// Publish CAA records indicating that only letsencrypt should issue certificates
- CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
+ CAA_BUILDER({
+ label: "@",
+ ttl: "1h",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ ],
+ }),
+
+ // SPF policy
+
+ SPF_BUILDER({
+ label: "@",
+ ttl: "1h",
+ parts: [
+ "v=spf1",
+ "include:_spf.google.com", // Google GSuite
+ "ip4:212.110.172.32", // shenron ipv4
+ "ip6:2001:41c9:1:400::32", // shenron ipv6
+ "-all"
+ ]
+ }),
// Let google handle email
// Aliases for google services
- CNAME("login", "ghs.google.com."),
+ CNAME("login", "ghs.googlehosted.com."),
+ CNAME("docs", "ghs.googlehosted.com."),
+ CNAME("mail", "ghs.googlehosted.com."),
+ CNAME("calendar", "ghs.googlehosted.com."),
+ CNAME("sites", "ghs.googlehosted.com."),
// Main web server and it's aliases
A("@", RIDLEY_IPV4, TTL("10m")),
A("www", RIDLEY_IPV4, TTL("10m")),
+ A("2022", RIDLEY_IPV4, TTL("10m")),
+ A("2021", RIDLEY_IPV4, TTL("10m")),
A("2020", RIDLEY_IPV4, TTL("10m")),
A("2019", RIDLEY_IPV4, TTL("10m")),
A("2018", RIDLEY_IPV4, TTL("10m")),
A("2010", RIDLEY_IPV4, TTL("10m")),
A("2009", RIDLEY_IPV4, TTL("10m")),
A("2008", RIDLEY_IPV4, TTL("10m")),
- A("2007", RIDLEY_IPV4, TTL("10m"))
+ A("2007", RIDLEY_IPV4, TTL("10m")),
+
+ // Google Site Verification - Grant
+ TXT("2022", "google-site-verification=wT1dJzSYM_2By372lJ_v9IU1crF21qOySEAPABxUcyo")
);