// Publish CAA records indicating that only letsencrypt should issue certificates
- CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
+ CAA_BUILDER({
+ label: "@",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ ],
+ }),
// Let the main domain handle the email
// Delegate SPF policy to the main domain
- TXT("@", "v=spf1 include:openstreetmap.org -all"),
+ SPF_BUILDER({
+ label: "@",
+ parts: [
+ "v=spf1",
+ "include:openstreetmap.org", // main openstreetmap.org spf record
+ "-all"
+ ]
+ }),
// Delegate MTA-STS policy to the main domain
CNAME("www", "www.openstreetmap.org."),
CNAME("api", "api.openstreetmap.org."),
- // Aerial imagery sites on draco
+ // Aerial imagery sites on ironbelly
- A("aerial", DRACO_IPV4, TTL("10m")),
- A("a.aerial", DRACO_IPV4, TTL("10m")),
- A("b.aerial", DRACO_IPV4, TTL("10m")),
- A("c.aerial", DRACO_IPV4, TTL("10m")),
+ A("aerial", LOCKHEED_IPV4),
+ AAAA("aerial", LOCKHEED_IPV6),
+ A("a.aerial", LOCKHEED_IPV4),
+ AAAA("a.aerial", LOCKHEED_IPV6),
+ A("b.aerial", LOCKHEED_IPV4),
+ AAAA("b.aerial", LOCKHEED_IPV6),
+ A("c.aerial", LOCKHEED_IPV4),
+ AAAA("c.aerial", LOCKHEED_IPV6),
+
+ // HTTPS / SVCB records
+ HTTPS("aerial", 1, ".", "alpn=h2"),
+ HTTPS("a.aerial", 1, ".", "alpn=h2"),
+ HTTPS("b.aerial", 1, ".", "alpn=h2"),
+ HTTPS("c.aerial", 1, ".", "alpn=h2"),
// Aerial imagery sites on kessie
- A("coct.aerial", KESSIE_IPV4, TTL("30m")),
- AAAA("coct.aerial", KESSIE_IPV6, TTL("30m")),
- A("a.coct.aerial", KESSIE_IPV4, TTL("30m")),
- AAAA("a.coct.aerial", KESSIE_IPV6, TTL("30m")),
- A("b.coct.aerial", KESSIE_IPV4, TTL("30m")),
- AAAA("b.coct.aerial", KESSIE_IPV6, TTL("30m")),
- A("c.coct.aerial", KESSIE_IPV4, TTL("30m")),
- AAAA("c.coct.aerial", KESSIE_IPV6, TTL("30m")),
-
- A("topo", KESSIE_IPV4, TTL("30m")),
- AAAA("topo", KESSIE_IPV6, TTL("30m")),
- A("a.topo", KESSIE_IPV4, TTL("30m")),
- AAAA("a.topo", KESSIE_IPV6, TTL("30m")),
- A("b.topo", KESSIE_IPV4, TTL("30m")),
- AAAA("b.topo", KESSIE_IPV6, TTL("30m")),
- A("c.topo", KESSIE_IPV4, TTL("30m")),
- AAAA("c.topo", KESSIE_IPV6, TTL("30m")),
-
- A("namibia-topo", KESSIE_IPV4, TTL("30m")),
- AAAA("namibia-topo", KESSIE_IPV6, TTL("30m")),
- A("a.namibia-topo", KESSIE_IPV4, TTL("30m")),
- AAAA("a.namibia-topo", KESSIE_IPV6, TTL("30m")),
- A("b.namibia-topo", KESSIE_IPV4, TTL("30m")),
- AAAA("b.namibia-topo", KESSIE_IPV6, TTL("30m")),
- A("c.namibia-topo", KESSIE_IPV4, TTL("30m")),
- AAAA("c.namibia-topo", KESSIE_IPV6, TTL("30m"))
+ A("coct.aerial", KESSIE_IPV4),
+ AAAA("coct.aerial", KESSIE_IPV6),
+ A("a.coct.aerial", KESSIE_IPV4),
+ AAAA("a.coct.aerial", KESSIE_IPV6),
+ A("b.coct.aerial", KESSIE_IPV4),
+ AAAA("b.coct.aerial", KESSIE_IPV6),
+ A("c.coct.aerial", KESSIE_IPV4),
+ AAAA("c.coct.aerial", KESSIE_IPV6),
+
+ // HTTPS / SVCB records
+ HTTPS("coct.aerial", 1, ".", "alpn=h2"),
+ HTTPS("a.coct.aerial", 1, ".", "alpn=h2"),
+ HTTPS("b.coct.aerial", 1, ".", "alpn=h2"),
+ HTTPS("c.coct.aerial", 1, ".", "alpn=h2"),
+
+ A("topo", KESSIE_IPV4),
+ AAAA("topo", KESSIE_IPV6),
+ A("a.topo", KESSIE_IPV4),
+ AAAA("a.topo", KESSIE_IPV6),
+ A("b.topo", KESSIE_IPV4),
+ AAAA("b.topo", KESSIE_IPV6),
+ A("c.topo", KESSIE_IPV4),
+ AAAA("c.topo", KESSIE_IPV6),
+
+ // HTTPS / SVCB records
+ HTTPS("topo", 1, ".", "alpn=h2"),
+ HTTPS("a.topo", 1, ".", "alpn=h2"),
+ HTTPS("b.topo", 1, ".", "alpn=h2"),
+ HTTPS("c.topo", 1, ".", "alpn=h2"),
+
+ A("namibia-topo", KESSIE_IPV4),
+ AAAA("namibia-topo", KESSIE_IPV6),
+ A("a.namibia-topo", KESSIE_IPV4),
+ AAAA("a.namibia-topo", KESSIE_IPV6),
+ A("b.namibia-topo", KESSIE_IPV4),
+ AAAA("b.namibia-topo", KESSIE_IPV6),
+ A("c.namibia-topo", KESSIE_IPV4),
+ AAAA("c.namibia-topo", KESSIE_IPV6),
+
+ // HTTPS / SVCB records
+ HTTPS("namibia-topo", 1, ".", "alpn=h2"),
+ HTTPS("a.namibia-topo", 1, ".", "alpn=h2"),
+ HTTPS("b.namibia-topo", 1, ".", "alpn=h2"),
+ HTTPS("c.namibia-topo", 1, ".", "alpn=h2")
);