diff options
| -rw-r--r-- | kyriasis.com.zone | 129 | ||||
| -rw-r--r-- | lucifer.kyriasis.com.zone | 23 | ||||
| -rw-r--r-- | theos.kyriasis.com.zone | 18 |
3 files changed, 115 insertions, 55 deletions
diff --git a/kyriasis.com.zone b/kyriasis.com.zone index 5555518..5afbea1 100644 --- a/kyriasis.com.zone +++ b/kyriasis.com.zone @@ -1,10 +1,9 @@ ; vi: ft=bindzone:ts=8:sw=8:nowrap:noet $ORIGIN kyriasis.com. $TTL 2h -; kyriasis.com @ IN SOA theos.kyriasis.com. hostmaster ( - 19 ; serial + 28 ; serial 4h ; refresh 1h ; retry 1w ; expire @@ -17,60 +16,130 @@ $TTL 2h A 178.79.157.58 AAAA 2a01:7e00::f03c:91ff:fe69:1787 +theos A 212.71.254.33 +theos AAAA 2a01:7e00::f03c:91ff:fe6e:f996 + NS1 A 212.71.254.33 NS1 AAAA 2a01:7e00::f03c:91ff:fe6e:f996 NS2 A 178.79.157.58 NS2 AAAA 2a01:7e00::f03c:91ff:fe69:1787 www CNAME kyriasis.com. +git CNAME theos.kyriasis.com. +ldap CNAME theos.kyriasis.com. + +;;; Keybase verification +@ TXT "keybase-site-verification=ps0bAlsiJPIhNZy3mN-xDArc8f9A-AEoVhgsC6NDLDk" +theos TXT "keybase-site-verification=_bApRga8QdQm0OpTxOZLeBFAPDB1_VV_BGbB8X-jw-M" + +;;; DNSSEC + +; bind 9.9 and later supports "live signing" where the nameserver automatically signs the +; zone in memory. Due to this the live zone has a larger serial number than in this file + +;;; DANE (TLSA) - http://tools.ietf.org/html/rfc6698 +; "TLSA" <usage> <selector> <match> +; usage: +; [0] match certification path & require known CA or trust anchor +; [1] match end-entity certificate & require known CA or trust anchor +; [2] match certification path, using given cert as trust anchor +; [3] match end-entity certificate +; selector: +; [0] X.509 certificate +; [1] public key +; match: +; [0] exact match +; [1] SHA-256 hash +; [2] SHA-512 hash + +;; theos +; https; StartSSL +_443._tcp.theos TLSA 3 0 1 35da01bd9fed5e538baae2cb423dd6923f8d313c774f2da1b40e64d418e3f271 -; Mail + +;;; Mail + +;; MX @ MX 5 theos.kyriasis.com. @ MX 20 lucifer.kyriasis.com. +theos MX 5 theos.kyriasis.com. +;; SPF <http://tools.ietf.org/html/rfc4408> @ TXT "v=spf1 a mx ~all" - SPF "v=spf1 a mx ~all" +@ SPF "v=spf1 a mx ~all" +theos SPF "v=spf1 a mx ~all" +theos TXT "v=spf1 a mx ~all" +;; DKIM <http://tools.ietf.org/html/rfc6376> theos._domainkey TXT "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDp4YIk0oJEW1PbPBwCEr8o/e7koQ57jHLmBml1nRKwcBSH/TIkuqz85YYT72s88LaXVlaz2JDygT43edcD/kBxPPDXAqfME8PRGxXi5X2nmyhbCBT+Q5w0kiPkbGOta8pes1Ger1tUIcvRWhuiqX5QHB0pY/cJ+rBBPb7VGqjHLwIDAQABoQ57jHLmBml1nRKwcBSH/TIku" lucifer._domainkey TXT "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCurY0mrJZT5KKUYDfXkceauC2lLGk0E6z75bq0IcPcoNNrXbHIYQMuN5VMulrXv3qF6lbcJwA87XnvE7uS7471fmEYXluOZ2A+HdPm/W/LL1Z9De4LTgt45AWzanczDGxekh5hdy/VCwkxw1Kq6TA9G1fPJTF2sVvqo8JHNoI5swIDAQAB" +theos._domainkey.theos TXT "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDp4YIk0oJEW1PbPBwCEr8o/e7koQ57jHLmBml1nRKwcBSH/TIkuqz85YYT72s88LaXVlaz2JDygT43edcD/kBxPPDXAqfME8PRGxXi5X2nmyhbCBT+Q5w0kiPkbGOta8pes1Ger1tUIcvRWhuiqX5QHB0pY/cJ+rBBPb7VGqjHLwIDAQABoQ57jHLmBml1nRKwcBSH/TIku" -; Kerberos -_kerberos TXT "KYRIASIS.COM" +;; SRV for email discovery <https://tools.ietf.org/html/rfc6186> +;; (not sure if anything useful uses them?) +_submission._tcp SRV 0 0 587 theos.kyriasis.com. +_imap._tcp SRV 0 0 143 theos.kyriasis.com. +_imaps._tcp SRV 0 0 993 theos.kyriasis.com. -_kerberos._udp SRV 0 0 88 theos.kyriasis.com. +;;; Kerberos <http://web.mit.edu/Kerberos/krb5-latest/doc/admin/realm_config.html> +_kerberos TXT "KYRIASIS.COM" +_kerberos._udp SRV 0 0 88 theos.kyriasis.com. _kerberos._tcp SRV 0 0 88 theos.kyriasis.com. +_kerberos-master._udp SRV 0 0 88 theos.kyriasis.com. +_kerberos-adm._tcp SRV 0 0 749 theos.kyriasis.com. +_kpasswd._udp SRV 0 0 464 theos.kyriasis.com. -_kerberos-master._tcp SRV 0 0 88 theos.kyriasis.com. -_kerberos-adm._tcp SRV 0 0 749 theos.kyriasis.com. +;;; LDAP +_ldap._tcp SRV 0 0 389 theos.kyriasis.com. +_ldaps._tcp SRV 0 0 636 theos.kyriasis.com. -_kpasswd._udp SRV 0 0 464 theos.kyriasis.com. -_kpasswd._tcp SRV 0 0 464 theos.kyriasis.com. +;;; SSH hostkeys <http://tools.ietf.org/html/rfc4255> +; <http://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml> +; "SSHFP" <algorithm> <fingerprint type> <fingerpint> +; algorithm: +; [1] RSA +; [2] DSA +; [3] ECDSA +; [4] ED25519 +; fingerprint type: +; [1] SHA-1 +; [2] SHA-256 + +;; theos +; RSA +theos SSHFP 1 1 35fb44db05be6c6b6867663021c1375c78ebdf33 +theos SSHFP 1 2 74befd1f190727fd27ab0f20338a352264d7da1cafe14dd7315a25d6 +; Ed25519 +theos SSHFP 4 1 50a1c85a3c98ca1bbc44a6b602b6be662a51b433 +theos SSHFP 4 2 bc7d361c8576cc7e6ddfc12b9d826074d2201a521233b94896c1cb6c06a87e41 -$INCLUDE "/home/kyrias/dns/theos.kyriasis.com.zone" -$INCLUDE "/home/kyrias/dns/lucifer.kyriasis.com.zone" +;;; Users -zeth A 213.141.70.53 -arch NS ns1.he.net. - NS ns2.he.net. - NS ns3.he.net. - NS ns4.he.net. - NS ns5.he.net. +; CERT and _pka records are used by GnuPG for looking up recipient's public key. +; - See <http://www.gushi.org/make-dns-cert/HOWTO.html> for a guide. +; - See RFC 4398 § 2.2 for CERT IPGP. -@ TXT "keybase-site-verification=ps0bAlsiJPIhNZy3mN-xDArc8f9A-AEoVhgsC6NDLDk" +; OPENPGPKEY records are similar, but have the complete key. +; - See <http://tools.ietf.org/html/draft-wouters-dane-openpgp-02> + +johannes TXT "Johannes Löthberg <johannes@kyriasis.com>, +46739525259" + CERT IPGP 0 0 ( FFE0756vZflba7FgjlD7myc6nQu1aHR0cHM6Ly90aGVvcy + 5reXJpYXNpcy5jb20vfmt5cmlhcy9wZ3Ata2V5LnR4dA== ) johannes._pka TXT "v=pka1;fpr=5134EF9EAF65F95B6BB1608E50FB9B273A9D0BB5;uri=https://theos.kyriasis.com/~kyrias/pgp-key.txt" -@ NAPTR 10 100 "s" "SIPS+D2T" "" _sips._tcp.kyriasis.com. - NAPTR 20 100 "s" "SIP+D2T" "" _sip._tcp.kyriasis.com. - NAPTR 