Jan Dittberner
d3de6eb830
Add AAAA RR for cacert.com and cacert.net
2 years ago
Jan Dittberner
91a49d40dc
manual import from ns1.cacert.org
2 years ago
Jan Dittberner
11b092beb0
Use git branch -D for reference_branch
...
This commit allows the use of a reference_branch that is not merged into
the current working directory.
Imports have been sorted by isort
2 years ago
Jan Dittberner
424bd7954f
Use sendmail instead of SMTP
...
- remove the SMTP requirement to be able to work with /usr/lib/sendmail
instead
- use f-strings where appropriate to improve readability
- use text-parameter to subprocess.run to avoid extra decode calls
2 years ago
Jan Dittberner
d93300732b
Implement update-zones.py to update zones from git
...
- ignore temporary files and Python bytecode
- add update-zones.py
2 years ago
Jan Dittberner
f70a11c863
Fix warnings from pdnsutil check-zone
...
This commit removes explicit DNSKEY entries and invalid names from the
cacert.org zone.
2 years ago
Jan Dittberner
976a391df2
Use delegated 224-27.225.154.213.in-addr.arpa zone
2 years ago
Dirk Astrath
1b231b8fb5
Add import_zone script from NS2
...
Signed-off-by: Jan Dittberner <jandd@cacert.org>
2 years ago
Dirk Astrath
143cc348cb
Remove ns3, and ocsp1 from cacert.org.
...
Signed-off-by: Jan Dittberner <jandd@cacert.org>
2 years ago
Dirk Astrath
076d4d1466
Update ns1 A and AAAA records for cacert.{com,net,org}
2 years ago
Dirk Astrath
8d1f2e0117
Update from ns2.cacert.org
2 years ago
Dirk Astrath
8f11930cf1
Switch crl.cacert.org back to critical, add crl_egal
2 years ago
Dirk Astrath
7f3670760f
Add ping.cacert.org AAAA, remove webdb.cacert.org
2 years ago
Dirk Astrath
6cbd6f92a6
Add AAAA record for webdb.cacert.org
2 years ago
Dirk Astrath
6b9aa5cced
Change AAAA record of crl.cacert.org
2 years ago
Dirk Astrath
690dffbaac
Update crl servers for cacert.org
...
- add crl2
- move crl to external address
2 years ago
Dirk Astrath
493baa3a57
Update cacert.org AAAA records for ns1 and ns2
2 years ago
Dirk Astrath
4659cac454
Add code.cacert.org and pgsql.cacert.org
2 years ago
Dirk Astrath
f7b19773ff
Update cacert.org NS records
2 years ago
Dirk Astrath
8eb1b378c9
Sort SSHFP for hopper.cacert.org
2 years ago
Dirk Astrath
cd11540381
Convert cacert.org to PowerDNS format
2 years ago
Dirk Astrath
11f67755b2
Change cacert.net AAAA for ns1 and ns2
2 years ago
Dirk Astrath
0961327761
Change NS records for cacert.net
2 years ago
Dirk Astrath
ff17ba99ce
Convert cacert.net for PowerDNS
...
- change zone syntax to absolute names
- add ns2, ns4, ns5
2 years ago
Jan Dittberner
10c93e9cbb
Remove cacert.community
2 years ago
Dirk Astrath
99fcbe3e5f
Change ns1/ns2 AAAA records for cacert.com
2 years ago
Dirk Astrath
5ff4fa0ad6
Update cacert.com NS records
2 years ago
Jan Dittberner
0da00703d6
Remove DNSSEC records from cacert.com, adapt NS records
2 years ago
Dirk Astrath
fb36036ba8
Import nsd zone for cacert.com
2 years ago
Dirk Astrath
91fbc3f21c
Re-order IPv6 reverse DNS records
2 years ago
Dirk Astrath
7742926d51
Add IPv6 PTR records for www.cacert.org
2 years ago
Dirk Astrath
a0aa862a32
Bump IPv6 reverse SOA serial
2 years ago
Dirk Astrath
886b2a1f3c
Switch IPv6 reverse zone to PowerDNS syntax
2 years ago
Dirk Astrath
dce203320e
Update IPv4 reverse zone
2 years ago
Jan Dittberner
72e71adb89
Add reverse zones from ns2
...
- use the correct names that will make the delegation from BIT work
2 years ago
Jan Dittberner
0e0fd05c0e
Remove obsolete files
...
