// Publish CAA records indicating that only letsencrypt should issue certificates
- CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
- CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
+ CAA_BUILDER({
+ label: "@",
+ iodef: "mailto:hostmaster@openstreetmap.org",
+ issue: [
+ "letsencrypt.org",
+ ],
+ issuewild: [
+ "letsencrypt.org",
+ ],
+ }),
+
+ // Delegate SPF policy to the main domain
+
+ SPF_BUILDER({
+ label: "@",
+ ttl: "1h",
+ parts: [
+ "v=spf1",
+ "include:openstreetmap.org", // main openstreetmap.org spf record
+ "-all"
+ ]
+ }),
// Main web server and it's aliases
- A("@", "193.60.236.19", TTL("10m")),
- A("www", "193.60.236.19", TTL("10m"))
+ A("@", NAGA_IPV4, TTL("10m")),
+ AAAA("@", NAGA_IPV6, TTL("10m")),
+ A("www", NAGA_IPV4, TTL("10m")),
+ AAAA("www", NAGA_IPV6, TTL("10m"))
);