X-Git-Url: https://git.openstreetmap.org./dns.git/blobdiff_plain/07871395ef7dfb7cce79c1b97457db4c68c59b7d..f85240e7652cea3e0ceec8c861a9c00b8f4e0629:/src/openstreetmap.js diff --git a/src/openstreetmap.js b/src/openstreetmap.js index 2f21f7f..aa0e1ac 100644 --- a/src/openstreetmap.js +++ b/src/openstreetmap.js @@ -39,6 +39,30 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), ] }), + SPF_BUILDER({ + label: "messages", + ttl: "1h", + parts: [ + "v=spf1", + "ip4:212.110.172.32", // shenron ipv4 + "ip6:2001:41c9:1:400::32", // shenron ipv6 + "mx", // safety net if we change mx + "-all" + ] + }), + + SPF_BUILDER({ + label: "noreply", + ttl: "1h", + parts: [ + "v=spf1", + "ip4:212.110.172.32", // shenron ipv4 + "ip6:2001:41c9:1:400::32", // shenron ipv6 + "mx", // safety net if we change mx + "-all" + ] + }), + SPF_BUILDER({ label: "otrs", ttl: "1h", @@ -55,16 +79,30 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), TXT("20200301._domainkey", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvoNZVOGfw1V4A171hxHMhzVTAnIUQVJ8iX3wbqCld8A5iIaXeTGYvBmewymax/cYJS4QqzbpUzkgrrTA9avuZhd+QGJDgjADgx4VyMOaOS6FwAxS0uXtLrt+lsixRDx/feKyZHaxjzJAQy46ok77xXL4UXIaaovw6G6eZpIScMzZQ2zkKNJxTICzzSOduIilHhMWte4XP+/2PdRmD7Ge9jb0U4bZjswX0AqKSGzDKYw+yxVna9l53adeCnklqg2ofoXu+ResiH+kt05aCUOMo8en3em6yBnRCMalgi1E3Tt7I5BWcYFRkT/8agUGW4gGC6XMV9IskOsYL0emG0kGwIDAQAB", AUTOSPLIT), + // Publish DMARC report-only policy + + DMARC_BUILDER({ + policy: "none", + rua: [ + "mailto:openstreetmap-d@dmarc.report-uri.com" + ], + failureOptions: 1 + }), + // Announce MTA-STS policy and TLSRPT policy for error reports TXT("_mta-sts", "v=STSv1; id=202001291805Z"), - TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:postmaster@openstreetmap.org"), + TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:openstreetmap-d@tlsrpt.report-uri.com"), // Fastly cert domain ownership confirmation TXT("@", "_globalsign-domain-verification=ps00GlW1BzY9c2_cwH_pFqRkvzZyaCVZ-3RLssRG6S"), TXT("@", "_globalsign-domain-verification=W0buKB5ZmL-VwwHw2oQyQImk3I1q3hSemf2qmB1hjP"), + // github openstreetmap organisation domain verification + + TXT("_github-challenge-openstreetmap", "6d16757cc4"), + // Delegate MTA-STS policy for subdomains CNAME("_mta-sts.messages", QUALIFY("_mta-sts")), @@ -376,10 +414,12 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), A("clifford.ucl", CLIFFORD_INTERNAL), A("clifford.oob", CLIFFORD_OOB), - // Discourse server + // Discourse server ("community") A("lockheed", LOCKHEED_IPV4), AAAA("lockheed", LOCKHEED_IPV6), + A("community", LOCKHEED_IPV4), + AAAA("community", LOCKHEED_IPV6), A("lockheed.ams", LOCKHEED_INTERNAL), A("lockheed.oob", LOCKHEED_OOB), @@ -462,28 +502,15 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), AAAA("saphira", SAPHIRA_IPV6), A("toothless", TOOTHLESS_IPV4), AAAA("toothless", TOOTHLESS_IPV6), - A("sarkany", SARKANY_IPV4), - AAAA("sarkany", SARKANY_IPV6), - A("kalessin", KALESSIN_IPV4), - AAAA("kalessin", KALESSIN_IPV6), A("angor", ANGOR_IPV4), // AAAA("angor", ANGOR_IPV6), A("ladon", LADON_IPV4), AAAA("ladon", LADON_IPV6), A("ascalon", ASCALON_IPV4), - A("cherufe", CHERUFE_IPV4), A("chrysophylax", CHRYSOPHYLAX_IPV4), AAAA("chrysophylax", CHRYSOPHYLAX_IPV6), - A("keizer", KEIZER_IPV4), - AAAA("keizer", KEIZER_IPV6), A("vipertooth", VIPERTOOTH_IPV4), AAAA("vipertooth", VIPERTOOTH_IPV6), - A("nidhogg", NIDHOGG_IPV4), - AAAA("nidhogg", NIDHOGG_IPV6), - A("boitata", BOITATA_IPV4), - AAAA("boitata", BOITATA_IPV6), - A("fafnir", FAFNIR_IPV4), - AAAA("fafnir", FAFNIR_IPV6), A("fume", FUME_IPV4), A("takhisis", TAKHISIS_IPV4), AAAA("takhisis", TAKHISIS_IPV6), @@ -491,8 +518,6 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), A("meraxes", MERAXES_IPV4), AAAA("meraxes", MERAXES_IPV6), A("kokosnuss", KOKOSNUSS_IPV4), - A("shruikan", SHRUIKAN_IPV4), - AAAA("shruikan", SHRUIKAN_IPV6), A("firnen", FIRNEN_IPV4), // Blades