1 D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
3 // Publish CAA records indicating that only letsencrypt should issue certificates
5 CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
6 CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
7 CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
9 // Use shenron as the MX host
11 MX("@", 10, QUALIFY("a.mx")),
12 MX("messages", 10, QUALIFY("a.mx")),
13 MX("noreply", 10, QUALIFY("a.mx")),
14 MX("otrs", 10, QUALIFY("a.mx")),
15 A("a.mx", SHENRON_IPV4),
16 AAAA("a.mx", SHENRON_IPV6),
18 // Publish SPF records indicating that only shenron sends mail
20 TXT("@", "v=spf1 ip4:212.110.172.32 ip6:2001:41c9:1:400::32 mx -all"),
21 TXT("otrs", "v=spf1 ip4:212.110.172.32 ip6:2001:41c9:1:400::32 mx -all"),
23 // Announce MTA-STS policy and TLSRPT policy for error reports
25 TXT("_mta-sts", "v=STSv1; id=202001291805Z"),
26 TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:postmaster@openstreetmap.org"),
28 // Delegate MTA-STS policy for subdomains
30 CNAME("_mta-sts.messages", QUALIFY("_mta-sts")),
31 CNAME("_mta-sts.noreply", QUALIFY("_mta-sts")),
32 CNAME("_mta-sts.otrs", QUALIFY("_mta-sts")),
34 // Google postmaster tools verification
36 CNAME("af323lytato5", "gv-o4v3qh5pfayqex.dv.googlehosted.com."),
37 CNAME("irzdddnmh465", "gv-cwr6bvt7xsgact.dv.googlehosted.com."),
39 // Delegate geo.openstreetmap.org to PowerDNS
41 NS("geo", QUALIFY("saphira")),
42 NS("geo", QUALIFY("ridgeback")),
43 NS("geo", QUALIFY("jakelong")),
44 NS("geo", QUALIFY("katie")),
45 NS("geo", QUALIFY("stormfly-02")),
46 NS("geo", QUALIFY("chrysophylax")),
48 // Main web servers and their aliases
50 A("spike-04", SPIKE04_IPV4),
51 AAAA("spike-04", SPIKE04_IPV6),
52 // A("@", SPIKE04_IPV4, TTL("10m")),
53 // AAAA("@", SPIKE04_IPV6, TTL("10m")),
54 // A("www", SPIKE04_IPV4, TTL("10m")),
55 // AAAA("www", SPIKE04_IPV6, TTL("10m")),
56 // A("api", SPIKE04_IPV4, TTL("10m")),
57 // AAAA("api", SPIKE04_IPV6, TTL("10m")),
58 // A("maps", SPIKE04_IPV4, TTL("10m")),
59 // AAAA("maps", SPIKE04_IPV6, TTL("10m")),
60 // A("mapz", SPIKE04_IPV4, TTL("10m")),
61 // AAAA("mapz", SPIKE04_IPV6, TTL("10m")),
62 A("spike-04.bm", SPIKE04_INTERNAL),
63 A("spike-04.oob", SPIKE04_OOB),
65 A("spike-05", SPIKE05_IPV4),
66 AAAA("spike-05", SPIKE05_IPV6),
67 // A("@", SPIKE05_IPV4, TTL("10m")),
68 // AAAA("@", SPIKE05_IPV6, TTL("10m")),
69 // A("www", SPIKE05_IPV4, TTL("10m")),
70 // AAAA("www", SPIKE05_IPV6, TTL("10m")),
71 // A("api", SPIKE05_IPV4, TTL("10m")),
72 // AAAA("api", SPIKE05_IPV6, TTL("10m")),
