summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes Löthberg <johannes@kyriasis.com>2015-11-06 14:02:55 +0100
committerJohannes Löthberg <johannes@kyriasis.com>2015-11-06 14:02:55 +0100
commit0f34a46287b33ce39a86250880bc97542e67a558 (patch)
treea81b154b95a54490ed06e1b5acd68060f247a4fc
parenta80a3f8c2801985a3dcc3f6c4c932e93c758e425 (diff)
downloaddns-0f34a46287b33ce39a86250880bc97542e67a558.tar.xz
Add initial hyperboria.se zone
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
-rw-r--r--hyperboria.se.zone65
-rw-r--r--named.conf5
2 files changed, 70 insertions, 0 deletions
diff --git a/hyperboria.se.zone b/hyperboria.se.zone
new file mode 100644
index 0000000..ffba34d
--- /dev/null
+++ b/hyperboria.se.zone
@@ -0,0 +1,65 @@
+; vi: ft=bindzone:ts=8:sw=8:nowrap:noet
+$ORIGIN hyperboria.se.
+$TTL 2h
+
+@ IN SOA ns1.kyriasis.com. hostmaster.hyperboria.se (
+ 01 ; serial
+ 4h ; refresh
+ 1h ; retry
+ 1w ; expire
+ 1h ; minttl
+ )
+ NS ns1.kyriasis.com.
+
+ A 212.71.254.33
+ AAAA 2a01:7e00::f03c:91ff:fe6e:f996
+h AAAA fca1:fabb:7792:f28d:4623:139:10af:549
+
+www CNAME hyperboria.se
+
+;;; DNSSEC
+
+; bind 9.9 and later supports "live signing" where the nameserver automatically signs the
+; zone in memory. Due to this the live zone has a larger serial number than in this file
+
+;;; DANE (TLSA) - http://tools.ietf.org/html/rfc6698
+; "TLSA" <usage> <selector> <match>
+; usage:
+; [0] match certification path & require known CA or trust anchor
+; [1] match end-entity certificate & require known CA or trust anchor
+; [2] match certification path, using given cert as trust anchor
+; [3] match end-entity certificate
+; selector:
+; [0] X.509 certificate
+; [1] public key
+; match:
+; [0] exact match
+; [1] SHA-256 hash
+; [2] SHA-512 hash
+
+;;; Mail
+
+;; MX
+@ MX 10 theos.kyriasis.com.
+@ MX 5 h.theos.kyriasis.com.
+h MX 5 h.theos.kyriasis.com.
+
+;; SPF <http://tools.ietf.org/html/rfc4408>
+@ TXT "v=spf1 a mx ~all"
+@ SPF "v=spf1 a mx ~all"
+h SPF "v=spf1 a mx ~all"
+h TXT "v=spf1 a mx ~all"
+
+;;; Users
+
+; CERT and _pka records are used by GnuPG for looking up recipient's public key.
+; - See <http://www.gushi.org/make-dns-cert/HOWTO.html> for a guide.
+; - See RFC 4398 § 2.2 for CERT IPGP.
+
+; OPENPGPKEY records are similar, but have the complete key.
+; - See <http://tools.ietf.org/html/draft-wouters-dane-openpgp-02>
+
+johannes TXT "Johannes Löthberg <johannes@kyriasis.com>, +46739525259"
+ CERT IPGP 0 0 ( FFE0756vZflba7FgjlD7myc6nQu1aHR0cHM6Ly90aGVvcy
+ 5reXJpYXNpcy5jb20vfmt5cmlhcy9wZ3Ata2V5LnR4dA== )
+johannes._pka TXT "v=pka1;fpr=5134EF9EAF65F95B6BB1608E50FB9B273A9D0BB5;uri=https://theos.kyriasis.com/~kyrias/pgp-key.txt"
diff --git a/named.conf b/named.conf
index 2e6f189..e610ed4 100644
--- a/named.conf
+++ b/named.conf
@@ -54,6 +54,11 @@ zone "kyriasis.com" IN {
inline-signing yes;
};
+zone "hyperboria.se" {
+ type master;
+ file "/home/kyrias/dns/hyperboria.se.zone";
+};
+
zone "the-tk.com" {
type slave;
file "the-tk.com.zone";