert.org per e-mail request from Jan Dittberrner on 06.04.2018.
...
Add AAAA and update SSHFP records for irc per e-mail request from Jan Dittberner on 03.04.2018.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2699 14b1bab8-4ef6-0310-b690-991c95c89dfd
2018-04-07 07:17:12 +00:00
wytze@deboca.net
20dc5d300d
Add A record for proxyout per e-mail from Jan Dittbernet of 25.02.2018.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2697 14b1bab8-4ef6-0310-b690-991c95c89dfd
2018-02-26 11:17:17 +00:00
wytze@deboca.net
396ec2467c
Zone updates up to 25 February 2018.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2695 14b1bab8-4ef6-0310-b690-991c95c89dfd
2018-02-25 09:45:00 +00:00
wytze@deboca.net
c2227d5a9d
Upgrade to new release: 4.1.12.
...
Set TTL for SOA to 1 hour, and SOA expire time to 7 days, per web recommendations.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2685 14b1bab8-4ef6-0310-b690-991c95c89dfd
2017-05-28 09:06:26 +00:00
wytze@deboca.net
4ca51d05f8
Update SSHFP records for hopper after migration to OpenSUSE 13.2.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2670 14b1bab8-4ef6-0310-b690-991c95c89dfd
2016-08-04 09:22:58 +00:00
wytze@deboca.net
ccbc0a84ca
Upgrade OpenDNSSEC software to version 2.0.0-1.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2658 14b1bab8-4ef6-0310-b690-991c95c89dfd
2016-07-16 15:35:41 +00:00
wytze@deboca.net
ec8644b28d
Add additional SSHFP records for git.cacert.org.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2656 14b1bab8-4ef6-0310-b690-991c95c89dfd
2016-07-15 10:34:27 +00:00
wytze@deboca.net
bcd0f029ba
Add CNAME for infradocs.cacert,org pointing to webstatic.cacert.org, per e-mail request
...
from Jan Dittberner on 05.05.2016.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2653 14b1bab8-4ef6-0310-b690-991c95c89dfd
2016-05-06 09:48:00 +00:00
wytze@deboca.net
cd5e89e784
Build and install the ldns example tools, so we can use the ldns-dane tool.
...
Update SSHFP records for cats.cacert.org.
Add RRs for policy.cacert.org.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2630 14b1bab8-4ef6-0310-b690-991c95c89dfd
2015-12-16 16:51:27 +00:00
wytze@deboca.net
5dafcb4700
ODS-NOTES: Update instructions for key rollover.
...
keylist: Status on 20151026 after KSK key rollover, submitting new DS hashes and issuing
ods-ksmutil key ds-seen for the ready KSK's. The new KSK goes from ready to active,
the old KSK from active to retire. Note that cacert.community still needs to be done.
cacert.*: Disable IPv6 address for ns3, because this host is currently lacking IPv6 connectivity.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2619 14b1bab8-4ef6-0310-b690-991c95c89dfd
2015-10-31 14:55:19 +00:00
wytze@deboca.net
0de4c64b93
Update SSHFP records for cacert-fw01 and cacert-fw02 after upgrading firewall OS to OpenBSD 5.7.
...
Add RRs with fingerprints for CAcert root certificates (generated by cacert-fingerprints-to-dns).
Clean up fingerprints by dropping internal colons.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2601 14b1bab8-4ef6-0310-b690-991c95c89dfd
2015-05-29 07:53:00 +00:00
