summaryrefslogtreecommitdiffstats
path: root/kyriasis.com.zone
blob: 081544ac0a1fffb6fa8c94c16dd81f22829106eb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
$ORIGIN kyriasis.com.
$TTL 24h

@       IN      SOA     ns1.kyriasis.com. hostmaster.kyriasis.com. (
                                2405300142  ; serial
                                24h         ; refresh
                                2h          ; retry
                                1w          ; expire
                                4h          ; minttl
                        )
                NS ns1
                NS ns2

                ; -> theos.kyriasis.com
                A       212.71.254.33
                AAAA    2a01:7e00:e000:136::1

                CAA     0 issue "letsencrypt.org; accounturi=https://acme-v01.api.letsencrypt.org/acme/reg/731923"

theos           A       212.71.254.33
theos           AAAA    2a01:7e00:e000:136::1
direct.theos    AAAA    2a01:7e00::f03c:91ff:fe6e:f996
v4.theos        A       212.71.254.33
v6.theos        AAAA    2a01:7e00:e000:136::1

NS1             A       212.71.254.33
NS1             AAAA    2a01:7e00:e000:136::1
NS2             A       178.79.157.58
NS2             AAAA    2a01:7e00::f03c:91ff:fe69:1787

zorg            AAAA    2a01:7e00:e000:136::2
h.zorg          AAAA    fc3d:9b94:8d0e:8e88:72d3:2193:9425:6574

leeloo          A       80.217.51.233
leeloo          AAAA    2001:470:28:212:ea9a:8fff:fe33:43a
h.leeloo        AAAA    fcb9:72d4:cd1b:57f4:1ab0:bd4:e015:7e03

h.tirxu         AAAA    fc29:58d6:7dbb:81e7:2d03:3205:fcce:20e7

home            A       158.174.52.10
hydrogen.home   AAAA    2001:9b1:4a01:f400:228:f8ff:fe5c:f03a

www             CNAME   kyriasis.com.
www.theos       CNAME   theos

actual          CNAME   theos
autoconfig      CNAME   theos
ca              CNAME   theos
gerrit          CNAME   theos
git             CNAME   theos
grafana         CNAME   theos
ldap            CNAME   theos
miniflux        CNAME   theos
prometheus      CNAME   theos
repsys          CNAME   theos
repsys-test     CNAME   theos
salt            CNAME   theos
taskd           CNAME   theos
vault           CNAME   theos
wiki            CNAME   theos
xan             CNAME   theos
gada            A       127.0.0.1
*.minikube      A       192.168.99.100


;;; Keybase verification
@               TXT     "keybase-site-verification=ps0bAlsiJPIhNZy3mN-xDArc8f9A-AEoVhgsC6NDLDk"
theos           TXT     "keybase-site-verification=_bApRga8QdQm0OpTxOZLeBFAPDB1_VV_BGbB8X-jw-M"


;;; SSH hostkeys <http://tools.ietf.org/html/rfc4255>
;  <http://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml>
;  "SSHFP" <algorithm> <fingerprint type> <fingerpint>
;  algorithm:
;    [1] RSA
;    [2] DSA
;    [3] ECDSA
;    [4] ED25519
;  fingerprint type:
;    [1] SHA-1
;    [2] SHA-256

theos                 SSHFP 1 1 35fb44db05be6c6b6867663021c1375c78ebdf33
theos                 SSHFP 1 2 74befd1f190727fd27ab0f20338a352264d7da1cafe14dd7315a25d6b96ffcd2
theos                 SSHFP 3 1 08e2cf413f9feebefebf4b20d3d4b78281050df0
theos                 SSHFP 3 2 bd684d88c34637e0d16ca4e73c0beffdeadf7129081f7743811fcb1e597f98a0
theos                 SSHFP 4 1 50a1c85a3c98ca1bbc44a6b602b6be662a51b433
theos                 SSHFP 4 2 bc7d361c8576cc7e6ddfc12b9d826074d2201a521233b94896c1cb6c06a87e41


;;; Mail

;; MX
@                       MX     0       theos
theos                   MX     0       theos
lists                   MX     0       theos
lucifer                 MX     0       lucifer