- log files can be replaced by git history
- mk-tlsa-recs is not required for PowerDNS operation
2 years ago
dirk@cacert.org
c42b123843
Added webmail and infra03
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2751 14b1bab8-4ef6-0310-b690-991c95c89dfd
4 years ago
dirk@cacert.org
76d9ba641d
Added IPv6 and updated SSHFP for blog/wiki
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2749 14b1bab8-4ef6-0310-b690-991c95c89dfd
4 years ago
wytze@deboca.net
1129b6e7c3
Disable ns-ext.nlnetlabs.nl for cacert.{org,com,net}.
...
Disable sns-pba.dm1.sns.isc.org for cacert.{com,net}.
Drop all records for ns5.cacert.{com,net} since ISC will be ending the
secondary name service on January 31, 2020.
Note: ns5.cacert.org should be dropped as well before January 31, 2020.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2741 14b1bab8-4ef6-0310-b690-991c95c89dfd
5 years ago
wytze@deboca.net
e09bf3160b
Update records for email.cacert.org and emailout.cacert.org per e-mal request from Jan Dittberner on 06.08.2019.
...
Break up very long TXT record for spf1 in two parts to avoid hitting the 255 chars limit.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2736 14b1bab8-4ef6-0310-b690-991c95c89dfd
5 years ago
wytze@deboca.net
95293b329d
Apply changes for infrastructure systems per e-mail request from Jan Dittberner on 03.08.2019.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2735 14b1bab8-4ef6-0310-b690-991c95c89dfd
5 years ago
wytze@deboca.net
e4637553b6
Updates for mk-tlsa-recs script:
...
- use ldns-dane from /usr/bin (parametrized)
- only generate TLSA records for symlink'ed certificates
- generate both domain and trust anchor TLSA records
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2728 14b1bab8-4ef6-0310-b690-991c95c89dfd
5 years ago
wytze@deboca.net
ef022f1e09
Add A and SSHFP records for test3.cacert.org per e-mail request from Jan Dittberner on 01.11.2018.
...
Re-enable IPv6 for ns3.cacert.org.
Add CNAME records for secure.test3.cacert,org and www.test3.cacert.org.
Shorten TLSA records (i.e. use 2 1 1 rather than 2 0 0).
Add extra SSHFP records for test.cacert.org and test2.cacert.org.
Drop ns4.cacert.org secondary server.
Add fingerprints for new CAcert root certificates.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2727 14b1bab8-4ef6-0310-b690-991c95c89dfd
5 years ago
wytze@deboca.net
af9fc0a42c
Drop ns4.cacert.com/ns4.cacert.net secondary server.
...
Re-enable IPv6 address for ns3.cacert.com and ns.cacert.net..
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2726 14b1bab8-4ef6-0310-b690-991c95c89dfd
5 years ago
wytze@deboca.net
8e9ff22085
Add CNAME for codedocs.cacert.org per e-mail request from Jan Dittberner on 27.10.2018
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2720 14b1bab8-4ef6-0310-b690-991c95c89dfd
6 years ago
wytze@deboca.net
76cdf889a6
Turn off TSIG for mars.overmeer.net because this server has been upgraded to OpenSUSE 15.0.
...
The bind 9.11.2 contained in that release appears to be incompatible with respect to TSIG
handling with our NSD 4.1.12. Note that bind 9,9 and bind 9.10 work just fine ...
Upgrade nsd to new release: 4.1.23.
Update IPv6 address for hopper.cacert.org.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2714 14b1bab8-4ef6-0310-b690-991c95c89dfd
6 years ago
wytze@deboca.net
660fb8dff6
Update CAA record to contain a valid mailto: URL.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2705 14b1bab8-4ef6-0310-b690-991c95c89dfd
6 years ago
wytze@deboca.net
c669cccd54
Add IPv6 address for translations.cacert.org per e-mail request from Jan Dittberner on 15.04.2018.
...
Add IPv6 address for bugs.cacert.org per e-mail request from Jan Dittberrner on 06.04.2018.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2702 14b1bab8-4ef6-0310-b690-991c95c89dfd
7 years ago
wytze@deboca.net
d21b8189a8
Add IPv6 address for bugs.cacert.org per e-mail request from Jan Dittberrner on 06.04.2018.
...
Add AAAA and update SSHFP records for irc per e-mail request from Jan Dittberner on 03.04.2018.
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2699 14b1bab8-4ef6-0310-b690-991c95c89dfd
7 years ago
wytze@deboca.net
20dc5d300d
Add A record for proxyout per e-mail from Jan Dittbernet of 25.02.2018.
...
git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2697 14b1bab8-4ef6-0310-b690-991c95c89dfd
7 years ago