kyriasis.com.zone


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180

; vi: ft=bindzone:ts=8:sw=8:nowrap:noet
$ORIGIN kyriasis.com.
$TTL 2h

@       IN      SOA     theos.kyriasis.com. hostmaster (
                                69      ; serial
                                4h      ; refresh
                                1h      ; retry
                                1w      ; expire
                                1h      ; minttl
                        )
                NS ns1
                NS ns2

                ; -> lucifer.kyriasis.com
                A       178.79.157.58
                AAAA    2a01:7e00::f03c:91ff:fe69:1787

theos           A       212.71.254.33
theos           AAAA    2a01:7e00::f03c:91ff:fe6e:f996
h.theos         AAAA    fca1:fabb:7792:f28d:4623:139:10af:549

NS1             A       212.71.254.33
NS1             AAAA    2a01:7e00::f03c:91ff:fe6e:f996
NS2             A       178.79.157.58
NS2             AAAA    2a01:7e00::f03c:91ff:fe69:1787

zorg            AAAA    2a01:7e00:e000:136::2
h.zorg          AAAA    fc3d:9b94:8d0e:8e88:72d3:2193:9425:6574
leeloo          A       80.217.51.233
h.leeloo        AAAA    fcb9:72d4:cd1b:57f4:1ab0:bd4:e015:7e03
h.tirxu         AAAA    fc29:58d6:7dbb:81e7:2d03:3205:fcce:20e7
xarci           A       163.172.146.146

www             CNAME   kyriasis.com.
www.theos       CNAME   theos
git             CNAME   theos
ldap            CNAME   theos
autoconfig      CNAME   theos
ca              CNAME   theos
wiki            CNAME   theos
xan             CNAME   theos

;;; Keybase verification
@               TXT     "keybase-site-verification=ps0bAlsiJPIhNZy3mN-xDArc8f9A-AEoVhgsC6NDLDk"
theos           TXT     "keybase-site-verification=_bApRga8QdQm0OpTxOZLeBFAPDB1_VV_BGbB8X-jw-M"

;;; DNSSEC

; bind 9.9 and later supports "live signing" where the nameserver automatically signs the
; zone in memory. Due to this the live zone has a larger serial number than in this file

;;; DANE (TLSA) - http://tools.ietf.org/html/rfc6698
;   "TLSA" <usage> <selector> <match>
;   usage:
;     [0] match certification path & require known CA or trust anchor
;     [1] match end-entity certificate & require known CA or trust anchor
;     [2] match certification path, using given cert as trust anchor
;     [3] match end-entity certificate
;   selector:
;     [0] X.509 certificate
;     [1] public key
;   match:
;     [0] exact match
;     [1] SHA-256 hash
;     [2] SHA-512 hash

;; theos
; https; StartSSL
_443._tcp.theos         TLSA    3 0 1   35da01bd9fed5e538baae2cb423dd6923f8d313c774f2da1b40e64d418e3f271


;;; Mail

;; MX
@                       MX      5       theos
@                       MX      5       lucifer
@                       MX      10      h.theos
h                       MX      5       h.theos
theos                   MX      5       theos
theos                   MX      25      lucifer
lists                   MX      5       theos

;; SPF <http://tools.ietf.org/html/rfc4408>
@                       TXT     "v=spf1 a mx ~all"
@                       SPF     "v=spf1 a mx ~all"
theos                   SPF     "v=spf1 a mx ~all"
theos                   TXT     "v=spf1 a mx ~all"

;; DKIM <http://tools.ietf.org/html/rfc6376>
theos._domainkey        TXT     "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5u7MOeQk0oIgy64BcFDvmxiRGuZBPTFaFvRTz0LZMIq66E0iW76RFC9tBONQrVvVUCeMldmgy7AGjRMbZaszgtL14PJQeD9HDfbVnEVQhS12kMY2HPR3HruwfLcSgADjBwt3nVkdXusjTsNoGB/Yj7+Bdr/HFHi5blLB3a+6S7wIDAQAB"
lucifer._domainkey      TXT     "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYcYHES1v8w5pgSxmU5OuvG+JoNCynxPNnTzzwaiG6AWvTbToCRrqjVksCxeC+3YpzVvJGU3NifmM6c64rJRz/IVZYkim0UkZP2L07fhm0mUNwkcemziTG9YmrcGI9h9BiSYoW+v0hZuGjtmDUfPzupLYk1Cif3ZPZg7IwUai5+QIDAQAB"
theos._domainkey.theos  TXT     "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5u7MOeQk0oIgy64BcFDvmxiRGuZBPTFaFvRTz0LZMIq66E0iW76RFC9tBONQrVvVUCeMldmgy7AGjRMbZaszgtL14PJQeD9HDfbVnEVQhS12kMY2HPR3HruwfLcSgADjBwt3nVkdXusjTsNoGB/Yj7+Bdr/HFHi5blLB3a+6S7wIDAQAB"