73 // A("maps", SPIKE05_IPV4, TTL("10m")),
74 // AAAA("maps", SPIKE05_IPV6, TTL("10m")),
75 // A("mapz", SPIKE05_IPV4, TTL("10m")),
76 // AAAA("mapz", SPIKE05_IPV6, TTL("10m")),
77 A("spike-05.bm", SPIKE05_INTERNAL),
78 A("spike-05.oob", SPIKE05_OOB),
80 A("spike-06", SPIKE06_IPV4),
81 AAAA("spike-06", SPIKE06_IPV6),
82 A("@", SPIKE06_IPV4, TTL("10m")),
83 AAAA("@", SPIKE06_IPV6, TTL("10m")),
84 A("www", SPIKE06_IPV4, TTL("10m")),
85 AAAA("www", SPIKE06_IPV6, TTL("10m")),
86 A("api", SPIKE06_IPV4, TTL("10m")),
87 AAAA("api", SPIKE06_IPV6, TTL("10m")),
88 A("maps", SPIKE06_IPV4, TTL("10m")),
89 AAAA("maps", SPIKE06_IPV6, TTL("10m")),
90 A("mapz", SPIKE06_IPV4, TTL("10m")),
91 AAAA("mapz", SPIKE06_IPV6, TTL("10m")),
92 A("spike-06.ams", SPIKE06_INTERNAL),
93 A("spike-06.oob", SPIKE06_OOB),
95 A("spike-07", SPIKE07_IPV4),
96 AAAA("spike-07", SPIKE07_IPV6),
97 A("@", SPIKE07_IPV4, TTL("10m")),
98 AAAA("@", SPIKE07_IPV6, TTL("10m")),
99 A("www", SPIKE07_IPV4, TTL("10m")),
100 AAAA("www", SPIKE07_IPV6, TTL("10m")),
101 A("api", SPIKE07_IPV4, TTL("10m")),
102 AAAA("api", SPIKE07_IPV6, TTL("10m")),
103 A("maps", SPIKE07_IPV4, TTL("10m")),
104 AAAA("maps", SPIKE07_IPV6, TTL("10m")),
105 A("mapz", SPIKE07_IPV4, TTL("10m")),
106 AAAA("mapz", SPIKE07_IPV6, TTL("10m")),
107 A("spike-07.ams", SPIKE07_INTERNAL),
108 A("spike-07.oob", SPIKE07_OOB),
110 A("spike-08", SPIKE08_IPV4),
111 AAAA("spike-08", SPIKE08_IPV6),
112 A("@", SPIKE08_IPV4, TTL("10m")),
113 AAAA("@", SPIKE08_IPV6, TTL("10m")),
114 A("www", SPIKE08_IPV4, TTL("10m")),
115 AAAA("www", SPIKE08_IPV6, TTL("10m")),
116 A("api", SPIKE08_IPV4, TTL("10m")),
117 AAAA("api", SPIKE08_IPV6, TTL("10m")),
118 A("maps", SPIKE08_IPV4, TTL("10m")),
119 AAAA("maps", SPIKE08_IPV6, TTL("10m")),
120 A("mapz", SPIKE08_IPV4, TTL("10m")),
121 AAAA("mapz", SPIKE08_IPV6, TTL("10m")),
122 A("spike-08.ams", SPIKE08_INTERNAL),
123 A("spike-08.oob", SPIKE08_OOB),
125 // Rails application servers
127 A("thorn-01.ams", THORN01_INTERNAL),
128 A("rails1.ams", THORN01_INTERNAL),
129 A("thorn-01.oob", THORN01_OOB),
131 A("thorn-02.ams", THORN02_INTERNAL),
132 A("rails2.ams", THORN02_INTERNAL),
133 A("thorn-02.oob", THORN02_OOB),
135 A("thorn-03.ams", THORN03_INTERNAL),
136 A("rails3.ams", THORN03_INTERNAL),
137 A("thorn-03.oob", THORN03_OOB),
139 A("thorn-04.bm", THORN04_INTERNAL),
140 A("rails4.bm", THORN04_INTERNAL),
141 A("thorn-04.oob", THORN04_OOB),
143 A("thorn-05.bm", THORN05_INTERNAL),
144 A("rails5.bm", THORN05_INTERNAL),
145 A("thorn-05.oob", THORN05_OOB),
