RCS file: /var/opendnssec/unsigned/RCS/cacert.org,v Working file: /var/opendnssec/unsigned/cacert.org head: 1.57 branch: locks: strict access list: symbolic names: keyword substitution: kv total revisions: 57; selected revisions: 57 description: cacert.org - zone file for cacert.org ---------------------------- revision 1.57 date: 2012/06/12 15:06:45; author: root; state: Exp; lines: +3 -3 Update SPF record for lists.cacert.org because it appears that this host is now sending mail directly instead of via the cacert.org mail host, as a result of the recent Tunix firewall changes. ---------------------------- revision 1.56 date: 2012/06/07 08:56:09; author: root; state: Exp; lines: +3 -2 Also add IPv6 address for cacert.org itself. ---------------------------- revision 1.55 date: 2012/06/04 09:56:14; author: root; state: Exp; lines: +5 -2 Add IPv6 addresses for {www,secure,tverify}.cacert.org in preparation for World IPv6 Launch on 6 June 2012. ---------------------------- revision 1.54 date: 2012/05/23 09:24:57; author: root; state: Exp; lines: +4 -2 Add A records for infrastructure.cacert.org and monitor.cacert.org, both pointing to 213.154.225.230, per e-mail request from Mario Lipinski on May 23, 2012. ---------------------------- revision 1.53 date: 2012/05/21 08:17:26; author: root; state: Exp; lines: +2 -4 Remove A records for cod.cacert.org and translingo.cacert.org per e-mail request from Mario Lipinski on 20.05.2012. ---------------------------- revision 1.52 date: 2012/04/17 07:07:02; author: root; state: Exp; lines: +3 -3 Reduce SOA expiration timer from 1 week to 2 days, in order to comply with a recommendation made in RFC 4641bis: the SOA expiration timer should be between 1/4th and 1/3ed of the size of the signature validity period (1 week). ---------------------------- revision 1.51 date: 2012/04/04 15:45:59; author: root; state: Exp; lines: +2 -4 Drop CNAME records for stamp and timestamp, since this service hasn't been supported anymore for years, and has also been removed from the Apache2 webserver configuration on the CAcert webdb server. ---------------------------- revision 1.50 date: 2012/03/30 09:34:19; author: root; state: Exp; lines: +2 -3 Remove A record for hashserver service which has been shut down. ---------------------------- revision 1.49 date: 2012/03/29 15:35:37; author: root; state: Exp; lines: +2 -6 Remove A records for services which have been shut down recently. ---------------------------- revision 1.48 date: 2012/03/27 06:59:08; author: root; state: Exp; lines: +2 -2 *** empty log message *** ---------------------------- revision 1.47 date: 2012/03/27 06:54:33; author: root; state: Exp; lines: +4 -4 t=y for DKIM ---------------------------- revision 1.46 date: 2011/12/23 09:32:45; author: root; state: Exp; lines: +2 -3 Remove A record for research.cacert.org per e-mail request from Piers Lauder. ---------------------------- revision 1.45 date: 2011/09/18 13:55:19; author: root; state: Exp; lines: +4 -2 Add A record for translations.cacert.org and CNAME record for l10n alias, per e-mail from Mario Lipinski on 17.09.2011. ---------------------------- revision 1.44 date: 2011/08/25 09:46:32; author: root; state: Exp; lines: +3 -2 Add A record for community-vpn per e-mail request from Dominik George on 24.08.2011. ---------------------------- revision 1.43 date: 2011/07/14 15:30:42; author: root; state: Exp; lines: +3 -2 Add IPv6 address for ns3 (per e-mail from Mark Overmeer on July 7, 2011). ---------------------------- revision 1.42 date: 2011/07/02 11:16:34; author: root; state: Exp; lines: +3 -2 Add A record for emailout.cacert.org, attempting to solve e-mail problems as requested by Michael Taenzer. ---------------------------- revision 1.41 date: 2011/04/26 07:48:24; author: root; state: Exp; lines: +2 -4 Drop A records for ldap (per e-mail Mario Lipinski 25.04.2011) and ocsp2 (was only used during physical migration in June 2010, may be resurrected in the future though at some other address). ---------------------------- revision 1.40 date: 2011/04/25 11:50:02; author: root; state: Exp; lines: +3 -3 Update IPv4 address for cod from .240 to .252 per