]> git.openstreetmap.org Git - dns.git/blob - src/osm-wiki.js
Drop some dead machines from DNS
[dns.git] / src / osm-wiki.js
1 D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
2
3   // Publish CAA records indicating that only letsencrypt and globalsign (Fastly) should issue certificates
4
5   CAA_BUILDER({
6     label: "@",
7     ttl: "1h",
8     iodef: "mailto:hostmaster@openstreetmap.org",
9     issue: [
10       "letsencrypt.org",
11       "globalsign.com",   // Used by Fastly for CDN certificates
12     ],
13     issuewild: [
14       "letsencrypt.org",
15       "globalsign.com",   // Used by Fastly for CDN certificates
16     ],
17   }),
18
19   // Mail service
20
21   MX("@", 10, QUALIFY("a.mx")),
22
23   A("a.mx", FAFNIR_IPV4),
24   AAAA("a.mx", FAFNIR_IPV6),
25   A("mail", FAFNIR_IPV4),
26   AAAA("mail", FAFNIR_IPV6),
27   A("mta-sts", FAFNIR_IPV4),
28   AAAA("mta-sts", FAFNIR_IPV6),
29
30   // Publish SPF records indicating that only shenron sends mail
31
32   SPF_BUILDER({
33     label: "@",
34     parts: [
35       "v=spf1",
36       "ip4:212.110.172.32",       // shenron ipv4
37       "ip6:2001:41c9:1:400::32",  // shenron ipv6
38       "ip4:184.104.226.98",       // fafnir ipv4
39       "ip6:2001:470:1:b3b::2",    // fafnir ipv6
40       "ip4:193.60.236.0/24",          // ucl external
41       "ip4:184.104.179.128/27",       // amsterdam external
42       "ip6:2001:470:1:fa1::/64",      // amsterdam external
43       "ip4:184.104.226.96/27",        // dublin external
44       "ip6:2001:470:1:b3b::/64",      // dublin external
45       "mx",                       // safety net if we change mx
46       "-all"
47     ]
48   }),
49
50   // Publish DMARC report-only policy
51
52   DMARC_BUILDER({
53     policy: "none",
54     rua: [
55       "mailto:openstreetmap-d@dmarc.report-uri.com"
56     ],
57     failureOptions: 1
58   }),
59
60   // Announce MTA-STS policy and TLSRPT policy for error reports
61
62   TXT("_mta-sts", "v=STSv1; id=202001291805Z"),
63   TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:openstreetmap-d@tlsrpt.report-uri.com"),
64
65   // Fastly cert domain ownership confirmation
66
67   TXT("@", "_globalsign-domain-verification=ps00GlW1BzY9c2_cwH_pFqRkvzZyaCVZ-3RLssRG6S"),
68   TXT("@", "_globalsign-domain-verification=W0buKB5ZmL-VwwHw2oQyQImk3I1q3hSemf2qmB1hjP"),
69
70   A("wiki", KONQI_IPV4),
71   AAAA("wiki", KONQI_IPV6),
72   A("www", KONQI_IPV4),
73   AAAA("www", KONQI_IPV6),
74   A("@", KONQI_IPV4),
75   AAAA("@", KONQI_IPV6)
76
77 );