src/osm-wiki.js

   1 D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
   2
   3   // Publish CAA records indicating that only letsencrypt and globalsign (Fastly) should issue certificates
   4
   5   CAA_BUILDER({
   6     label: "@",
   7     ttl: "1h",
   8     iodef: "mailto:hostmaster@openstreetmap.org",
   9     issue: [
  10       "letsencrypt.org",
  11       "globalsign.com",   // Used by Fastly for CDN certificates
  12     ],
  13     issuewild: [
  14       "letsencrypt.org",
  15       "globalsign.com",   // Used by Fastly for CDN certificates
  16     ],
  17   }),
  18
  19   // Mail service
  20
  21   MX("@", 10, QUALIFY("a.mx")),
  22
  23   A("a.mx", FAFNIR_IPV4),
  24   AAAA("a.mx", FAFNIR_IPV6),
  25   A("mail", FAFNIR_IPV4),
  26   AAAA("mail", FAFNIR_IPV6),
  27   A("mta-sts", FAFNIR_IPV4),
  28   AAAA("mta-sts", FAFNIR_IPV6),
  29
  30   // Publish SPF records indicating that only shenron sends mail
  31
  32   SPF_BUILDER({
  33     label: "@",
  34     parts: [
  35       "v=spf1",
  36       "ip4:212.110.172.32",       // shenron ipv4
  37       "ip6:2001:41c9:1:400::32",  // shenron ipv6
  38       "ip4:184.104.226.98",       // fafnir ipv4
  39       "ip6:2001:470:1:b3b::2",    // fafnir ipv6
  40       "ip4:193.60.236.0/24",          // ucl external
  41       "ip4:184.104.179.128/27",       // amsterdam external
  42       "ip6:2001:470:1:fa1::/64",      // amsterdam external
  43       "ip4:184.104.226.96/27",        // dublin external
  44       "ip6:2001:470:1:b3b::/64",      // dublin external
  45       "mx",                       // safety net if we change mx
  46       "-all"
  47     ]
  48   }),
  49
  50   // Publish DMARC report-only policy
  51
  52   DMARC_BUILDER({
  53     policy: "none",
  54     rua: [
  55       "mailto:openstreetmap-d@dmarc.report-uri.com"
  56     ],
  57     failureOptions: 1
  58   }),
  59
  60   // Announce MTA-STS policy and TLSRPT policy for error reports
  61
  62   TXT("_mta-sts", "v=STSv1; id=202001291805Z"),
  63   TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:openstreetmap-d@tlsrpt.report-uri.com"),
  64
  65   // Fastly cert domain ownership confirmation
  66
  67   TXT("@", "_globalsign-domain-verification=ps00GlW1BzY9c2_cwH_pFqRkvzZyaCVZ-3RLssRG6S"),
  68   TXT("@", "_globalsign-domain-verification=W0buKB5ZmL-VwwHw2oQyQImk3I1q3hSemf2qmB1hjP"),
  69
  70   A("wiki", KONQI_IPV4),
  71   AAAA("wiki", KONQI_IPV6),
  72   A("www", KONQI_IPV4),
  73   AAAA("www", KONQI_IPV6),
  74   A("@", KONQI_IPV4),
  75   AAAA("@", KONQI_IPV6)
  76
  77 );