0de4c64b93Update SSHFP records for cacert-fw01 and cacert-fw02 after upgrading firewall OS to OpenBSD 5.7. Add RRs with fingerprints for CAcert root certificates (generated by cacert-fingerprints-to-dns). Clean up fingerprints by dropping internal colons.
wytze@deboca.net
2015-05-29 07:53:00 +0000
f3fd6a45f5Move infra LXC containers to a separate /80 subnet.
wytze@deboca.net
2015-05-29 07:51:04 +0000
9c0e9a6848Add A and SSHFP records for jenkins.cacert.org per e-mail request from Jan Dittberner.
wytze@deboca.net
2015-02-05 08:05:22 +0000
462ded1819Update SSHFP records for emailout per e-mail from Jan Dittberner on 02.02.2015.
wytze@deboca.net
2015-02-03 08:15:36 +0000
cbaf82b142Update SSHFP records for cacert-fw01 and cacert-fw02 after upgrading firewall OS to OpenBSD 5.6. Update IPv4 address for openppm.cacert.org per e-mail from Benedikt Heintel 08.01.2015. Add A and SSHFP records for web, funding, webstatic per e-mail request from Jan Dittberner. See also https://bugs.cacert.org/view.php?id=1363 for details about the shared IP setup.
wytze@deboca.net
2015-01-28 14:52:53 +0000
3a45494988Update IPv4 and IPv6 addresses for ns4.cacert.org aka ns-ext.nlnetlabs.nl.
wytze@deboca.net
2014-09-19 09:02:26 +0000
0a3250a333Add A record for hopper. Add additional SSHFP records for hopper.
wytze@deboca.net
2014-09-02 13:32:42 +0000
acc6312310Add IPv6 support for OCSP service.
wytze@deboca.net
2014-08-24 09:16:47 +0000
bada7a02c3Add IPv6 address for crl.cacert.org.
wytze@deboca.net
2014-08-12 07:12:40 +0000
f773d5fa50Add TLSA record for www.cacert.org and secure.cacert.org. This supports effective use of the DNSSEC/TLSA Validator browser plugin available from CZ.NIC Labs. The records have been created with https://www.huque.com/bin/gen_tlsa using these parameters: certificate usage: DANE-TA (2) trust anchor selector: full cert (0) matching type: exact match (0) certificate: https://www.cacert.org/certs/root.der
wytze@deboca.net
2014-07-22 09:45:16 +0000
8d476903f2Add new (signed) zone cacert.community. Add zone file for reverse IPv4 for CAcert 213.154.225.224/27. Add IPv6 address for ns1.cacert.com and ns1.cacert.net. Drop obsolete dlv record.
wytze@deboca.net
2014-06-11 10:54:59 +0000
12f67876e4Update INSTALL script for boxbackup client. Drop A records for audit.cacert.org and dev.cacert.org (no longer existing) and add A record for openppm.cacert.org, per e-mail request from Benedik Heintel on June 1, 2014. Add resource records for critmon.cacert.org.
wytze@deboca.net
2014-06-10 13:07:29 +0000
5e86a71ef5Add experimental AAAA record for ocsp-ipv6.cacert.org. Add some missing SSHFP records for infrastructure.cacert.org.
wytze@deboca.net
2014-05-30 15:37:28 +0000
4c2106515cAdd two CNAME records per e-mail request from Mario Lipinski on 23.02.2014.
wytze@deboca.net
2014-02-23 20:44:27 +0000
d417978a99Add SSHFP records for infrastructure hosts. Reorganize layout for better readability and maintainability. Remove SSHFP records for monitor.cacert.org, because they are illegal: monitor is a CNAME. Add CNAME records for www.test.cacert.org and www.test2.cacert.org.
wytze@deboca.net
2014-02-08 12:24:03 +0000
be584cdb5eAdd PTR records for the full infra and critical networks. Add four new infrastructure systems. Put the "real" infrastructure systems in a /80 subnet to simplify firewall rules. Correct network addresses in comments. Name changes per e-mail request from Mario Lipinski on 05.02.2014.
wytze@deboca.net
2014-02-06 13:51:52 +0000
0bb876704eUpgrade nsd to new release: 3.2.17. Add PTR record for ns1.cacert.org in 2001:07b8:616.ip6 zone. Drop dummy PTR record from 2001:07b8:616.ip6 zone. Add AAAA record for ns1.cacert.org. to cacert.org zone. Configure nsd for external access over IPv6. Expand firewall script to support IPv6.