;; DMARC <https://tools.ietf.org/html/rfc7489>
_dmarc                  TXT     "v=DMARC1; adkim=r; aspf=r; fo=1:d:s; p=none; rua=mailto:aggrep@kyriasis.com; ruf=mailto:authfail@kyriasis.com"

;; SRV for email discovery <https://tools.ietf.org/html/rfc6186>
;;   (not sure if anything useful uses them?)
_submission._tcp        SRV     0       0       587     theos
_imap._tcp              SRV     0       0       143     theos
_imaps._tcp             SRV     0       0       993     theos


;;; Kerberos <http://web.mit.edu/Kerberos/krb5-latest/doc/admin/realm_config.html>
_kerberos               TXT     "KYRIASIS.COM"
_kerberos._udp          SRV     0       0       88      theos
_kerberos._tcp          SRV     0       0       88      theos
_kerberos-master._udp   SRV     0       0       88      theos
_kerberos-adm._tcp      SRV     0       0       749     theos
_kpasswd._udp           SRV     0       0       464     theos


;;; LDAP
_ldap._tcp              SRV     0       0       389     theos
_ldaps._tcp             SRV     0       0       636     theos


;;; XMPP
_xmpp-client._tcp       SRV     5       0       5222    theos
_xmpp-client._tcp       SRV     5       5       5222    h.theos
_xmpp-server._tcp       SRV     5       0       5269    theos
_xmpp-server._tcp       SRV     5       5       5269    h.theos

;;; Gale
gale                    CNAME   theos

;;; SSH hostkeys <http://tools.ietf.org/html/rfc4255>
;  <http://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml>
;  "SSHFP" <algorithm> <fingerprint type> <fingerpint>
;  algorithm:
;    [1] RSA
;    [2] DSA
;    [3] ECDSA
;    [4] ED25519
;  fingerprint type:
;    [1] SHA-1
;    [2] SHA-256

;; theos
; RSA
theos                   SSHFP   1 1     35fb44db05be6c6b6867663021c1375c78ebdf33
theos                   SSHFP   1 2     74befd1f190727fd27ab0f20338a352264d7da1cafe14dd7315a25d6
; Ed25519
theos                   SSHFP   4 1     50a1c85a3c98ca1bbc44a6b602b6be662a51b433
theos                   SSHFP   4 2     bc7d361c8576cc7e6ddfc12b9d826074d2201a521233b94896c1cb6c06a87e41

;;; IPFS
johannes                TXT     "QmYWhbxWNi91iGwhFdYoKmQaDLg4cEYcnzY5kzSV8qrgQ3"
johannes                TXT     "dnslink=/ipns/QmYWhbxWNi91iGwhFdYoKmQaDLg4cEYcnzY5kzSV8qrgQ3"


;;; Users

; CERT and _pka records are used by GnuPG for looking up recipient's public key.
; - See <http://www.gushi.org/make-dns-cert/HOWTO.html> for a guide.
; - See RFC 4398 § 2.2 for CERT IPGP.

; OPENPGPKEY records are similar, but have the complete key.
; - See <http://tools.ietf.org/html/draft-wouters-dane-openpgp-02>

johannes                TXT      "Johannes Löthberg <johannes@kyriasis.com>, +46739525259"
                        CERT     IPGP   0  0    ( FFE0756vZflba7FgjlD7myc6nQu1aHR0cHM6Ly90aGVvcy
                                                  5reXJpYXNpcy5jb20vfmt5cmlhcy9wZ3Ata2V5LnR4dA== )
oqcqzgr1asi197b33efih1a8y5q37xz3._pka CERT IPGP 0 0 5134EF9EAF65F95B6BB1608E50FB9B273A9D0BB5
johannes._pka           TXT      "v=pka1;fpr=5134EF9EAF65F95B6BB1608E50FB9B273A9D0BB5;uri=https://theos.kyriasis.com/~kyrias/pgp-key.txt"


;;; Delegated subdomains

;; Arch-Tk
arch                    NS      ns1.he.net.
                        NS      ns2.he.net.
                        NS      ns3.he.net.
                        NS      ns4.he.net.
                        NS      ns5.he.net.


$INCLUDE "/home/kyrias/dns/lucifer.kyriasis.com.zone"
$INCLUDE "/home/kyrias/dns/_openpgpkey.kyriasis.com.zone"