Disable forensic DMARC reports

[dns.git] / src / osmfoundation.js

diff --git a/src/osmfoundation.js b/src/osmfoundation.js
index 2b7efb7855ff4a6cfb2c167086b648c5b6a6df49..b0c7d8a157148d7773766e8e50b4e695444afa15 100644 (file)
--- a/src/osmfoundation.js
+++ b/src/osmfoundation.js
@@ -2,9 +2,17 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
 
   // Publish CAA records indicating that only letsencrypt should issue certificates
 
-  CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
-  CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
-  CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
+  CAA_BUILDER({
+    label: "@",
+    ttl: "1h",
+    iodef: "mailto:hostmaster@openstreetmap.org",
+    issue: [
+      "letsencrypt.org",
+    ],
+    issuewild: [
+      "letsencrypt.org",
+    ],
+  }),
 
   // Let google handle email
 
@@ -20,7 +28,17 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
 
   // SPF policy
 
-  TXT("@", "v=spf1 ip4:212.110.172.32 ip6:2001:41c9:1:400::32 a mx include:_spf.google.com -all"),
+  SPF_BUILDER({
+    label: "@",
+    ttl: "1h",
+    parts: [
+      "v=spf1",
+      "include:_spf.google.com",  // Google GSuite
+      "ip4:212.110.172.32",       // shenron ipv4
+      "ip6:2001:41c9:1:400::32",  // shenron ipv6
+      "-all"
+    ]
+  }),
 
   // DKIM keys
 
@@ -50,6 +68,10 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
   A("board", RIDLEY_IPV4, TTL("10m")),
   A("dwg", RIDLEY_IPV4, TTL("10m")),
   A("mwg", RIDLEY_IPV4, TTL("10m")),
-  A("operations", RIDLEY_IPV4, TTL("10m"))
+  A("operations", RIDLEY_IPV4, TTL("10m")),
+
+  // Nextcloud instance
+
+  CNAME("files", "osmfiles.cloud68.co.")
 
 );