blob: 2864ade332a569ac80f4acde2e949fd391747bdb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
|
; vi: ft=bindzone:ts=8:sw=8:nowrap:noet
$ORIGIN kyriasis.com.
$TTL 2h
@ IN SOA theos.kyriasis.com. hostmaster (
73 ; serial
4h ; refresh
1h ; retry
1w ; expire
1h ; minttl
)
NS ns1
NS ns2
NS ns3
; -> lucifer.kyriasis.com
A 178.79.157.58
AAAA 2a01:7e00::f03c:91ff:fe69:1787
theos A 212.71.254.33
theos AAAA 2a01:7e00::f03c:91ff:fe6e:f996
h.theos AAAA fca1:fabb:7792:f28d:4623:139:10af:549
NS1 A 212.71.254.33
NS1 AAAA 2a01:7e00::f03c:91ff:fe6e:f996
NS2 A 178.79.157.58
NS2 AAAA 2a01:7e00::f03c:91ff:fe69:1787
NS3 A 109.74.205.187
NS3 AAAA 2a01:7e00::f03c:91ff:fe50:9476
zorg AAAA 2a01:7e00:e000:136::2
h.zorg AAAA fc3d:9b94:8d0e:8e88:72d3:2193:9425:6574
leeloo A 80.217.51.233
h.leeloo AAAA fcb9:72d4:cd1b:57f4:1ab0:bd4:e015:7e03
h.tirxu AAAA fc29:58d6:7dbb:81e7:2d03:3205:fcce:20e7
xarci A 163.172.146.146
www CNAME kyriasis.com.
www.theos CNAME theos
git CNAME theos
ldap CNAME theos
autoconfig CNAME theos
ca CNAME theos
wiki CNAME theos
xan CNAME theos
;;; Keybase verification
@ TXT "keybase-site-verification=ps0bAlsiJPIhNZy3mN-xDArc8f9A-AEoVhgsC6NDLDk"
theos TXT "keybase-site-verification=_bApRga8QdQm0OpTxOZLeBFAPDB1_VV_BGbB8X-jw-M"
;;; DNSSEC
; bind 9.9 and later supports "live signing" where the nameserver automatically signs the
; zone in memory. Due to this the live zone has a larger serial number than in this file
;;; DANE (TLSA) - http://tools.ietf.org/html/rfc6698
; "TLSA" <usage> <selector> <match>
; usage:
; [0] match certification path & require known CA or trust anchor
; [1] match end-entity certificate & require known CA or trust anchor
; [2] match certification path, using given cert as trust anchor
; [3] match end-entity certificate
; selector:
; [0] X.509 certificate
; [1] public key
; match:
; [0] exact match
; [1] SHA-256 hash
; [2] SHA-512 hash
;; theos
; https; StartSSL
_443._tcp.theos TLSA 3 0 1 35da01bd9fed5e538baae2cb423dd6923f8d313c774f2da1b40e64d418e3f271
;;; Mail
;; MX
@ MX 5 theos
@ MX 5 lucifer
@ MX 10 h.theos
h MX 5 h.theos
theos MX 5 theos
theos MX 25 lucifer
lists MX 5 theos
;; SPF <http://tools.ietf.org/html/rfc4408>
@ TXT "v=spf1 a mx ~all"
@ SPF "v=spf1 a mx ~all"
theos SPF "v=spf1 a mx ~all"
theos TXT "v=spf1 a mx ~all"
;; DKIM <http://tools.ietf.org/html/rfc6376>
theos._domainkey TXT "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5u7MOeQk0oIgy64BcFDvmxiRGuZBPTFaFvRTz0LZMIq66E0iW76RFC9tBONQrVvVUCeMldmgy7AGjRMbZaszgtL14PJQeD9HDfbVnEVQhS12kMY2HPR3HruwfLcSgADjBwt3nVkdXusjTsNoGB/Yj7+Bdr/HFHi5blLB3a+6S7wIDAQAB"
lucifer._domainkey TXT "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYcYHES1v8w5pgSxmU5OuvG+JoNCynxPNnTzzwaiG6AWvTbToCRrqjVksCxeC+3YpzVvJGU3NifmM6c64rJRz/IVZYkim0UkZP2L07fhm0mUNwkcemziTG9YmrcGI9h9BiSYoW+v0hZuGjtmDUfPzupLYk1Cif3ZPZg7IwUai5+QIDAQAB"
theos._domainkey.theos TXT "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5u7MOeQk0oIgy64BcFDvmxiRGuZBPTFaFvRTz0LZMIq66E0iW76RFC9tBONQrVvVUCeMldmgy7AGjRMbZaszgtL14PJQeD9HDfbVnEVQhS12kMY2HPR3HruwfLcSgADjBwt3nVkdXusjTsNoGB/Yj7+Bdr/HFHi5blLB3a+6S7wIDAQAB"
;; DMARC <https://tools.ietf.org/html/rfc7489>
_dmarc TXT "v=DMARC1; adkim=r; aspf=r; fo=1:d:s; p=none; rua=mailto:aggrep@kyriasis.com; ruf=mailto:authfail@kyriasis.com"
;; SRV for email discovery <https://tools.ietf.org/html/rfc6186>
;; (not sure if anything useful uses them?)
