1 D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
3 // Publish CAA records indicating that only letsencrypt should issue certificates
7 iodef: "mailto:hostmaster@openstreetmap.org",
16 // Let mailbox.org handle email
18 MX("@", 10, "mxext1.mailbox.org."),
19 MX("@", 10, "mxext2.mailbox.org."),
20 MX("@", 20, "mxext3.mailbox.org."),
22 // Handle mail for the join subdomain ourselves
24 MX("join", 10, "a.mx.openstreetmap.org."),
32 "include:mailbox.org", // mailbox.org
33 "include:_spf.google.com", // Google GSuite
34 "ip4:184.104.226.98", // fafnir ipv4
35 "ip6:2001:470:1:b3b::2", // fafnir ipv6
36 "ip4:193.60.236.0/24", // ucl external
37 "ip4:184.104.179.128/27", // amsterdam external
38 "ip6:2001:470:1:fa1::/64", // amsterdam external
39 "ip4:184.104.226.96/27", // dublin external
40 "ip6:2001:470:1:b3b::/64", // dublin external
49 "ip4:184.104.226.98", // fafnir ipv4
50 "ip6:2001:470:1:b3b::2", // fafnir ipv6
51 "ip4:193.60.236.0/24", // ucl external
52 "ip4:184.104.179.128/27", // amsterdam external
53 "ip6:2001:470:1:fa1::/64", // amsterdam external
54 "ip4:184.104.226.96/27", // dublin external
55 "ip6:2001:470:1:b3b::/64", // dublin external
60 // Apple Business Manager verification
61 TXT("@", "apple-domain-verification=ZzBG2msRtUDehTMW"),
63 // Mailbox.org registration verification
64 TXT("d00f46a3fde45d06c53f3cd5b21f213ea384e7f5", "4a229bebe41606a1f7d909507846729a73998c31"),
66 // Publish DMARC report-only policy
71 "mailto:openstreetmap-d@dmarc.report-uri.com"
78 TXT("google._domainkey", "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJmTBAkYRCocCCNtVsdRNMlQel8kNfjPYJpjEm7woEgZh9yZeDzxImtz+u73oUF4+7bXzrNYbP946WNQIwAba1J69he8L1qfPBJLd3Z/fgmuaGdWcxpDno2EY4cQ8PrzvI6Vfm+6YAFANl8w09CIg41ykdlzH4iUJXD35k3SIl3wIDAQAB"),
79 TXT("20201112._domainkey", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4OyJc77mpW5djxVfZm18HcmJHQLpo7B2Z8Og8byICjDiG91Tpkv5ws3xIbMsi/tVA6p5L76uL0TGKlo4ayewYvJUTC22+hBWARUuWA0DgeMwBpW/dNUOJHBABCTouolvXLKRTPTefA177Y5jYbD7ZeJAR4ZnFbZX6spimXCT66AyhqCBSrOCXYXFm3ons5ANkkQBNZ/jMYczYs9T1ijNEbBNTJmLO+whOrYLyGd3iZ9X9iOmuNFBCgXp0tsN//FBsOyTl559/XY25r3GZhiKXMbrZ1IJewqJlG0+hN1y9qwWGgq5YpZPt5YJ1KGjIrcFX59/PhNQX4khPOaD5g7ZQIDAQAB", AUTOSPLIT),
81 // https://kb.mailbox.org/en/private/custom-domains/spf-dkim-and-dmarc-how-to-improve-spam-reputation-and-avoid-bounces
82 CNAME("MBO0001._domainkey", "MBO0001._domainkey.mailbox.org."),
83 CNAME("MBO0002._domainkey", "MBO0002._domainkey.mailbox.org."),
84 CNAME("MBO0003._domainkey", "MBO0003._domainkey.mailbox.org."),
85 CNAME("MBO0004._domainkey", "MBO0004._domainkey.mailbox.org."),
87 // Google postmaster tools verification
89 CNAME("uaqn4jv2xaoe", "gv-jun5dginqysxph.dv.googlehosted.com."),
91 // Aliases for google services
93 CNAME("login", "ghs.googlehosted.com."),
94 CNAME("docs", "ghs.googlehosted.com."),
95 CNAME("mail", "ghs.googlehosted.com."),
96 CNAME("calendar", "ghs.googlehosted.com."),
97 CNAME("sites", "ghs.googlehosted.com."),
99 // Aliases for mailbox.org services
101 CNAME("autoconfig", "mailbox.org."),
102 SRV("_hkps._tcp", 1, 1, 443, "pgp.mailbox.org."),
104 // Main web server and it's aliases
107 A("www", RIDLEY_IPV4),
108 A("wiki", RIDLEY_IPV4),
109 A("blog", RIDLEY_IPV4),
110 A("crm", RIDLEY_IPV4),
111 A("join", RIDLEY_IPV4),
112 A("support", RIDLEY_IPV4),
113 A("supporting", RIDLEY_IPV4),
114 A("donate", RIDLEY_IPV4),
116 A("board", RIDLEY_IPV4),
117 A("dwg", RIDLEY_IPV4),
118 A("mwg", RIDLEY_IPV4),
119 A("operations", NAGA_IPV4_HE),
120 AAAA("operations", NAGA_IPV6_HE),
122 // HTTPS / SVCB records
123 HTTPS("www", 1, ".", "alpn=h2"),
124 HTTPS("wiki", 1, ".", "alpn=h2"),
125 HTTPS("blog", 1, ".", "alpn=h2"),
126 HTTPS("crm", 1, ".", "alpn=h2"),
127 HTTPS("join", 1, ".", "alpn=h2"),
128 HTTPS("support", 1, ".", "alpn=h2"),
129 HTTPS("supporting", 1, ".", "alpn=h2"),
130 HTTPS("donate", 1, ".", "alpn=h2"),
131 HTTPS("board", 1, ".", "alpn=h2"),
132 HTTPS("dwg", 1, ".", "alpn=h2"),
133 HTTPS("mwg", 1, ".", "alpn=h2"),
134 HTTPS("operations", 1, ".", "alpn=h2"),
136 // Nextcloud instance
138 CNAME("files", "nextcloud-openstreetmapfoundation.cloud68.systems."),
141 A("staging.blog", TABALUGA_IPV4),
142 AAAA("staging.blog", TABALUGA_IPV6),
143 // HTTPS / SVCB records
144 HTTPS("staging.blog", 1, ".", "alpn=h2"),
146 A("hardware", IDRIS_IPV4_HE),
148 // HTTPS / SVCB records
149 HTTPS("hardware", 1, ".", "alpn=h2")