knilsson
/
dns-zones
forked from critical/dns-zones
1
0
Fork 0
Code Pull Requests Activity

Commit Graph

  • 0de4c64b93 Update SSHFP records for cacert-fw01 and cacert-fw02 after upgrading firewall OS to OpenBSD 5.7. Add RRs with fingerprints for CAcert root certificates (generated by cacert-fingerprints-to-dns). Clean up fingerprints by dropping internal colons. wytze@deboca.net 2015-05-29 07:53:00 +0000
  • f3fd6a45f5 Move infra LXC containers to a separate /80 subnet. wytze@deboca.net 2015-05-29 07:51:04 +0000
  • 9c0e9a6848 Add A and SSHFP records for jenkins.cacert.org per e-mail request from Jan Dittberner. wytze@deboca.net 2015-02-05 08:05:22 +0000
  • 462ded1819 Update SSHFP records for emailout per e-mail from Jan Dittberner on 02.02.2015. wytze@deboca.net 2015-02-03 08:15:36 +0000
  • cbaf82b142 Update SSHFP records for cacert-fw01 and cacert-fw02 after upgrading firewall OS to OpenBSD 5.6. Update IPv4 address for openppm.cacert.org per e-mail from Benedikt Heintel 08.01.2015. Add A and SSHFP records for web, funding, webstatic per e-mail request from Jan Dittberner. See also https://bugs.cacert.org/view.php?id=1363 for details about the shared IP setup. wytze@deboca.net 2015-01-28 14:52:53 +0000
  • 3a45494988 Update IPv4 and IPv6 addresses for ns4.cacert.org aka ns-ext.nlnetlabs.nl. wytze@deboca.net 2014-09-19 09:02:26 +0000
  • 0a3250a333 Add A record for hopper. Add additional SSHFP records for hopper. wytze@deboca.net 2014-09-02 13:32:42 +0000
  • acc6312310 Add IPv6 support for OCSP service. wytze@deboca.net 2014-08-24 09:16:47 +0000
  • bada7a02c3 Add IPv6 address for crl.cacert.org. wytze@deboca.net 2014-08-12 07:12:40 +0000
  • f773d5fa50 Add TLSA record for www.cacert.org and secure.cacert.org. This supports effective use of the DNSSEC/TLSA Validator browser plugin available from CZ.NIC Labs. The records have been created with https://www.huque.com/bin/gen_tlsa using these parameters: certificate usage: DANE-TA (2) trust anchor selector: full cert (0) matching type: exact match (0) certificate: https://www.cacert.org/certs/root.der wytze@deboca.net 2014-07-22 09:45:16 +0000
  • 8d476903f2 Add new (signed) zone cacert.community. Add zone file for reverse IPv4 for CAcert 213.154.225.224/27. Add IPv6 address for ns1.cacert.com and ns1.cacert.net. Drop obsolete dlv record. wytze@deboca.net 2014-06-11 10:54:59 +0000
  • 12f67876e4 Update INSTALL script for boxbackup client. Drop A records for audit.cacert.org and dev.cacert.org (no longer existing) and add A record for openppm.cacert.org, per e-mail request from Benedik Heintel on June 1, 2014. Add resource records for critmon.cacert.org. wytze@deboca.net 2014-06-10 13:07:29 +0000
  • 5e86a71ef5 Add experimental AAAA record for ocsp-ipv6.cacert.org. Add some missing SSHFP records for infrastructure.cacert.org. wytze@deboca.net 2014-05-30 15:37:28 +0000
  • 4c2106515c Add two CNAME records per e-mail request from Mario Lipinski on 23.02.2014. wytze@deboca.net 2014-02-23 20:44:27 +0000
  • d417978a99 Add SSHFP records for infrastructure hosts. Reorganize layout for better readability and maintainability. Remove SSHFP records for monitor.cacert.org, because they are illegal: monitor is a CNAME. Add CNAME records for www.test.cacert.org and www.test2.cacert.org. wytze@deboca.net 2014-02-08 12:24:03 +0000
  • be584cdb5e Add PTR records for the full infra and critical networks. Add four new infrastructure systems. Put the "real" infrastructure systems in a /80 subnet to simplify firewall rules. Correct network addresses in comments. Name changes per e-mail request from Mario Lipinski on 05.02.2014. wytze@deboca.net 2014-02-06 13:51:52 +0000
  • 0bb876704e Upgrade nsd to new release: 3.2.17. Add PTR record for ns1.cacert.org in 2001:07b8:616.ip6 zone. Drop dummy PTR record from 2001:07b8:616.ip6 zone. Add AAAA record for ns1.cacert.org. to cacert.org zone. Configure nsd for external access over IPv6. Expand firewall script to support IPv6. wytze@deboca.net 2014-01-27 16:27:37 +0000
