kyriasis.com.zone


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

; vi: ft=bindzone:ts=8:sw=8:nowrap:noet
$ORIGIN kyriasis.com.
$TTL 2h

@	IN	SOA	theos.kyriasis.com. hostmaster (
				28	; serial
				4h	; refresh
				1h	; retry
				1w	; expire
				1h	; minttl
			)
		NS ns1.kyriasis.com.
		NS ns2.kyriasis.com.

		; -> lucifer.kyriasis.com
		A	178.79.157.58
		AAAA	2a01:7e00::f03c:91ff:fe69:1787

theos		A	212.71.254.33
theos		AAAA	2a01:7e00::f03c:91ff:fe6e:f996

NS1		A	212.71.254.33
NS1		AAAA	2a01:7e00::f03c:91ff:fe6e:f996
NS2		A	178.79.157.58
NS2		AAAA	2a01:7e00::f03c:91ff:fe69:1787

www		CNAME	kyriasis.com.
git		CNAME	theos.kyriasis.com.
ldap		CNAME	theos.kyriasis.com.

;;; Keybase verification
@		TXT	"keybase-site-verification=ps0bAlsiJPIhNZy3mN-xDArc8f9A-AEoVhgsC6NDLDk"
theos		TXT	"keybase-site-verification=_bApRga8QdQm0OpTxOZLeBFAPDB1_VV_BGbB8X-jw-M"

;;; DNSSEC

; bind 9.9 and later supports "live signing" where the nameserver automatically signs the
; zone in memory. Due to this the live zone has a larger serial number than in this file

;;; DANE (TLSA) - http://tools.ietf.org/html/rfc6698
;   "TLSA" <usage> <selector> <match>
;   usage:
;     [0] match certification path & require known CA or trust anchor
;     [1] match end-entity certificate & require known CA or trust anchor
;     [2] match certification path, using given cert as trust anchor
;     [3] match end-entity certificate
;   selector:
;     [0] X.509 certificate
;     [1] public key
;   match:
;     [0] exact match
;     [1] SHA-256 hash
;     [2] SHA-512 hash

;; theos
; https; StartSSL
_443._tcp.theos		TLSA	3 0 1	 35da01bd9fed5e538baae2cb423dd6923f8d313c774f2da1b40e64d418e3f271


;;; Mail

;; MX
@			MX	5	theos.kyriasis.com.
@			MX	20	lucifer.kyriasis.com.
theos			MX	5	theos.kyriasis.com.

;; SPF <http://tools.ietf.org/html/rfc4408>
@			TXT	"v=spf1 a mx ~all"
@			SPF	"v=spf1 a mx ~all"
theos			SPF	"v=spf1 a mx ~all"
theos			TXT	"v=spf1 a mx ~all"

;; DKIM <http://tools.ietf.org/html/rfc6376>
theos._domainkey	TXT	"k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDp4YIk0oJEW1PbPBwCEr8o/e7koQ57jHLmBml1nRKwcBSH/TIkuqz85YYT72s88LaXVlaz2JDygT43edcD/kBxPPDXAqfME8PRGxXi5X2nmyhbCBT+Q5w0kiPkbGOta8pes1Ger1tUIcvRWhuiqX5QHB0pY/cJ+rBBPb7VGqjHLwIDAQABoQ57jHLmBml1nRKwcBSH/TIku"
lucifer._domainkey	TXT	"k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCurY0mrJZT5KKUYDfXkceauC2lLGk0E6z75bq0IcPcoNNrXbHIYQMuN5VMulrXv3qF6lbcJwA87XnvE7uS7471fmEYXluOZ2A+HdPm/W/LL1Z9De4LTgt45AWzanczDGxekh5hdy/VCwkxw1Kq6TA9G1fPJTF2sVvqo8JHNoI5swIDAQAB"
theos._domainkey.theos	TXT	"k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDp4YIk0oJEW1PbPBwCEr8o/e7koQ57jHLmBml1nRKwcBSH/TIkuqz85YYT72s88LaXVlaz2JDygT43edcD/kBxPPDXAqfME8PRGxXi5X2nmyhbCBT+Q5w0kiPkbGOta8pes1Ger1tUIcvRWhuiqX5QHB0pY/cJ+rBBPb7VGqjHLwIDAQABoQ57jHLmBml1nRKwcBSH/TIku"

;; SRV for email discovery <https://tools.ietf.org/html/rfc6186>
;;   (not sure if anything useful uses them?)
_submission._tcp	SRV	0	0	587	theos.kyriasis.com.
_imap._tcp		SRV	0	0	143	theos.kyriasis.com.
_imaps._tcp		SRV	0	0	993	theos.kyriasis.com.


;;; Kerberos <http://web.mit.edu/Kerberos/krb5-latest/doc/admin/realm_config.html>
_kerberos		TXT	"KYRIASIS.COM"
_kerberos._udp		SRV	0	0	88	theos.kyriasis.com.
_kerberos._tcp		SRV	0	0	88	theos.kyriasis.com.
_kerberos-master._udp	SRV	0	0	88	theos.kyriasis.com.
_kerberos-adm._tcp	SRV	0	0	749	theos.kyriasis.com.
_kpasswd._udp		SRV	0	0	464	theos.kyriasis.com.


;;; LDAP
_ldap._tcp		SRV	0	0	389	theos.kyriasis.com.
_ldaps._tcp		SRV	0	0	636	theos.kyriasis.com.


;;; SSH hostkeys <http://tools.ietf.org/html/rfc4255>
;  <http://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml>
;  "SSHFP" <algorithm> <fingerprint type> <fingerpint>
;  algorithm:
;    [1] RSA
;    [2] DSA
;    [3] ECDSA
;    [4] ED25519
;  fingerprint type:
;    [1] SHA-1
;    [2] SHA-256

;; theos
; RSA
theos			SSHFP	1 1	35fb44db05be6c6b6867663021c1375c78ebdf33
theos			SSHFP	1 2	74befd1f190727fd27ab0f20338a352264d7da1cafe14dd7315a25d6
; Ed25519
theos			SSHFP	4 1	50a1c85a3c98ca1bbc44a6b602b6be662a51b433
theos			SSHFP	4 2	bc7d361c8576cc7e6ddfc12b9d826074d2201a521233b94896c1cb6c06a87e41


;;; Users

; CERT and _pka records are used by GnuPG for looking up recipient's public key.
; - See <http://www.gushi.org/make-dns-cert/HOWTO.html> for a guide.
; - See RFC 4398 § 2.2 for CERT IPGP.

; OPENPGPKEY records are similar, but have the complete key.
; - See <http://tools.ietf.org/html/draft-wouters-dane-openpgp-02>

johannes		TXT	"Johannes Löthberg <johannes@kyriasis.com>, +46739525259"
			CERT	IPGP	0  0	( FFE0756vZflba7FgjlD7myc6nQu1aHR0cHM6Ly90aGVvcy
						  5reXJpYXNpcy5jb20vfmt5cmlhcy9wZ3Ata2V5LnR4dA== )
johannes._pka		TXT	"v=pka1;fpr=5134EF9EAF65F95B6BB1608E50FB9B273A9D0BB5;uri=https://theos.kyriasis.com/~kyrias/pgp-key.txt"


;;; Delegated subdomains

;; Arch-TkK
arch			NS	ns1.he.net.
			NS	ns2.he.net.
			NS	ns3.he.net.
			NS	ns4.he.net.
			NS	ns5.he.net.


$INCLUDE "/home/kyrias/dns/lucifer.kyriasis.com.zone"