e-mail from Mario Lipinski on 25.04.2011. ---------------------------- revision 1.39 date: 2011/04/13 11:19:00; author: root; state: Exp; lines: +4 -2 Add cert.svn and nocert.svn as CNAMEs for svn.cacert.org, per e-mail request from Jan Dittberner on April 12, 2011. ---------------------------- revision 1.38 date: 2011/01/24 16:13:31; author: root; state: Exp; lines: +2 -4 Drop dlv TXT RR for validation by dlv.isc.org, because we don't use dlv anymore for this zone, its DS record has been uploaded to the registry. ---------------------------- revision 1.37 date: 2010/12/09 13:08:01; author: root; state: Exp; lines: +5 -2 Add A and AAAA records for ns5.cacert.org (sns-pb.isc.org) and enable an NS record for it. ---------------------------- revision 1.36 date: 2010/10/27 14:55:25; author: root; state: Exp; lines: +3 -2 Enable NS record for ns4. ---------------------------- revision 1.35 date: 2010/10/21 09:55:49; author: root; state: Exp; lines: +4 -2 Add A and AAAA records for ns4.cacert.org (ns-ext.nlnetlabs.nl). ---------------------------- revision 1.34 date: 2010/10/20 15:48:45; author: root; state: Exp; lines: +2 -4 Drop dns1.go-now.at. and dns2.go-now.at. from the NS list, since they are unable to provide DNSSEC or TSIG service now or in the near future. ---------------------------- revision 1.33 date: 2010/10/15 13:47:05; author: root; state: Exp; lines: +4 -2 Add dlv TXT RR for validation by dlv.isc.org. ---------------------------- revision 1.32 date: 2010/10/13 09:40:14; author: root; state: Exp; lines: +4 -2 Add A and AAAA records for wwwmail.cacert.org, to be used as the mailname in the postfix configuration of www.cacert.org. To make this fully work, we will also request reverse mappings for these A and AAAA addresses pointing to wwwmail.cacert.org to be added by BIT. ---------------------------- revision 1.31 date: 2010/10/11 11:19:28; author: root; state: Exp; lines: +3 -4 Remove obsolete CNAME pastebin pointing to obsoleted druantia.cacert.org. Replace CNAME for www.cacert.org by direct A record. ---------------------------- revision 1.30 date: 2010/10/04 15:10:59; author: root; state: Exp; lines: +3 -6 Drop NS record pointing to dns4.go-now.at. since that machine does not provide helpful responses to DNS queries. Drop old cruft: records for br.cacert.org and druantia.cacert.org. Add IPv6 address for ns2.cacert.org. ---------------------------- revision 1.29 date: 2010/10/03 20:05:15; author: root; state: Exp; lines: +3 -2 Add A record for board.cacert.org. ---------------------------- revision 1.28 date: 2010/09/15 15:07:39; author: root; state: Exp; lines: +3 -3 Increase SOA refresh time from 2 hours to 4 hours. ---------------------------- revision 1.27 date: 2010/06/24 21:08:22; author: root; state: Exp; lines: +2 -3 Remove obsolete A record for *.br.cacert.org. ---------------------------- revision 1.26 date: 2010/06/22 12:49:01; author: root; state: Exp; lines: +3 -4 Switch ns1 to official CAcert-hosted name server at ns.cacert.org. ---------------------------- revision 1.25 date: 2010/06/21 09:19:27; author: root; state: Exp; lines: +5 -6 Drop shortened TTLs, migration has finished so we don't need them anymore. Drop A record for www2 (only used for migration). Add A record for ns.cacert.org, the new master name server for CAcert. ---------------------------- revision 1.24 date: 2010/06/15 16:54:25; author: root; state: Exp; lines: +3 -3 Fix broken IP address!!! ---------------------------- revision 1.23 date: 2010/06/15 16:17:18; author: root; state: Exp; lines: +5 -5 Revert to official servers after move to BIT-2B. ---------------------------- revision 1.22 date: 2010/06/15 07:13:00; author: root; state: Exp; lines: +6 -6 Switch www and ocsp to temporary service. Drop special TTL setting for ocsp1 and ocsp2 (not necessary). ---------------------------- revision 1.21 date: 2010/06/11 14:23:56; author: root; state: Exp; lines: +2 -7 Drop A records for *.way[12345].vhost.cacert.org, since we have no idea what they are good for (probably some historic artefact). Main reason for doing this now is to check whether our slave servers are picking up the notify in