149 A("pummelzacken", PUMMELZACKEN_IPV4),
150 // A("nominatim", PUMMELZACKEN_IPV4, TTL("10m")),
151 A("pummelzacken.ucl", PUMMELZACKEN_INTERNAL),
152 A("pummelzacken.oob", PUMMELZACKEN_OOB),
154 A("dulcy", DULCY_IPV4),
155 AAAA("dulcy", DULCY_IPV6),
156 A("nominatim", DULCY_IPV4, TTL("10m")),
157 AAAA("nominatim", DULCY_IPV6, TTL("10m")),
158 A("dulcy.ams", DULCY_INTERNAL),
159 A("dulcy.oob", DULCY_OOB),
163 A("grindtooth", GRINDTOOTH_IPV4),
164 A("taginfo", GRINDTOOTH_IPV4, TTL("10m")),
165 A("grindtooth.ucl", GRINDTOOTH_INTERNAL),
166 A("grindtooth.oob", GRINDTOOTH_OOB),
168 A("stormfly-01", STORMFLY01_IPV4),
169 AAAA("stormfly-01", STORMFLY01_IPV6),
170 // A("taginfo", STORMFLY01_IPV4, TTL("10m")),
171 // AAAA("taginfo", STORMFLY01_IPV6, TTL("10m")),
172 A("stormfly-01.oob", STORMFLY01_OOB),
177 AAAA("orm", ORM_IPV6),
178 A("orm.ams", ORM_INTERNAL),
179 A("orm.oob", ORM_OOB),
181 A("odin", ODIN_IPV4),
182 AAAA("odin", ODIN_IPV6),
183 A("odin.ams", ODIN_INTERNAL),
184 A("odin.oob", ODIN_OOB),
186 A("ysera", YSERA_IPV4),
187 A("ysera.ucl", YSERA_INTERNAL),
188 A("ysera.oob", YSERA_OOB),
190 A("scorch", SCORCH_IPV4),
191 AAAA("scorch", SCORCH_IPV6),
193 A("rhaegal", RHAEGAL_IPV4),
195 A("pyrene", PYRENE_IPV4),
196 AAAA("pyrene", PYRENE_IPV6),
197 A("pyrene.oob", TIAMAT00_INTERNAL),
199 A("bowser", BOWSER_IPV4),
201 CNAME("tile", QUALIFY("tile.geo")),
202 CNAME("a.tile", QUALIFY("tile.geo")),
203 CNAME("b.tile", QUALIFY("tile.geo")),
204 CNAME("c.tile", QUALIFY("tile.geo")),
208 A("ironbelly", IRONBELLY_IPV4),
209 AAAA("ironbelly", IRONBELLY_IPV6),
210 A("backup", IRONBELLY_IPV4, TTL("10m")),
211 AAAA("backup", IRONBELLY_IPV6, TTL("10m")),
212 A("planet", IRONBELLY_IPV4, TTL("10m")),
213 AAAA("planet", IRONBELLY_IPV6, TTL("10m")),
214 A("logstash", IRONBELLY_IPV4),
215 AAAA("logstash", IRONBELLY_IPV6),
216 A("ironbelly.ams", IRONBELLY_INTERNAL),
217 A("ironbelly.oob", IRONBELLY_OOB),
219 A("grisu", GRISU_IPV4),
220 AAAA("grisu", GRISU_IPV6),
221 // A("backup", GRISU_IPV4, TTL("10m")),
222 // AAAA("backup", GRISU_IPV6, TTL("10m")),
223 // A("planet", GRISU_IPV4, TTL("10m")),
224 // AAAA("planet", GRISU_IPV6, TTL("10m")),
225 A("grisu.bm", GRISU_INTERNAL),
226 A("grisu.oob", GRISU_OOB),
230 A("karm.ams", KARM_INTERNAL),
231 A("karm.oob", KARM_OOB),
233 A("eddie.ucl", EDDIE_INTERNAL),
234 A("eddie.oob", EDDIE_OOB),
236 A("katla.bm", KATLA_INTERNAL),
237 A("katla.oob", KATLA_OOB),
239 A("ramoth.ams", RAMOTH_INTERNAL),
240 A("ramoth.oob", RAMOTH_OOB),