30 100 "s" "SIP+D2U" "" _sip._udp.kyriasis.com. -_sips._tcp SRV 100 100 443 proxy.sipthor.net. -_sip._tcp SRV 100 100 5060 proxy.sipthor.net. -_sip_.udp SRV 100 100 5060 proxy.sipthor.net. -_msrps._tcp SRV 0 0 2855 msrprelay.sipthor.net. -_stun._udp SRV 0 0 3478 stun1.dns-hosting.info. -_stun._udp SRV 0 0 3478 stun2.dns-hosting.info. -xcap TXT "https://xcap.sipthor.net/xcap-root/" +;;; Delegated subdomains + +;; Arch-TkK +arch NS ns1.he.net. + NS ns2.he.net. + NS ns3.he.net. + NS ns4.he.net. + NS ns5.he.net. + + +$INCLUDE "/home/kyrias/dns/lucifer.kyriasis.com.zone" diff --git a/lucifer.kyriasis.com.zone b/lucifer.kyriasis.com.zone index 2a6a32c..4d8b8a8 100644 --- a/lucifer.kyriasis.com.zone +++ b/lucifer.kyriasis.com.zone @@ -3,13 +3,22 @@ $ORIGIN lucifer.kyriasis.com. @ A 178.79.157.58 AAAA 2a01:7e00::f03c:91ff:fe69:1787 -; Mail +;;; Mail + +;; MX MX 5 lucifer.kyriasis.com. + +;; SPF SPF "v=spf1 a mx ~all" TXT "v=spf1 a mx ~all" - SSHFP 1 1 06d9f22983ac5469e60f0e214546981d1d67f801 - SSHFP 1 2 2f9f884c8b05d1c39fb81b75ffcdb895efccf55c93c94d679bbcd3044be0c4a0 - SSHFP 2 1 bed6131495ce22c022bd0424abb28d932a63083a - SSHFP 2 2 16780fba314356063637685f58a769ab1cd2f7ede4f2668d603a6f5530c4a4e5 - SSHFP 3 1 7d7fc4b56b7a31a90b1ffc8a4b6842335474f7ae - SSHFP 3 2 bcf5f7c730a7aae19b5743d09003f80a590f179c4537590227b543cd9760575d + +;;; SSH hostkeys +; RSA + SSHFP 1 1 06d9f22983ac5469e60f0e214546981d1d67f801 + SSHFP 1 2 2f9f884c8b05d1c39fb81b75ffcdb895efccf55c93c94d679bbcd3044be0c4a0 +; DSA + SSHFP 2 1 bed6131495ce22c022bd0424abb28d932a63083a + SSHFP 2 2 16780fba314356063637685f58a769ab1cd2f7ede4f2668d603a6f5530c4a4e5 +; ECDSA + SSHFP 3 1 7d7fc4b56b7a31a90b1ffc8a4b6842335474f7ae + SSHFP 3 2 bcf5f7c730a7aae19b5743d09003f80a590f179c4537590227b543cd9760575d diff --git a/theos.kyriasis.com.zone b/theos.kyriasis.com.zone deleted file mode 100644 index 503f884..0000000 --- a/theos.kyriasis.com.zone +++ /dev/null @@ -1,18 +0,0 @@ -; vi: ft=bindzone:ts=8:sw=8:nowrap:noet -$ORIGIN theos.kyriasis.com. - -@ A 212.71.254.33 - AAAA 2a01:7e00::f03c:91ff:fe6e:f996 - -; Mail -@ MX 5 theos.kyriasis.com. - SPF "v=spf1 a mx ~all" - TXT "v=spf1 a mx ~all" -theos._domainkey TXT "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDp4YIk0oJEW1PbPBwCEr8o/e7koQ57jHLmBml1nRKwcBSH/TIkuqz85YYT72s88LaXVlaz2JDygT43edcD/kBxPPDXAqfME8PRGxXi5X2nmyhbCBT+Q5w0kiPkbGOta8pes1Ger1tUIcvRWhuiqX5QHB0pY/cJ+rBBPb7VGqjHLwIDAQABoQ57jHLmBml1nRKwcBSH/TIku" - -@ SSHFP 1 1 35fb44db05be6c6b6867663021c1375c78ebdf33 -@ SSHFP 1 2 74befd1f190727fd27ab0f20338a352264d7da1cafe14dd7315a25d6b96ffcd2 -@ SSHFP 2 1 3885ac981b57edf6fb075361f8392aaae6089864 -@ SSHFP 2 2 ac837ca3986959534db02c9a5f4c607d23a314a297375673934fb4cfa00185a1 -@ SSHFP 3 1 5994563a3ecd488970a31b6cc6467f053323ed5b -@ SSHFP 3 2 fa7ce1e7f830b3e1f296858dd596684fec1088dc16097a5729c1073a027d2386 |