// Publish CAA records indicating that only letsencrypt should issue certificates
- CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
+ CAA_BUILDER({
+ label: "@",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ ],
+ }),
+
+ // Delegate SPF policy to the main domain
+
+ SPF_BUILDER({
+ label: "@",
+ parts: [
+ "v=spf1",
+ "include:openstreetmap.org", // main openstreetmap.org spf record
+ "-all"
+ ]
+ }),
// Main web server and it's aliases
- A("@", RIDLEY_IPV4, TTL("10m")),
- A("www", RIDLEY_IPV4, TTL("10m"))
+ A("@", NAGA_IPV4),
+ AAAA("@", NAGA_IPV6),
+ A("www", NAGA_IPV4),
+ AAAA("www", NAGA_IPV6),
+
+ // HTTPS / SVCB records
+ HTTPS("@", 1, ".", "alpn=h2"),
+ HTTPS("www", 1, ".", "alpn=h2")
);