242 // Development server with wildcard alias for user sites
244 A("errol", ERROL_IPV4),
245 A("dev", ERROL_IPV4),
246 A("*.dev", ERROL_IPV4),
247 A("ooc", ERROL_IPV4),
248 A("a.ooc", ERROL_IPV4),
249 A("b.ooc", ERROL_IPV4),
250 A("c.ooc", ERROL_IPV4),
251 A("npe", ERROL_IPV4),
252 A("errol.ucl", ERROL_INTERNAL),
253 A("errol.oob", ERROL_OOB),
257 A("ridley", RIDLEY_IPV4),
258 A("otrs", RIDLEY_IPV4),
259 A("blog", RIDLEY_IPV4),
260 A("foundation", RIDLEY_IPV4),
261 A("hot", RIDLEY_IPV4),
262 A("dmca", RIDLEY_IPV4),
263 A("ridley.ucl", RIDLEY_INTERNAL),
264 A("ridley.oob", RIDLEY_OOB),
268 A("eustace", EUSTACE_IPV4),
269 A("piwik", EUSTACE_IPV4),
270 A("eustace.ucl", EUSTACE_INTERNAL),
271 A("eustace.oob", EUSTACE_OOB),
275 A("draco", DRACO_IPV4),
276 A("draco.ucl", DRACO_INTERNAL),
277 A("draco.oob", DRACO_OOB),
279 A("kessie", KESSIE_IPV4),
280 AAAA("kessie", KESSIE_IPV6),
281 A("agri", KESSIE_IPV4, TTL("1h")),
282 AAAA("agri", KESSIE_IPV6, TTL("1h")),
283 A("a.agri", KESSIE_IPV4, TTL("1h")),
284 AAAA("a.agri", KESSIE_IPV6, TTL("1h")),
285 A("b.agri", KESSIE_IPV4, TTL("1h")),
286 AAAA("b.agri", KESSIE_IPV6, TTL("1h")),
287 A("c.agri", KESSIE_IPV4, TTL("1h")),
288 AAAA("c.agri", KESSIE_IPV6, TTL("1h")),
289 A("os", KESSIE_IPV4, TTL("1h")),
290 AAAA("os", KESSIE_IPV6, TTL("1h")),
291 A("a.os", KESSIE_IPV4, TTL("1h")),
292 AAAA("a.os", KESSIE_IPV6, TTL("1h")),
293 A("b.os", KESSIE_IPV4, TTL("1h")),
294 AAAA("b.os", KESSIE_IPV6, TTL("1h")),
295 A("c.os", KESSIE_IPV4, TTL("1h")),
296 AAAA("c.os", KESSIE_IPV6, TTL("1h")),
297 A("kessie.oob", KESSIE_OOB),
301 A("urmel", URMEL_IPV4),
302 A("munin", URMEL_IPV4),
303 A("urmel.ucl", URMEL_INTERNAL),
304 A("urmel.oob", URMEL_OOB),
308 A("sarel", SAREL_IPV4),
309 A("chef", SAREL_IPV4),
310 A("hardware", SAREL_IPV4),
311 A("acme", SAREL_IPV4),
312 A("git", SAREL_IPV4, TTL("10m")),
313 A("dns", SAREL_IPV4, TTL("10m")),
314 A("sarel.ucl", SAREL_INTERNAL),
315 A("sarel.oob", SAREL_OOB),
319 A("clifford", CLIFFORD_IPV4),
320 A("forum", CLIFFORD_IPV4, TTL("10m")),
321 A("clifford.ucl", CLIFFORD_INTERNAL),
322 A("clifford.oob", CLIFFORD_OOB),
326 A("kvm1.ucl", KVM1_INTERNAL),
328 // Managed network switches
330 A("switch1", SWITCH1_IPV4),
331 AAAA("switch1", SWITCH1_IPV6),
333 // Managed power strips
335 A("pdu1.ams", PDU1_INTERNAL),
336 A("pdu2.ams", PDU2_INTERNAL),
338 // Bytemark machine, and the services which operate from it
340 A("shenron", SHENRON_IPV4),
341 AAAA("shenron", SHENRON_IPV6),
342 A("mail", SHENRON_IPV4),
343 AAAA("mail", SHENRON_IPV6),
344 A("mta-sts", SHENRON_IPV4),
