.osmfoundation::b.ns.bytemark.co.uk
.osmfoundation::c.ns.bytemark.co.uk
-# SPF Record
+# Publish a CAA record indicating that only letsencrypt should issue certificates
+
+:osmfoundation:257:\000\005\151\163\163\165\145\154\145\164\163\145\156\143\162\171\160\164\056\157\162\147
-'osmfoundation:v=spf1 a\072shenron.openstreetmap.org include\072aspmx.googlemail.com ~all:3600
+# SPF Record
+# https://anders.com/projects/sysadmin/djbdnsRecordBuilder/
+# v=spf1 ip4:212.110.172.32 ip6:2001:41c9:1:400::32 a mx include:_spf.google.com -all
+'osmfoundation:v=spf1\040ip4\072212.110.172.32\040ip6\0722001\07241c9\0721\072400\072\07232\040a\040mx\040include\072_spf.google.com\040-all:86400
# Let google handle email
@osmfoundation::aspmx.l.google.com:1:3600
@osmfoundation::alt1.aspmx.l.google.com:5:3600
@osmfoundation::alt2.aspmx.l.google.com:5:3600
-@osmfoundation::aspmx2.googlemail.com:10:3600
-@osmfoundation::aspmx3.googlemail.com:10:3600
+@osmfoundation::alt3.aspmx.l.google.com:10:3600
+@osmfoundation::alt4.aspmx.l.google.com:10:3600
+
+# Handle mail for the crm subdomain ourselves
+
+@crm.osmfoundation::a.mx.openstreetmap.org:10
# Add DKIM public key
# Use : raw to workaround TXT split issue
# Main web server and it's aliases
-+osmfoundation:128.40.168.102:600
-+old.osmfoundation:128.40.168.102
-+www.osmfoundation:128.40.168.102:600
-+wiki.osmfoundation:128.40.168.102:600
-+blog.osmfoundation:128.40.168.102:600
-+vote.osmfoundation:128.40.168.102
-+accounts.osmfoundation:128.40.168.102
-+crm.osmfoundation:128.40.168.102
++osmfoundation:193.60.236.19:600
++old.osmfoundation:193.60.236.19:600
++www.osmfoundation:193.60.236.19:600
++wiki.osmfoundation:193.60.236.19:600
++blog.osmfoundation:193.60.236.19:600
++crm.osmfoundation:193.60.236.19:600
++join.osmfoundation:193.60.236.19:600
++board.osmfoundation:193.60.236.19:600
++dwg.osmfoundation:193.60.236.19:600
++mwg.osmfoundation:193.60.236.19:600
++operations.osmfoundation:193.60.236.19:600