wytze@deboca.net
2014-01-27 16:27:37 +0000
3234773ffdAdd A record for eu.cacert.org (which is actually cacert.eu), to show that the IPv4 address in our range is taken. Add IPv6 address, SSHFP and PTR records for hopper.cacert.org.
wytze@deboca.net
2014-01-26 09:27:38 +0000
7935fda852Drop wwwmail (mail name for www server) from the DNS. Add new zone 224-27.225.154.213.in-addr.arpa (reverse IPv4 of cacert.org).
wytze@deboca.net
2013-12-26 11:45:34 +0000
208362da77Update TXT spf1 record for blog.cacert.org.
wytze@deboca.net
2013-11-27 16:40:02 +0000
3b120dbb93Add new zone 6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa (reverse IPv6 of cacert.org).
wytze@deboca.net
2013-11-25 10:12:46 +0000
d720f4cb4bSynchronize with real server.
wytze@deboca.net
2013-10-26 20:06:40 +0000
d66f23b210Update A and AAAA records for ns3 after server migration of mars.overmeer.net. Drop obsolete name 'hlin' from the cacert.org zone. Drop wwwdb and securedb entries which were added for testing new web server.
wytze@deboca.net
2013-06-01 09:16:53 +0000
d35d204bedUpdate A and AAAA records for ns3 after server migration of mars.overmeer.net.
wytze@deboca.net
2013-06-01 09:16:25 +0000
9da4b0b01bDrop nameserver ns2 because it will be taken out of service soon. A corresponding change has already been made in the GKG.NET registry. Drop newsys.gun.de secondary nameserver for cacert.{org,net,com} because it will be taken out of service soon, and drop its TSIG key as well. Add temporary experimental A and AAAA records for wwwdb and securedb, as part of the migration of CAcert's main webserver to new hardware.
wytze@deboca.net
2013-03-17 10:24:21 +0000
458788978eUpdate SPF record for lists.cacert.org because it appears that this host is now sending mail directly instead of via the cacert.org mail host, as a result of the recent Tunix firewall changes.
wytze@deboca.net
2012-06-12 15:09:08 +0000
8fee8bffc4Add IPv6 addresses for {www,secure,tverify}.cacert.org in preparation for World IPv6 Launch on 6 June 2012.
wytze@deboca.net
2012-06-04 09:59:01 +0000
16bbfbae33Add A records for infrastructure.cacert.org and monitor.cacert.org, both pointing to 213.154.225.230, per e-mail request from Mario Lipinski on May 23, 2012.
wytze@deboca.net
2012-05-23 09:27:20 +0000
a519fee7deRemove A records for cod.cacert.org and translingo.cacert.org per e-mail request from Mario Lipinski on 20.05.2012.
wytze@deboca.net
2012-05-21 08:44:10 +0000
aeb3bc5df4Reduce SOA expiration timer from 1 week to 2 days, in order to comply with a recommendation made in RFC 4641bis: the SOA expiration timer should be between 1/4th and 1/3rd of the size of the signature validity period (1 week at CAcert).
wytze@deboca.net
2012-04-17 07:10:49 +0000
f11071c031Drop CNAME records for stamp and timestamp, since this service hasn't been supported anymore for years, and has also been removed from the Apache2 webserver configuration on the CAcert webdb server.
wytze@deboca.net
2012-04-04 15:49:41 +0000
65da9bc2cfRemove A record for hashserver service which has been shut down.
wytze@deboca.net
2012-03-30 09:35:58 +0000
ef4f5fb100Remove A records for services which have been shut down recently.
wytze@deboca.net
2012-03-29 15:38:06 +0000
7fb1ff3d79DKIM records changed after infrastructure update.
wytze@deboca.net
2012-03-27 08:13:05 +0000
b1cd8b50f3Remove A record for research.cacert.org per e-mail request from Piers Lauder.
wytze@deboca.net
2011-12-24 14:24:56 +0000
3f4424d7b6Add software configuration for CAcert ns server. The primary revision control is kept in RCS on the actual server, but the RCS logs of that server are also kept in this svn repository.
wytze@deboca.net
2011-11-22 16:03:52 +0000