time. ---------------------------- revision 1.20 date: 2010/06/04 10:00:19; author: root; state: Exp; lines: +10 -8 Prepare for dropping dns[124].go-now.at. NS records forever ... Add second ocsp record, and explicit name ocsp1 for first (main) ocsp server. ---------------------------- revision 1.19 date: 2010/06/02 10:13:22; author: root; state: Exp; lines: +4 -2 Add A records for www2 and ocsp2 (backup services at HCC Hobbynet). ---------------------------- revision 1.18 date: 2010/06/01 11:40:33; author: root; state: Exp; lines: +4 -4 Reduce TTL for A records of cacert.org and ocsp.cacert.org to 5 minutes, in anticipation of temporary re-routing during move of BIT server room. ---------------------------- revision 1.17 date: 2010/02/28 10:13:56; author: root; state: Exp; lines: +4 -2 Add cert.lists.cacert.org and nocert.lists.cacert.org per email request from Daniel Black, 20100228. ---------------------------- revision 1.16 date: 2010/01/06 14:36:44; author: root; state: Exp; lines: +4 -2 Add ns3.cacert.org (mars.overmeer.net). ---------------------------- revision 1.15 date: 2010/01/06 11:06:02; author: root; state: Exp; lines: +6 -3 Add ns2.cacert.org (newsys.gun.de). Document IP numbers of name servers. ---------------------------- revision 1.14 date: 2010/01/05 15:55:21; author: root; state: Exp; lines: +4 -2 Add A and AAAA RR for ns1.cacert.org (currently housed on ns.deboca.net). ---------------------------- revision 1.13 date: 2009/12/25 15:51:26; author: wytze; state: Exp; lines: +3 -2 Add ldap.cacert.org A record per e-mail request from Brian Henson. ---------------------------- revision 1.12 date: 2009/10/12 07:56:24; author: wytze; state: Exp; lines: +4 -3 Rename _ssp._domainkey.lists to _adsp._domainkey.lists and update its contents to comply with RFC 5617. Add "dkim=unknown" record for _adsp._domainkey. Changes requested by Daniel Black, e-mail 12.10.2009 02:19. ---------------------------- revision 1.11 date: 2009/09/17 10:47:04; author: wytze; state: Exp; lines: +3 -3 Update A record for research per request from Philipp Gühring 16.09.2009. ---------------------------- revision 1.10 date: 2009/09/01 08:02:34; author: wytze; state: Exp; lines: +3 -3 Renumber paypal from .229 to .250, since .229 appears to be in use as the main IP of the mirror firewall. ---------------------------- revision 1.9 date: 2009/08/30 18:16:38; author: wytze; state: Exp; lines: +3 -2 Add A record for *.forum per request from Christopher Hoth. ---------------------------- revision 1.8 date: 2009/08/29 15:47:50; author: wytze; state: Exp; lines: +2 -2 Just up the serial number after performin some (failing) tests. ---------------------------- revision 1.7 date: 2009/08/29 15:27:58; author: wytze; state: Exp; lines: +6 -2 Add four new A records for paypal (.229), cod (.240), test2 (.248) and forum (.249). ---------------------------- revision 1.6 date: 2009/08/28 19:07:03; author: wytze; state: Exp; lines: +3 -2 Add DKIM TXT record for auto._domainkey per request from Daniel Black. ---------------------------- revision 1.5 date: 2009/07/03 10:03:44; author: wytze; state: Exp; lines: +3 -2 Add new A record for issue.cacert.org per request from Daniel Black. ---------------------------- revision 1.4 date: 2009/06/15 12:24:26; author: wytze; state: Exp; lines: +2 -3 Remove NS record pointing to dns3.go-now.at. because this one is not registered with .ORG, and is also refusing to listen to our notify. ---------------------------- revision 1.3 date: 2009/06/15 12:16:14; author: wytze; state: Exp; lines: +54 -54 Set default TTL to 12 hours, and remove all explicit TTL settings. Adjust some timings in the SOA record. This addresses e-mail from Daniel Black on June 14, 2009 and this message: https://lists.cacert.org/wws/arc/cacert-support/2009-06/msg00021.html ---------------------------- revision 1.2 date: 2009/06/12 10:18:19; author: wytze; state: Exp; lines: +6 -4 Perform updates as requested from Georg Markus Kainz on June 5 & 8, 2009. ---------------------------- revision 1.1 date: 2009/06/12 10:11:13; author: wytze; state: Exp; Initial revision =============================================================================