8176bd3a30Merge pull request 'Add missing NS record for ns3.cacert.org' (#19) from add-ns-record-for-ns3 into mainJan Dittberner2024-02-07 12:41:05 +0000
a6f82d4019Merge pull request 'Revert nameservers for cacert.org' (#16) from revert-ns-records-to-cacert_org into mainJan Dittberner2023-09-16 17:28:12 +0000
9021726bb2Merge pull request 'Change nameservers for cacert.org' (#14) from move-cacert-org-nameservers-for-registrar-change into mainJan Dittberner2023-08-09 09:52:14 +0000
b1891e9a5bMerge pull request 'Fix warnings from pdnsutil check-all-zones' (#6) from fix-pdnsutil-check-zone-warnings into mainJan Dittberner2022-11-26 10:26:21 +0000
87e24a3b41Merge branch 'main' into fix-pdnsutil-check-zone-warningsJan Dittberner2022-11-26 09:46:28 +0000
a3a661bfe2Merge pull request 'Remove services that are not available anymore' (#7) from remove-dead-services into mainJan Dittberner2022-11-26 09:46:13 +0000
f70ee9f182Merge pull request 'Add AAAA RR for cacert.com and cacert.net' (#3) from add-missing-aaaa-records into mainJan Dittberner2022-10-23 10:08:20 +0000
76d9ba641dAdded IPv6 and updated SSHFP for blog/wiki
dirk@cacert.org
2020-05-10 19:06:41 +0000
1129b6e7c3Disable ns-ext.nlnetlabs.nl for cacert.{org,com,net}. Disable sns-pba.dm1.sns.isc.org for cacert.{com,net}. Drop all records for ns5.cacert.{com,net} since ISC will be ending the secondary name service on January 31, 2020. Note: ns5.cacert.org should be dropped as well before January 31, 2020.
wytze@deboca.net
2019-10-19 15:20:32 +0000
e09bf3160bUpdate records for email.cacert.org and emailout.cacert.org per e-mal request from Jan Dittberner on 06.08.2019. Break up very long TXT record for spf1 in two parts to avoid hitting the 255 chars limit.
wytze@deboca.net
2019-08-06 14:06:38 +0000
95293b329dApply changes for infrastructure systems per e-mail request from Jan Dittberner on 03.08.2019.
wytze@deboca.net
2019-08-04 07:45:46 +0000
e4637553b6Updates for mk-tlsa-recs script: - use ldns-dane from /usr/bin (parametrized) - only generate TLSA records for symlink'ed certificates - generate both domain and trust anchor TLSA records
wytze@deboca.net
2019-06-06 09:22:44 +0000
ef022f1e09Add A and SSHFP records for test3.cacert.org per e-mail request from Jan Dittberner on 01.11.2018. Re-enable IPv6 for ns3.cacert.org. Add CNAME records for secure.test3.cacert,org and www.test3.cacert.org. Shorten TLSA records (i.e. use 2 1 1 rather than 2 0 0). Add extra SSHFP records for test.cacert.org and test2.cacert.org. Drop ns4.cacert.org secondary server. Add fingerprints for new CAcert root certificates.
wytze@deboca.net
2019-06-06 09:21:07 +0000
af9fc0a42cDrop ns4.cacert.com/ns4.cacert.net secondary server. Re-enable IPv6 address for ns3.cacert.com and ns.cacert.net..
wytze@deboca.net
2019-06-06 09:18:43 +0000
8e9ff22085Add CNAME for codedocs.cacert.org per e-mail request from Jan Dittberner on 27.10.2018
wytze@deboca.net
2018-10-27 07:32:37 +0000
76cdf889a6Turn off TSIG for mars.overmeer.net because this server has been upgraded to OpenSUSE 15.0. The bind 9.11.2 contained in that release appears to be incompatible with respect to TSIG handling with our NSD 4.1.12. Note that bind 9,9 and bind 9.10 work just fine ... Upgrade nsd to new release: 4.1.23. Update IPv6 address for hopper.cacert.org.
wytze@deboca.net
2018-07-30 08:18:46 +0000
660fb8dff6Update CAA record to contain a valid mailto: URL.
wytze@deboca.net
2018-05-02 13:15:58 +0000
c669cccd54Add IPv6 address for translations.cacert.org per e-mail request from Jan Dittberner on 15.04.2018. Add IPv6 address for bugs.cacert.org per e-mail request from Jan Dittberrner on 06.04.2018.
wytze@deboca.net
2018-04-17 07:20:48 +0000
d21b8189a8Add IPv6 address for bugs.cacert.org per e-mail request from Jan Dittberrner on 06.04.2018. Add AAAA and update SSHFP records for irc per e-mail request from Jan Dittberner on 03.04.2018.
wytze@deboca.net
2018-04-07 07:17:12 +0000
20dc5d300dAdd A record for proxyout per e-mail from Jan Dittbernet of 25.02.2018.
wytze@deboca.net
2018-02-26 11:17:17 +0000
396ec2467cZone updates up to 25 February 2018.
wytze@deboca.net
2018-02-25 09:45:00 +0000
c2227d5a9dUpgrade to new release: 4.1.12. Set TTL for SOA to 1 hour, and SOA expire time to 7 days, per web recommendations.
wytze@deboca.net
2017-05-28 09:06:26 +0000
4ca51d05f8Update SSHFP records for hopper after migration to OpenSUSE 13.2.
wytze@deboca.net
2016-08-04 09:22:58 +0000
ccbc0a84caUpgrade OpenDNSSEC software to version 2.0.0-1.
wytze@deboca.net
2016-07-16 15:35:41 +0000
ec8644b28dAdd additional SSHFP records for git.cacert.org.
wytze@deboca.net
2016-07-15 10:34:27 +0000
bcd0f029baAdd CNAME for infradocs.cacert,org pointing to webstatic.cacert.org, per e-mail request from Jan Dittberner on 05.05.2016.
wytze@deboca.net
2016-05-06 09:48:00 +0000
12fb5c2d9cAdd script to generate TLSA records for domains found in the certs subdirectory.
wytze@deboca.net
2015-12-16 16:55:43 +0000
cd5e89e784Build and install the ldns example tools, so we can use the ldns-dane tool. Update SSHFP records for cats.cacert.org. Add RRs for policy.cacert.org.
wytze@deboca.net
2015-12-16 16:51:27 +0000
5dafcb4700ODS-NOTES: Update instructions for key rollover. keylist: Status on 20151026 after KSK key rollover, submitting new DS hashes and issuing ods-ksmutil key ds-seen for the ready KSK's. The new KSK goes from ready to active, the old KSK from active to retire. Note that cacert.community still needs to be done. cacert.*: Disable IPv6 address for ns3, because this host is currently lacking IPv6 connectivity.
wytze@deboca.net
2015-10-31 14:55:19 +0000