  • 3234773ffd Add A record for eu.cacert.org (which is actually cacert.eu), to show that the IPv4 address in our range is taken. Add IPv6 address, SSHFP and PTR records for hopper.cacert.org. wytze@deboca.net 2014-01-26 09:27:38 +0000
  • 7935fda852 Drop wwwmail (mail name for www server) from the DNS. Add new zone 224-27.225.154.213.in-addr.arpa (reverse IPv4 of cacert.org). wytze@deboca.net 2013-12-26 11:45:34 +0000
  • f01c9a7ad7 Zone file updates. wytze@deboca.net 2013-12-17 16:42:44 +0000
  • 208362da77 Update TXT spf1 record for blog.cacert.org. wytze@deboca.net 2013-11-27 16:40:02 +0000
  • 3b120dbb93 Add new zone 6.1.6.0.8.b.7.0.1.0.0.2.ip6.arpa (reverse IPv6 of cacert.org). wytze@deboca.net 2013-11-25 10:12:46 +0000
  • d720f4cb4b Synchronize with real server. wytze@deboca.net 2013-10-26 20:06:40 +0000
  • d66f23b210 Update A and AAAA records for ns3 after server migration of mars.overmeer.net. Drop obsolete name 'hlin' from the cacert.org zone. Drop wwwdb and securedb entries which were added for testing new web server. wytze@deboca.net 2013-06-01 09:16:53 +0000
  • d35d204bed Update A and AAAA records for ns3 after server migration of mars.overmeer.net. wytze@deboca.net 2013-06-01 09:16:25 +0000
  • 9da4b0b01b Drop nameserver ns2 because it will be taken out of service soon. A corresponding change has already been made in the GKG.NET registry. Drop newsys.gun.de secondary nameserver for cacert.{org,net,com} because it will be taken out of service soon, and drop its TSIG key as well. Add temporary experimental A and AAAA records for wwwdb and securedb, as part of the migration of CAcert's main webserver to new hardware. wytze@deboca.net 2013-03-17 10:24:21 +0000
  • 458788978e Update SPF record for lists.cacert.org because it appears that this host is now sending mail directly instead of via the cacert.org mail host, as a result of the recent Tunix firewall changes. wytze@deboca.net 2012-06-12 15:09:08 +0000
  • 8cf45a34bd Also add IPv6 address for cacert.org itself. wytze@deboca.net 2012-06-07 08:57:43 +0000
  • 8fee8bffc4 Add IPv6 addresses for {www,secure,tverify}.cacert.org in preparation for World IPv6 Launch on 6 June 2012. wytze@deboca.net 2012-06-04 09:59:01 +0000
  • 16bbfbae33 Add A records for infrastructure.cacert.org and monitor.cacert.org, both pointing to 213.154.225.230, per e-mail request from Mario Lipinski on May 23, 2012. wytze@deboca.net 2012-05-23 09:27:20 +0000
  • a519fee7de Remove A records for cod.cacert.org and translingo.cacert.org per e-mail request from Mario Lipinski on 20.05.2012. wytze@deboca.net 2012-05-21 08:44:10 +0000
  • aeb3bc5df4 Reduce SOA expiration timer from 1 week to 2 days, in order to comply with a recommendation made in RFC 4641bis: the SOA expiration timer should be between 1/4th and 1/3rd of the size of the signature validity period (1 week at CAcert). wytze@deboca.net 2012-04-17 07:10:49 +0000
  • f11071c031 Drop CNAME records for stamp and timestamp, since this service hasn't been supported anymore for years, and has also been removed from the Apache2 webserver configuration on the CAcert webdb server. wytze@deboca.net 2012-04-04 15:49:41 +0000
  • 65da9bc2cf Remove A record for hashserver service which has been shut down. wytze@deboca.net 2012-03-30 09:35:58 +0000
  • ef4f5fb100 Remove A records for services which have been shut down recently. wytze@deboca.net 2012-03-29 15:38:06 +0000
  • 7fb1ff3d79 DKIM records changed after infrastructure update. wytze@deboca.net 2012-03-27 08:13:05 +0000
  • b1cd8b50f3 Remove A record for research.cacert.org per e-mail request from Piers Lauder. wytze@deboca.net 2011-12-24 14:24:56 +0000
  • 3f4424d7b6 Add software configuration for CAcert ns server. The primary revision control is kept in RCS on the actual server, but the RCS logs of that server are also kept in this svn repository. wytze@deboca.net 2011-11-22 16:03:52 +0000