]> git.openstreetmap.org Git - dns.git/commitdiff
Add special handling for osm.wiki
authorGrant Slater <github@firefishy.com>
Thu, 31 Aug 2023 21:06:20 +0000 (22:06 +0100)
committerGrant Slater <github@firefishy.com>
Thu, 31 Aug 2023 21:06:20 +0000 (22:06 +0100)
dnsconfig.js
src/osm-wiki.js [new file with mode: 0644]

index a9938836f37b311df00eb0c2f6e43d710679248b..9bd7ce7cd9852fa54683364d67758af5a845a6e5 100644 (file)
@@ -76,7 +76,7 @@ OPENSTREETMAP("openstreetmap.sg", REG_GANDI);
 OPENSTREETMAP("openstreetmap.tv", REG_GANDI);
 OPENSTREETMAP("openstreetmap.wales", REG_GANDI);
 OPENSTREETMAP("openstreetmapdata.org", REG_GANDI);
 OPENSTREETMAP("openstreetmap.tv", REG_GANDI);
 OPENSTREETMAP("openstreetmap.wales", REG_GANDI);
 OPENSTREETMAP("openstreetmapdata.org", REG_GANDI);
-OPENSTREETMAP("osm.wiki", REG_GANDI);
+
 // Disable due to registration issue
 // OPENSTREETMAP("openstreetmap.al", REG_NONE);
 
 // Disable due to registration issue
 // OPENSTREETMAP("openstreetmap.al", REG_NONE);
 
@@ -134,6 +134,9 @@ var IDEDITOR = loadTemplate("ideditor");
 
 IDEDITOR("ideditor.com", REG_GANDI);
 
 
 IDEDITOR("ideditor.com", REG_GANDI);
 
+var OSMWIKI = loadTemplate("osm-wiki");
+OSMWIKI("osm.wiki", REG_GANDI);
+
 var PTR_EQUINIX_AMS_IPV4 = loadTemplate("ptr_equinix_ams_ipv4");
 
 PTR_EQUINIX_AMS_IPV4("128-27.179.104.184.in-addr.arpa", REG_NONE);
 var PTR_EQUINIX_AMS_IPV4 = loadTemplate("ptr_equinix_ams_ipv4");
 
 PTR_EQUINIX_AMS_IPV4("128-27.179.104.184.in-addr.arpa", REG_NONE);
diff --git a/src/osm-wiki.js b/src/osm-wiki.js
new file mode 100644 (file)
index 0000000..c93c810
--- /dev/null
@@ -0,0 +1,77 @@
+D(DOMAIN, REGISTRAR, DnsProvider(PROVIDER),
+
+  // Publish CAA records indicating that only letsencrypt and globalsign (Fastly) should issue certificates
+
+  CAA_BUILDER({
+    label: "@",
+    ttl: "1h",
+    iodef: "mailto:hostmaster@openstreetmap.org",
+    issue: [
+      "letsencrypt.org",
+      "globalsign.com",   // Used by Fastly for CDN certificates
+    ],
+    issuewild: [
+      "letsencrypt.org",
+      "globalsign.com",   // Used by Fastly for CDN certificates
+    ],
+  }),
+
+  // Mail service
+
+  MX("@", 10, QUALIFY("a.mx")),
+
+  A("a.mx", FAFNIR_IPV4),
+  AAAA("a.mx", FAFNIR_IPV6),
+  A("mail", FAFNIR_IPV4),
+  AAAA("mail", FAFNIR_IPV6),
+  A("mta-sts", FAFNIR_IPV4),
+  AAAA("mta-sts", FAFNIR_IPV6),
+
+  // Publish SPF records indicating that only shenron sends mail
+
+  SPF_BUILDER({
+    label: "@",
+    parts: [
+      "v=spf1",
+      "ip4:212.110.172.32",       // shenron ipv4
+      "ip6:2001:41c9:1:400::32",  // shenron ipv6
+      "ip4:184.104.226.98",       // fafnir ipv4
+      "ip6:2001:470:1:b3b::2",    // fafnir ipv6
+      "ip4:193.60.236.0/24",          // ucl external
+      "ip4:184.104.179.128/27",       // amsterdam external
+      "ip6:2001:470:1:fa1::/64",      // amsterdam external
+      "ip4:184.104.226.96/27",        // dublin external
+      "ip6:2001:470:1:b3b::/64",      // dublin external
+      "mx",                       // safety net if we change mx
+      "-all"
+    ]
+  }),
+
+  // Publish DMARC report-only policy
+
+  DMARC_BUILDER({
+    policy: "none",
+    rua: [
+      "mailto:openstreetmap-d@dmarc.report-uri.com"
+    ],
+    failureOptions: 1
+  }),
+
+  // Announce MTA-STS policy and TLSRPT policy for error reports
+
+  TXT("_mta-sts", "v=STSv1; id=202001291805Z"),
+  TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:openstreetmap-d@tlsrpt.report-uri.com"),
+
+  // Fastly cert domain ownership confirmation
+
+  TXT("@", "_globalsign-domain-verification=ps00GlW1BzY9c2_cwH_pFqRkvzZyaCVZ-3RLssRG6S"),
+  TXT("@", "_globalsign-domain-verification=W0buKB5ZmL-VwwHw2oQyQImk3I1q3hSemf2qmB1hjP"),
+
+  A("wiki", KONQI_IPV4),
+  AAAA("wiki", KONQI_IPV6),
+  A("www", KONQI_IPV4),
+  AAAA("www", KONQI_IPV6),
+  A("@", KONQI_IPV4),
+  AAAA("@", KONQI_IPV6)
+
+);
\ No newline at end of file