_submission._tcp SRV 0 0 587 theos
_imap._tcp SRV 0 0 143 theos
_imaps._tcp SRV 0 0 993 theos
;;; Kerberos <http://web.mit.edu/Kerberos/krb5-latest/doc/admin/realm_config.html>
_kerberos TXT "KYRIASIS.COM"
_kerberos._udp SRV 0 0 88 theos
_kerberos._tcp SRV 0 0 88 theos
_kerberos-master._udp SRV 0 0 88 theos
_kerberos-adm._tcp SRV 0 0 749 theos
_kpasswd._udp SRV 0 0 464 theos
;;; LDAP
_ldap._tcp SRV 0 0 389 theos
_ldaps._tcp SRV 0 0 636 theos
;;; XMPP
_xmpp-client._tcp SRV 5 0 5222 theos
_xmpp-client._tcp SRV 5 5 5222 h.theos
_xmpp-server._tcp SRV 5 0 5269 theos
_xmpp-server._tcp SRV 5 5 5269 h.theos
;;; Gale
gale CNAME theos
;;; SSH hostkeys <http://tools.ietf.org/html/rfc4255>
; <http://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml>
; "SSHFP" <algorithm> <fingerprint type> <fingerpint>
; algorithm:
; [1] RSA
; [2] DSA
; [3] ECDSA
; [4] ED25519
; fingerprint type:
; [1] SHA-1
; [2] SHA-256
;; theos
theos SSHFP 1 1 cb3df56672d38e1fa87e4b5c0a426a1e763642dc
theos SSHFP 1 2 ceb922e1c46baf29a765c3bcfb43d6f1dbc5d7921a3fd33e345bae893e15071f
theos SSHFP 2 1 f25c3e73ae11395ac307629d348b8448990674e0
theos SSHFP 2 2 21c4ca0ebfa15fd09852d2a6951759f56e5fbbfc3e4eb1c023cf670c0187d6d0
theos SSHFP 3 1 16806913a140204e16bfcffa054550a2bf71508f
theos SSHFP 3 2 d9f168d403db920fe5c57dc81eeca068fa7f4ecb4c8830bfb7b8c81731b2c4db
theos SSHFP 4 1 5367ab9a011cb93feb7c240604f521c89cb70e36
theos SSHFP 4 2 1328702b75a46dfeffd00e859652946714103803ff214a67da6e867f6416fa39
git SSHFP 1 1 cb3df56672d38e1fa87e4b5c0a426a1e763642dc
git SSHFP 1 2 ceb922e1c46baf29a765c3bcfb43d6f1dbc5d7921a3fd33e345bae893e15071f
git SSHFP 2 1 f25c3e73ae11395ac307629d348b8448990674e0
git SSHFP 2 2 21c4ca0ebfa15fd09852d2a6951759f56e5fbbfc3e4eb1c023cf670c0187d6d0
git SSHFP 3 1 16806913a140204e16bfcffa054550a2bf71508f
git SSHFP 3 2 d9f168d403db920fe5c57dc81eeca068fa7f4ecb4c8830bfb7b8c81731b2c4db
git SSHFP 4 1 5367ab9a011cb93feb7c240604f521c89cb70e36
git SSHFP 4 2 1328702b75a46dfeffd00e859652946714103803ff214a67da6e867f6416fa39
;;; IPFS
johannes TXT "QmYWhbxWNi91iGwhFdYoKmQaDLg4cEYcnzY5kzSV8qrgQ3"
johannes TXT "dnslink=/ipns/QmYWhbxWNi91iGwhFdYoKmQaDLg4cEYcnzY5kzSV8qrgQ3"
;;; Users
; CERT and _pka records are used by GnuPG for looking up recipient's public key.
; - See <http://www.gushi.org/make-dns-cert/HOWTO.html> for a guide.
; - See RFC 4398 § 2.2 for CERT IPGP.
; OPENPGPKEY records are similar, but have the complete key.
; - See <http://tools.ietf.org/html/draft-wouters-dane-openpgp-02>
johannes TXT "Johannes Löthberg <johannes@kyriasis.com>, +46739525259"
CERT IPGP 0 0 ( FFE0756vZflba7FgjlD7myc6nQu1aHR0cHM6Ly90aGVvcy
5reXJpYXNpcy5jb20vfmt5cmlhcy9wZ3Ata2V5LnR4dA== )
oqcqzgr1asi197b33efih1a8y5q37xz3._pka CERT IPGP 0 0 5134EF9EAF65F95B6BB1608E50FB9B273A9D0BB5
johannes._pka TXT "v=pka1;fpr=5134EF9EAF65F95B6BB1608E50FB9B273A9D0BB5;uri=https://theos.kyriasis.com/~kyrias/pgp-key.txt"
;;; Delegated subdomains
;; Arch-Tk
arch NS ns1.he.net.
NS ns2.he.net.
NS ns3.he.net.
NS ns4.he.net.
NS ns5.he.net.
$INCLUDE "/home/kyrias/dns/lucifer.kyriasis.com.zone"
$INCLUDE "/home/kyrias/dns/_openpgpkey.kyriasis.com.zone"
|