345 AAAA("mta-sts", SHENRON_IPV6),
346 A("lists", SHENRON_IPV4),
347 AAAA("lists", SHENRON_IPV6),
348 A("svn", SHENRON_IPV4),
349 AAAA("svn", SHENRON_IPV6),
350 A("trac", SHENRON_IPV4),
351 AAAA("trac", SHENRON_IPV6),
352 A("irc", SHENRON_IPV4),
353 AAAA("irc", SHENRON_IPV6),
354 A("help", SHENRON_IPV4),
355 AAAA("help", SHENRON_IPV6),
356 A("blogs", SHENRON_IPV4, TTL("10m")),
357 AAAA("blogs", SHENRON_IPV6, TTL("10m")),
358 A("shenron.bm", SHENRON_INTERNAL),
362 A("tabaluga", TABALUGA_IPV4),
363 AAAA("tabaluga", TABALUGA_IPV6),
364 A("wiki", TABALUGA_IPV4, TTL("10m")),
365 AAAA("wiki", TABALUGA_IPV6, TTL("10m")),
366 A("tabaluga.ams", TABALUGA_INTERNAL),
367 A("tabaluga.oob", TABALUGA_OOB),
371 A("noquiklos", NOQUIKLOS_IPV4),
372 A("gps-tile", NOQUIKLOS_IPV4),
373 A("a.gps-tile", NOQUIKLOS_IPV4),
374 A("b.gps-tile", NOQUIKLOS_IPV4),
375 A("c.gps-tile", NOQUIKLOS_IPV4),
376 A("gps.tile", NOQUIKLOS_IPV4),
377 A("gps-a.tile", NOQUIKLOS_IPV4),
378 A("gps-b.tile", NOQUIKLOS_IPV4),
379 A("gps-c.tile", NOQUIKLOS_IPV4),
380 A("noquiklos.ucl", NOQUIKLOS_INTERNAL),
381 A("noquiklos.oob", NOQUIKLOS_OOB),
383 // Tile cache servers
385 A("gorynych", GORYNYCH_IPV4),
386 AAAA("gorynych", GORYNYCH_IPV6),
387 A("trogdor", TROGDOR_IPV4),
388 A("trogdor.oob", TROGDOR_OOB),
389 A("ridgeback", RIDGEBACK_IPV4),
390 A("ridgeback.oob", RIDGEBACK_OOB),
391 A("jakelong", JAKELONG_IPV4),
392 AAAA("jakelong", JAKELONG_IPV6),
393 A("nepomuk", NEPOMUK_IPV4),
394 AAAA("nepomuk", NEPOMUK_IPV6),
395 A("simurgh", SIMURGH_IPV4),
396 A("katie", KATIE_IPV4),
397 AAAA("katie", KATIE_IPV6),
398 A("konqi", KONQI_IPV4),
399 AAAA("konqi", KONQI_IPV6),
400 A("longma", LONGMA_IPV4),
401 AAAA("longma", LONGMA_IPV6),
402 A("viserion", VISERION_IPV4),
403 AAAA("viserion", VISERION_IPV6),
404 A("drogon", DROGON_IPV4),
405 AAAA("drogon", DROGON_IPV6),
406 A("saphira", SAPHIRA_IPV4),
407 AAAA("saphira", SAPHIRA_IPV6),
408 A("toothless", TOOTHLESS_IPV4),
409 AAAA("toothless", TOOTHLESS_IPV6),
410 A("sarkany", SARKANY_IPV4),
411 AAAA("sarkany", SARKANY_IPV6),
412 A("cmok", CMOK_IPV4),
413 AAAA("cmok", CMOK_IPV6),
414 A("stormfly-02", STORMFLY02_IPV4),
415 AAAA("stormfly-02", STORMFLY02_IPV6),
416 A("stormfly-02.oob", STORMFLY02_OOB),
417 A("rimfaxe", RIMFAXE_IPV4),
418 AAAA("rimfaxe", RIMFAXE_IPV6),
419 A("culebre", CULEBRE_IPV4),
420 A("kalessin", KALESSIN_IPV4),
421 AAAA("kalessin", KALESSIN_IPV6),
422 A("angor", ANGOR_IPV4),
423 // AAAA("angor", ANGOR_IPV6),
424 A("ladon", LADON_IPV4),
425 AAAA("ladon", LADON_IPV6),
