summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes Löthberg <johannes@kyriasis.com>2020-10-10 17:47:00 +0000
committerJohannes Löthberg <johannes@kyriasis.com>2020-10-10 17:47:00 +0000
commit95ef6cb2a0284c42a6f0b8e5c0e4adff6cde9985 (patch)
tree5a02292ecf6a29dc1be1e8fcb2250832f77209e4
parent4858e3b1982da983bac1a9f53d0f657d975bd801 (diff)
downloaddns-95ef6cb2a0284c42a6f0b8e5c0e4adff6cde9985.tar.xz
Split Lets Encrypt TLSA records out into separate zone file
This removes a bunch of duplication, and leads to easier updates in the future. Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
-rw-r--r--kyriasis.com.zone82
-rw-r--r--letsencrypt-tlsa.zone16
2 files changed, 24 insertions, 74 deletions
diff --git a/kyriasis.com.zone b/kyriasis.com.zone
index 5cf59a0..ec41d2d 100644
--- a/kyriasis.com.zone
+++ b/kyriasis.com.zone
@@ -3,7 +3,7 @@ $ORIGIN kyriasis.com.
$TTL 24h
@ IN SOA theos.kyriasis.com. hostmaster (
- 2011 ; serial
+ 2013 ; serial
24h ; refresh
2h ; retry
1w ; expire
@@ -16,33 +16,8 @@ $TTL 24h
A 212.71.254.33
AAAA 2a01:7e00:e000:136::1
- ; X3
-_443._tcp TLSA 2 1 1 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
- ; X4
- TLSA 2 1 1 b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b
- ; E1
- TLSA 2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10
- ; E2
- TLSA 2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270
- ; R3
- TLSA 2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
- ; R4
- TLSA 2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03
-
theos A 212.71.254.33
theos AAAA 2a01:7e00:e000:136::1
- ; X3
-_443._tcp.theos TLSA 2 1 1 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
- ; X4
- TLSA 2 1 1 b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b
- ; E1
- TLSA 2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10
- ; E2
- TLSA 2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270
- ; R3
- TLSA 2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
- ; R4
- TLSA 2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03
direct.theos AAAA 2a01:7e00::f03c:91ff:fe6e:f996
v4.theos A 212.71.254.33
v6.theos AAAA 2a01:7e00:e000:136::1
@@ -144,54 +119,13 @@ _imap._tcp SRV 0 0 143 theos
_imaps._tcp SRV 0 0 993 theos
;; TLSA
- ; X3
-_25._tcp.theos TLSA 2 1 1 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
- ; X4
- TLSA 2 1 1 b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b
- ; E1
- TLSA 2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10
- ; E2
- TLSA 2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270
- ; R3
- TLSA 2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
- ; R4
- TLSA 2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03
- ; X3
-_587._tcp.theos TLSA 2 1 1 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
- ; X4
- TLSA 2 1 1 b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b
- ; E1
- TLSA 2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10
- ; E2
- TLSA 2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270
- ; R3
- TLSA 2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
- ; R4
- TLSA 2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03
- ; X3
-_143._tcp.theos TLSA 2 1 1 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
- ; X4
- TLSA 2 1 1 b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b
- ; E1
- TLSA 2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10
- ; E2
- TLSA 2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270
- ; R3
- TLSA 2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
- ; R4
- TLSA 2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03
- ; X3
-_993._tcp.theos TLSA 2 1 1 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
- ; X4
- TLSA 2 1 1 b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b
- ; E1
- TLSA 2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10
- ; E2
- TLSA 2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270
- ; R3
- TLSA 2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
- ; R4
- TLSA 2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03
+$INCLUDE "/home/kyrias/dns/letsencrypt-tlsa.zone" _443._tcp.kyriasis.com.
+$INCLUDE "/home/kyrias/dns/letsencrypt-tlsa.zone" _443._tcp.theos.kyriasis.com.
+
+$INCLUDE "/home/kyrias/dns/letsencrypt-tlsa.zone" _25._tcp.theos.kyriasis.com.
+$INCLUDE "/home/kyrias/dns/letsencrypt-tlsa.zone" _587._tcp.theos.kyriasis.com.
+$INCLUDE "/home/kyrias/dns/letsencrypt-tlsa.zone" _143._tcp.theos.kyriasis.com.
+$INCLUDE "/home/kyrias/dns/letsencrypt-tlsa.zone" _993._tcp.theos.kyriasis.com.
;; Google Postmaster Tools
@ TXT "google-site-verification=Fj3Hc-7_JPc6WlEF_TMwYTGStln3kuz8vTJsMgoyKA8"
diff --git a/letsencrypt-tlsa.zone b/letsencrypt-tlsa.zone
new file mode 100644
index 0000000..4bfdf26
--- /dev/null
+++ b/letsencrypt-tlsa.zone
@@ -0,0 +1,16 @@
+; vim: ft=bindzone
+
+ ; X3
+@ TLSA 2 1 1 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
+ ; X4
+ TLSA 2 1 1 b111dd8a1c2091a89bd4fd60c57f0716cce50feeff8137cdbee0326e02cf362b
+ ; E1
+ TLSA 2 1 1 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10
+ ; E2
+ TLSA 2 1 1 bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270
+ ; R3
+ TLSA 2 1 1 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
+ ; R4
+ TLSA 2 1 1 e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03
+
+