X-Git-Url: https://git.openstreetmap.org./dns.git/blobdiff_plain/629b0194771e9f99bc46b537b545adf0c0f258e9..fb942b32058d087a689660c6d64f84d79052f369:/src/openstreetmap-za.js?ds=sidebyside diff --git a/src/openstreetmap-za.js b/src/openstreetmap-za.js index a7a4150..5ea5992 100644 --- a/src/openstreetmap-za.js +++ b/src/openstreetmap-za.js @@ -2,9 +2,16 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), // Publish CAA records indicating that only letsencrypt should issue certificates - CAA("@", "issue", "letsencrypt.org", CF_TTL_ANY), - CAA("@", "issuewild", "letsencrypt.org", CF_TTL_ANY), - CAA("@", "iodef", "mailto:hostmaster@openstreetmap.org"), + CAA_BUILDER({ + label: "@", + iodef: "mailto:hostmaster@openstreetmap.org", + issue: [ + "letsencrypt.org", + ], + issuewild: [ + "letsencrypt.org", + ], + }), // Let the main domain handle the email @@ -12,7 +19,14 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), // Delegate SPF policy to the main domain - TXT("@", "v=spf1 include:openstreetmap.org -all"), + SPF_BUILDER({ + label: "@", + parts: [ + "v=spf1", + "include:openstreetmap.org", // main openstreetmap.org spf record + "-all" + ] + }), // Delegate MTA-STS policy to the main domain @@ -24,40 +38,66 @@ D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER), CNAME("www", "www.openstreetmap.org."), CNAME("api", "api.openstreetmap.org."), - // Aerial imagery sites on draco - - A("aerial", "193.60.236.12", TTL("10m")), - A("a.aerial", "193.60.236.12", TTL("10m")), - A("b.aerial", "193.60.236.12", TTL("10m")), - A("c.aerial", "193.60.236.12", TTL("10m")), - - // Aerial imagery sites on kessie - - A("coct.aerial", "178.250.74.36", TTL("30m")), - AAAA("coct.aerial", "2a02:1658:4:0:dad3:85ff:fe5d:875e", TTL("30m")), - A("a.coct.aerial", "178.250.74.36", TTL("30m")), - AAAA("a.coct.aerial", "2a02:1658:4:0:dad3:85ff:fe5d:875e", TTL("30m")), - A("b.coct.aerial", "178.250.74.36", TTL("30m")), - AAAA("b.coct.aerial", "2a02:1658:4:0:dad3:85ff:fe5d:875e", TTL("30m")), - A("c.coct.aerial", "178.250.74.36", TTL("30m")), - AAAA("c.coct.aerial", "2a02:1658:4:0:dad3:85ff:fe5d:875e", TTL("30m")), - - A("topo", "178.250.74.36", TTL("30m")), - AAAA("topo", "2a02:1658:4:0:dad3:85ff:fe5d:875e", TTL("30m")), - A("a.topo", "178.250.74.36", TTL("30m")), - AAAA("a.topo", "2a02:1658:4:0:dad3:85ff:fe5d:875e", TTL("30m")), - A("b.topo", "178.250.74.36", TTL("30m")), - AAAA("b.topo", "2a02:1658:4:0:dad3:85ff:fe5d:875e", TTL("30m")), - A("c.topo", "178.250.74.36", TTL("30m")), - AAAA("c.topo", "2a02:1658:4:0:dad3:85ff:fe5d:875e", TTL("30m")), - - A("namibia-topo", "178.250.74.36", TTL("30m")), - AAAA("namibia-topo", "2a02:1658:4:0:dad3:85ff:fe5d:875e", TTL("30m")), - A("a.namibia-topo", "178.250.74.36", TTL("30m")), - AAAA("a.namibia-topo", "2a02:1658:4:0:dad3:85ff:fe5d:875e", TTL("30m")), - A("b.namibia-topo", "178.250.74.36", TTL("30m")), - AAAA("b.namibia-topo", "2a02:1658:4:0:dad3:85ff:fe5d:875e", TTL("30m")), - A("c.namibia-topo", "178.250.74.36", TTL("30m")), - AAAA("c.namibia-topo", "2a02:1658:4:0:dad3:85ff:fe5d:875e", TTL("30m")), + // Aerial imagery sites + + A("aerial", LOCKHEED_IPV4), + AAAA("aerial", LOCKHEED_IPV6), + A("a.aerial", LOCKHEED_IPV4), + AAAA("a.aerial", LOCKHEED_IPV6), + A("b.aerial", LOCKHEED_IPV4), + AAAA("b.aerial", LOCKHEED_IPV6), + A("c.aerial", LOCKHEED_IPV4), + AAAA("c.aerial", LOCKHEED_IPV6), + + // HTTPS / SVCB records + HTTPS("aerial", 1, ".", "alpn=h2"), + HTTPS("a.aerial", 1, ".", "alpn=h2"), + HTTPS("b.aerial", 1, ".", "alpn=h2"), + HTTPS("c.aerial", 1, ".", "alpn=h2"), + + A("coct.aerial", LOCKHEED_IPV4), + AAAA("coct.aerial", LOCKHEED_IPV6), + A("a.coct.aerial", LOCKHEED_IPV4), + AAAA("a.coct.aerial", LOCKHEED_IPV6), + A("b.coct.aerial", LOCKHEED_IPV4), + AAAA("b.coct.aerial", LOCKHEED_IPV6), + A("c.coct.aerial", LOCKHEED_IPV4), + AAAA("c.coct.aerial", LOCKHEED_IPV6), + + // HTTPS / SVCB records + HTTPS("coct.aerial", 1, ".", "alpn=h2"), + HTTPS("a.coct.aerial", 1, ".", "alpn=h2"), + HTTPS("b.coct.aerial", 1, ".", "alpn=h2"), + HTTPS("c.coct.aerial", 1, ".", "alpn=h2"), + + A("topo", LOCKHEED_IPV4), + AAAA("topo", LOCKHEED_IPV6), + A("a.topo", LOCKHEED_IPV4), + AAAA("a.topo", LOCKHEED_IPV6), + A("b.topo", LOCKHEED_IPV4), + AAAA("b.topo", LOCKHEED_IPV6), + A("c.topo", LOCKHEED_IPV4), + AAAA("c.topo", LOCKHEED_IPV6), + + // HTTPS / SVCB records + HTTPS("topo", 1, ".", "alpn=h2"), + HTTPS("a.topo", 1, ".", "alpn=h2"), + HTTPS("b.topo", 1, ".", "alpn=h2"), + HTTPS("c.topo", 1, ".", "alpn=h2"), + + A("namibia-topo", LOCKHEED_IPV4), + AAAA("namibia-topo", LOCKHEED_IPV6), + A("a.namibia-topo", LOCKHEED_IPV4), + AAAA("a.namibia-topo", LOCKHEED_IPV6), + A("b.namibia-topo", LOCKHEED_IPV4), + AAAA("b.namibia-topo", LOCKHEED_IPV6), + A("c.namibia-topo", LOCKHEED_IPV4), + AAAA("c.namibia-topo", LOCKHEED_IPV6), + + // HTTPS / SVCB records + HTTPS("namibia-topo", 1, ".", "alpn=h2"), + HTTPS("a.namibia-topo", 1, ".", "alpn=h2"), + HTTPS("b.namibia-topo", 1, ".", "alpn=h2"), + HTTPS("c.namibia-topo", 1, ".", "alpn=h2") );