426 A("ascalon", ASCALON_IPV4),
427 A("noomoahk", NOOMOAHK_IPV4),
428 AAAA("noomoahk", NOOMOAHK_IPV6),
429 A("cherufe", CHERUFE_IPV4),
430 A("norbert", NORBERT_IPV4),
431 AAAA("norbert", NORBERT_IPV6),
432 A("chrysophylax", CHRYSOPHYLAX_IPV4),
433 AAAA("chrysophylax", CHRYSOPHYLAX_IPV6),
434 A("necrosan", NECROSAN_IPV4),
435 AAAA("necrosan", NECROSAN_IPV6),
436 A("keizer", KEIZER_IPV4),
437 AAAA("keizer", KEIZER_IPV6),
438 A("vipertooth", VIPERTOOTH_IPV4),
439 AAAA("vipertooth", VIPERTOOTH_IPV6),
440 A("tuatara", TUATARA_IPV4),
441 AAAA("tuatara", TUATARA_IPV6),
442 A("waima", WAIMA_IPV4),
443 A("nidhogg", NIDHOGG_IPV4),
444 AAAA("nidhogg", NIDHOGG_IPV6),
445 A("boitata", BOITATA_IPV4),
446 AAAA("boitata", BOITATA_IPV6),
447 A("fafnir", FAFNIR_IPV4),
448 AAAA("fafnir", FAFNIR_IPV6),
449 A("fume", FUME_IPV4),
450 A("balerion", BALERION_IPV4),
451 A("naga", NAGA_IPV4),
455 A("tiamat-00", TIAMAT00_IPV4),
456 A("tiamat-00.ucl", TIAMAT00_INTERNAL),
457 A("tiamat-00.oob", TIAMAT00_OOB),
458 A("tiamat-01", TIAMAT01_IPV4),
459 A("tiamat-01.ucl", TIAMAT01_INTERNAL),
460 A("tiamat-01.oob", TIAMAT01_OOB),
461 A("tiamat-02", TIAMAT02_IPV4),
462 A("tiamat-02.ucl", TIAMAT02_INTERNAL),
463 A("tiamat-02.oob", TIAMAT02_OOB),
464 A("tiamat-03", TIAMAT03_IPV4),
465 A("tiamat-03.ucl", TIAMAT03_INTERNAL),
466 A("tiamat-03.oob", TIAMAT03_OOB),
467 A("tiamat-10", TIAMAT10_IPV4),
468 A("tiamat-10.ucl", TIAMAT10_INTERNAL),
469 A("tiamat-10.oob", TIAMAT10_OOB),
470 A("tiamat-11", TIAMAT11_IPV4),
471 A("tiamat-11.ucl", TIAMAT11_INTERNAL),
472 A("tiamat-11.oob", TIAMAT11_OOB),
473 A("tiamat-12", TIAMAT12_IPV4),
474 A("tiamat-12.ucl", TIAMAT12_INTERNAL),
475 A("tiamat-12.oob", TIAMAT12_OOB),
476 A("tiamat-13", TIAMAT13_IPV4),
477 A("tiamat-13.ucl", TIAMAT13_INTERNAL),
478 A("tiamat-13.oob", TIAMAT13_OOB),
479 A("tiamat-20", TIAMAT20_IPV4),
480 A("tiamat-20.ucl", TIAMAT20_INTERNAL),
481 A("tiamat-20.oob", TIAMAT20_OOB),
482 A("tiamat-21", TIAMAT21_IPV4),
483 A("tiamat-21.ucl", TIAMAT21_INTERNAL),
484 A("tiamat-21.oob", TIAMAT21_OOB),
485 A("tiamat-22", TIAMAT22_IPV4),
486 A("tiamat-22.ucl", TIAMAT22_INTERNAL),
487 A("tiamat-22.oob", TIAMAT22_OOB),
488 A("tiamat-23", TIAMAT23_IPV4),
489 A("tiamat-23.ucl", TIAMAT23_INTERNAL),
490 A("tiamat-23.oob", TIAMAT23_OOB),
494 A("donate", RIDLEY_IPV4, TTL("10m")),
496 // Uptime site at StatusCake
498 CNAME("uptime", "uptimessl.statuscake.com."),
500 // Custom Domain for https://github.com/osmfoundation/welcome-mat/
502 CNAME("welcome", "osmfoundation.github.io."),
504 // Dynamic DNS records