Revert "Drop stormfly-04 from nominatim"

[dns.git] / src / switch2osm.js

diff --git a/src/switch2osm.js b/src/switch2osm.js
index 38422fa9551b4cf38eb40f8bc2f112e8d2129479..26097f22fcc83d4af2da697986c1e42e21cc11eb 100644 (file)
--- a/src/switch2osm.js
+++ b/src/switch2osm.js
@@ -2,13 +2,37 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
 
   // Publish CAA records indicating that only letsencrypt should issue certificates
 
-  CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY),
-  CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY),
-  CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"),
+  CAA_BUILDER({
+    label: "@",
+    iodef: "mailto:hostmaster@openstreetmap.org",
+    issue: [
+      "letsencrypt.org",
+    ],
+    issuewild: [
+      "letsencrypt.org",
+    ],
+  }),
+
+  // Delegate SPF policy to the main domain
+
+  SPF_BUILDER({
+    label: "@",
+    parts: [
+      "v=spf1",
+      "include:openstreetmap.org",  // main openstreetmap.org spf record
+      "-all"
+    ]
+  }),
 
   // Main web server and it's aliases
 
-  A("@", "193.60.236.19", TTL("10m")),
-  A("www", "193.60.236.19", TTL("10m"))
+  A("@", NAGA_IPV4),
+  AAAA("@", NAGA_IPV6),
+  A("www", NAGA_IPV4),
+  AAAA("www", NAGA_IPV6),
+
+  // HTTPS / SVCB records
+  HTTPS("@", 1, ".", "alpn=h2"),
+  HTTPS("www", 1, ".", "alpn=h2")
 
 );