]> git.openstreetmap.org Git - dns.git/blob - src/osm-wiki.js
80b1080df2a61e44220e34c847a665e6eb373b5d
[dns.git] / src / osm-wiki.js
1 D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
2
3   // Publish CAA records indicating that only letsencrypt and globalsign (Fastly) should issue certificates
4
5   CAA_BUILDER({
6     label: "@",
7     ttl: "1h",
8     iodef: "mailto:hostmaster@openstreetmap.org",
9     issue: [
10       "letsencrypt.org",
11       "globalsign.com",   // Used by Fastly for CDN certificates
12     ],
13     issuewild: [
14       "letsencrypt.org",
15       "globalsign.com",   // Used by Fastly for CDN certificates
16     ],
17   }),
18
19   // Mail service
20
21   MX("@", 10, QUALIFY("a.mx")),
22
23   A("a.mx", FAFNIR_IPV4),
24   AAAA("a.mx", FAFNIR_IPV6),
25   A("mail", FAFNIR_IPV4),
26   AAAA("mail", FAFNIR_IPV6),
27   A("mta-sts", FAFNIR_IPV4),
28   AAAA("mta-sts", FAFNIR_IPV6),
29
30   // Delegate SPF policy to the main domain
31
32   SPF_BUILDER({
33     label: "@",
34     parts: [
35       "v=spf1",
36       "include:openstreetmap.org",      // main openstreetmap.org spf record
37       "-all"
38     ]
39   }),
40
41   // Publish DMARC report-only policy
42
43   DMARC_BUILDER({
44     policy: "none",
45     rua: [
46       "mailto:openstreetmap-d@dmarc.report-uri.com"
47     ],
48     failureOptions: 1
49   }),
50
51   // Announce MTA-STS policy and TLSRPT policy for error reports
52
53   TXT("_mta-sts", "v=STSv1; id=202001291805Z"),
54   TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:openstreetmap-d@tlsrpt.report-uri.com"),
55
56   // Fastly cert domain ownership confirmation
57
58   TXT("@", "_globalsign-domain-verification=ps00GlW1BzY9c2_cwH_pFqRkvzZyaCVZ-3RLssRG6S"),
59   TXT("@", "_globalsign-domain-verification=W0buKB5ZmL-VwwHw2oQyQImk3I1q3hSemf2qmB1hjP"),
60
61   A("wiki", KONQI_IPV4),
62   AAAA("wiki", KONQI_IPV6),
63   A("www", KONQI_IPV4),
64   AAAA("www", KONQI_IPV6),
65   A("@", KONQI_IPV4),
66   AAAA("@", KONQI_IPV6)
67
68 );