From 79e799f0c473a902e7d91599eda327b179ecea7c Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Thu, 31 Aug 2023 22:06:20 +0100 Subject: [PATCH] Add special handling for osm.wiki --- dnsconfig.js | 5 +++- src/osm-wiki.js | 77 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 src/osm-wiki.js diff --git a/dnsconfig.js b/dnsconfig.js index a993883..9bd7ce7 100644 --- a/dnsconfig.js +++ b/dnsconfig.js @@ -76,7 +76,7 @@ OPENSTREETMAP("openstreetmap.sg", REG_GANDI); OPENSTREETMAP("openstreetmap.tv", REG_GANDI); OPENSTREETMAP("openstreetmap.wales", REG_GANDI); OPENSTREETMAP("openstreetmapdata.org", REG_GANDI); -OPENSTREETMAP("osm.wiki", REG_GANDI); + // Disable due to registration issue // OPENSTREETMAP("openstreetmap.al", REG_NONE); @@ -134,6 +134,9 @@ var IDEDITOR = loadTemplate("ideditor"); IDEDITOR("ideditor.com", REG_GANDI); +var OSMWIKI = loadTemplate("osm-wiki"); +OSMWIKI("osm.wiki", REG_GANDI); + var PTR_EQUINIX_AMS_IPV4 = loadTemplate("ptr_equinix_ams_ipv4"); PTR_EQUINIX_AMS_IPV4("128-27.179.104.184.in-addr.arpa", REG_NONE); diff --git a/src/osm-wiki.js b/src/osm-wiki.js new file mode 100644 index 0000000..c93c810 --- /dev/null +++ b/src/osm-wiki.js @@ -0,0 +1,77 @@ +D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), + + // Publish CAA records indicating that only letsencrypt and globalsign (Fastly) should issue certificates + + CAA_BUILDER({ + label: "@", + ttl: "1h", + iodef: "mailto:hostmaster@openstreetmap.org", + issue: [ + "letsencrypt.org", + "globalsign.com", // Used by Fastly for CDN certificates + ], + issuewild: [ + "letsencrypt.org", + "globalsign.com", // Used by Fastly for CDN certificates + ], + }), + + // Mail service + + MX("@", 10, QUALIFY("a.mx")), + + A("a.mx", FAFNIR_IPV4), + AAAA("a.mx", FAFNIR_IPV6), + A("mail", FAFNIR_IPV4), + AAAA("mail", FAFNIR_IPV6), + A("mta-sts", FAFNIR_IPV4), + AAAA("mta-sts", FAFNIR_IPV6), + + // Publish SPF records indicating that only shenron sends mail + + SPF_BUILDER({ + label: "@", + parts: [ + "v=spf1", + "ip4:212.110.172.32", // shenron ipv4 + "ip6:2001:41c9:1:400::32", // shenron ipv6 + "ip4:184.104.226.98", // fafnir ipv4 + "ip6:2001:470:1:b3b::2", // fafnir ipv6 + "ip4:193.60.236.0/24", // ucl external + "ip4:184.104.179.128/27", // amsterdam external + "ip6:2001:470:1:fa1::/64", // amsterdam external + "ip4:184.104.226.96/27", // dublin external + "ip6:2001:470:1:b3b::/64", // dublin external + "mx", // safety net if we change mx + "-all" + ] + }), + + // Publish DMARC report-only policy + + DMARC_BUILDER({ + policy: "none", + rua: [ + "mailto:openstreetmap-d@dmarc.report-uri.com" + ], + failureOptions: 1 + }), + + // Announce MTA-STS policy and TLSRPT policy for error reports + + TXT("_mta-sts", "v=STSv1; id=202001291805Z"), + TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:openstreetmap-d@tlsrpt.report-uri.com"), + + // Fastly cert domain ownership confirmation + + TXT("@", "_globalsign-domain-verification=ps00GlW1BzY9c2_cwH_pFqRkvzZyaCVZ-3RLssRG6S"), + TXT("@", "_globalsign-domain-verification=W0buKB5ZmL-VwwHw2oQyQImk3I1q3hSemf2qmB1hjP"), + + A("wiki", KONQI_IPV4), + AAAA("wiki", KONQI_IPV6), + A("www", KONQI_IPV4), + AAAA("www", KONQI_IPV6), + A("@", KONQI_IPV4), + AAAA("@", KONQI_IPV6) + +); \ No newline at end of file -- 2.45.1