src/osmfoundation.js

   1 D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
   2
   3   // Publish CAA records indicating that only letsencrypt should issue certificates
   4
   5   CAA_BUILDER({
   6     label: "@",
   7     iodef: "mailto:hostmaster@openstreetmap.org",
   8     issue: [
   9       "letsencrypt.org",
  10     ],
  11     issuewild: [
  12       "letsencrypt.org",
  13     ],
  14   }),
  15
  16   // Let mailbox.org handle email
  17
  18   MX("@", 10, "mxext1.mailbox.org."),
  19   MX("@", 10, "mxext2.mailbox.org."),
  20   MX("@", 20, "mxext3.mailbox.org."),
  21
  22   // Handle mail for the join subdomain ourselves
  23
  24   MX("join", 10, "a.mx.openstreetmap.org."),
  25
  26   // SPF policy
  27
  28   SPF_BUILDER({
  29     label: "@",
  30     parts: [
  31       "v=spf1",
  32       "include:mailbox.org",     // mailbox.org
  33       "include:_spf.google.com", // Google GSuite
  34       "ip4:212.110.172.32",      // shenron ipv4
  35       "ip6:2001:41c9:1:400::32", // shenron ipv6
  36       "ip4:184.104.226.98",      // fafnir ipv4
  37       "ip6:2001:470:1:b3b::2",   // fafnir ipv6
  38       "ip4:193.60.236.0/24",     // ucl external
  39       "ip4:184.104.179.128/27",  // amsterdam external
  40       "ip6:2001:470:1:fa1::/64", // amsterdam external
  41       "ip4:184.104.226.96/27",   // dublin external
  42       "ip6:2001:470:1:b3b::/64", // dublin external
  43       "-all"
  44     ]
  45   }),
  46
  47   SPF_BUILDER({
  48     label: "wiki",
  49     parts: [
  50       "v=spf1",
  51       "ip4:184.104.226.98",      // fafnir ipv4
  52       "ip6:2001:470:1:b3b::2",   // fafnir ipv6
  53       "ip4:193.60.236.0/24",     // ucl external
  54       "ip4:184.104.179.128/27",  // amsterdam external
  55       "ip6:2001:470:1:fa1::/64", // amsterdam external
  56       "ip4:184.104.226.96/27",   // dublin external
  57       "ip6:2001:470:1:b3b::/64", // dublin external
  58       "-all"
  59     ]
  60   }),
  61
  62   // Apple Business Manager verification
  63   TXT("@", "apple-domain-verification=ZzBG2msRtUDehTMW"),
  64
  65   // Mailbox.org registration verification
  66   TXT("d00f46a3fde45d06c53f3cd5b21f213ea384e7f5", "4a229bebe41606a1f7d909507846729a73998c31"),
  67
  68   // Publish DMARC report-only policy
  69
  70   DMARC_BUILDER({
  71     policy: "none",
  72     rua: [
  73       "mailto:openstreetmap-d@dmarc.report-uri.com"
  74     ],
  75     failureOptions: 1
  76   }),
  77
  78   // DKIM keys
  79
  80   TXT("google._domainkey", "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJmTBAkYRCocCCNtVsdRNMlQel8kNfjPYJpjEm7woEgZh9yZeDzxImtz+u73oUF4+7bXzrNYbP946WNQIwAba1J69he8L1qfPBJLd3Z/fgmuaGdWcxpDno2EY4cQ8PrzvI6Vfm+6YAFANl8w09CIg41ykdlzH4iUJXD35k3SIl3wIDAQAB"),
  81   TXT("20201112._domainkey", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4OyJc77mpW5djxVfZm18HcmJHQLpo7B2Z8Og8byICjDiG91Tpkv5ws3xIbMsi/tVA6p5L76uL0TGKlo4ayewYvJUTC22+hBWARUuWA0DgeMwBpW/dNUOJHBABCTouolvXLKRTPTefA177Y5jYbD7ZeJAR4ZnFbZX6spimXCT66AyhqCBSrOCXYXFm3ons5ANkkQBNZ/jMYczYs9T1ijNEbBNTJmLO+whOrYLyGd3iZ9X9iOmuNFBCgXp0tsN//FBsOyTl559/XY25r3GZhiKXMbrZ1IJewqJlG0+hN1y9qwWGgq5YpZPt5YJ1KGjIrcFX59/PhNQX4khPOaD5g7ZQIDAQAB", AUTOSPLIT),
  82
  83   // https://kb.mailbox.org/en/private/custom-domains/spf-dkim-and-dmarc-how-to-improve-spam-reputation-and-avoid-bounces
  84   CNAME("MBO0001._domainkey", "MBO0001._domainkey.mailbox.org."),
  85   CNAME("MBO0002._domainkey", "MBO0002._domainkey.mailbox.org."),
  86   CNAME("MBO0003._domainkey", "MBO0003._domainkey.mailbox.org."),
  87   CNAME("MBO0004._domainkey", "MBO0004._domainkey.mailbox.org."),
  88
  89   // Google postmaster tools verification
  90
  91   CNAME("uaqn4jv2xaoe", "gv-jun5dginqysxph.dv.googlehosted.com."),
  92
  93   // Aliases for google services
  94
  95   CNAME("login", "ghs.googlehosted.com."),
  96   CNAME("docs", "ghs.googlehosted.com."),
  97   CNAME("mail", "ghs.googlehosted.com."),
  98   CNAME("calendar", "ghs.googlehosted.com."),
  99   CNAME("sites", "ghs.googlehosted.com."),
 100
 101   // Aliases for mailbox.org services
 102
 103   CNAME("autoconfig", "mailbox.org."),
 104   SRV("_hkps._tcp", 1, 1, 443, "pgp.mailbox.org."),
 105
 106   // Main web server and it's aliases
 107
 108   A("@", RIDLEY_IPV4),
 109   A("www", RIDLEY_IPV4),
 110   A("wiki", RIDLEY_IPV4),
 111   A("blog", RIDLEY_IPV4),
 112
 113   A("staging.blog", FUME_IPV4),
 114   AAAA("staging.blog", FUME_IPV6),
 115
 116   A("crm", RIDLEY_IPV4),
 117   A("join", RIDLEY_IPV4),
 118   A("support", RIDLEY_IPV4),
 119   A("supporting", RIDLEY_IPV4),
 120   A("donate", RIDLEY_IPV4),
 121
 122   A("board", RIDLEY_IPV4),
 123   A("dwg", RIDLEY_IPV4),
 124   A("mwg", RIDLEY_IPV4),
 125   A("operations", NAGA_IPV4),
 126   AAAA("operations", NAGA_IPV6),
 127
 128   // Nextcloud instance
 129
 130   CNAME("files", "nextcloud-openstreetmapfoundation.cloud68.systems."),
 131
 132   A("hardware", IDRIS_IPV4)
 133
 134 );