;; SPF <http://tools.ietf.org/html/rfc4408>
@                       TXT    "v=spf1 a mx ip4:178.79.157.58 ip6:2a01:7e00::f03c:91ff:fe69:1787 include:_spf.google.com ~all"
@                       SPF    "v=spf1 a mx ip4:178.79.157.58 ip6:2a01:7e00::f03c:91ff:fe69:1787 include:_spf.google.com ~all"
theos                   SPF    "v=spf1 a mx ~all"
theos                   TXT    "v=spf1 a mx ~all"
lucifer                 SPF    "v=spf1 a mx ~all"
lucifer                 TXT    "v=spf1 a mx ~all"

;; DKIM <http://tools.ietf.org/html/rfc6376>
theos._domainkey        TXT    "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5u7MOeQk0oIgy64BcFDvmxiRGuZBPTFaFvRTz0LZMIq66E0iW76RFC9tBONQrVvVUCeMldmgy7AGjRMbZaszgtL14PJQeD9HDfbVnEVQhS12kMY2HPR3HruwfLcSgADjBwt3nVkdXusjTsNoGB/Yj7+Bdr/HFHi5blLB3a+6S7wIDAQAB"
lucifer._domainkey      TXT    "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYcYHES1v8w5pgSxmU5OuvG+JoNCynxPNnTzzwaiG6AWvTbToCRrqjVksCxeC+3YpzVvJGU3NifmM6c64rJRz/IVZYkim0UkZP2L07fhm0mUNwkcemziTG9YmrcGI9h9BiSYoW+v0hZuGjtmDUfPzupLYk1Cif3ZPZg7IwUai5+QIDAQAB"
theos._domainkey.theos  TXT    "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5u7MOeQk0oIgy64BcFDvmxiRGuZBPTFaFvRTz0LZMIq66E0iW76RFC9tBONQrVvVUCeMldmgy7AGjRMbZaszgtL14PJQeD9HDfbVnEVQhS12kMY2HPR3HruwfLcSgADjBwt3nVkdXusjTsNoGB/Yj7+Bdr/HFHi5blLB3a+6S7wIDAQAB"

;; DMARC <https://tools.ietf.org/html/rfc7489>
_dmarc                  TXT    "v=DMARC1; p=none; pct=100; rua=mailto:dmarc-aggregate-reports@kyriasis.com,mailto:re+fpdfyczuvkn@dmarc.postmarkapp.com; ruf=mailto:dmarc-failure-reports@kyriasis.com,mailto:re+fpdfyczuvkn@dmarc.postmarkapp.com; fo=1:d:s; adkim=r; aspf=r"

;; SRV for email discovery <https://tools.ietf.org/html/rfc6186>
;;   (not sure if anything useful uses them?)
_submission._tcp        SRV    0       0       587     theos
_imap._tcp              SRV    0       0       143     theos
_imaps._tcp             SRV    0       0       993     theos

;; TLSA
$INCLUDE "dns/letsencrypt-tlsa.zone" _443._tcp.kyriasis.com.
$INCLUDE "dns/letsencrypt-tlsa.zone" _443._tcp.theos.kyriasis.com.

$INCLUDE "dns/letsencrypt-tlsa.zone" _25._tcp.theos.kyriasis.com.
$INCLUDE "dns/letsencrypt-tlsa.zone" _587._tcp.theos.kyriasis.com.
$INCLUDE "dns/letsencrypt-tlsa.zone" _143._tcp.theos.kyriasis.com.
$INCLUDE "dns/letsencrypt-tlsa.zone" _993._tcp.theos.kyriasis.com.

;; Google Postmaster Tools
@                       TXT    "google-site-verification=Fj3Hc-7_JPc6WlEF_TMwYTGStln3kuz8vTJsMgoyKA8"


;;; Kerberos <http://web.mit.edu/Kerberos/krb5-latest/doc/admin/realm_config.html>
_kerberos               TXT    "KYRIASIS.COM"
_kerberos._udp          SRV    0       0       88      theos
_kerberos._tcp          SRV    0       0       88      theos
_kerberos-master._udp   SRV    0       0       88      theos
_kerberos-adm._tcp      SRV    0       0       749     theos
_kpasswd._udp           SRV    0       0       464     theos


;;; LDAP
_ldap._tcp              SRV    0       0       389     theos
_ldaps._tcp             SRV    0       0       636     theos


;;; XMPP
_xmpp-client._tcp       SRV   10       0       5222    theos
_xmpps-client._tcp      SRV    5       0       5223    theos
_xmpp-server._tcp       SRV   10       0       5269    theos
_xmpps-server._tcp      SRV    5       0       5270    theos


;;; SIP
_sip._udp               SRV   10       1       5620    theos
_sip._tcp               SRV   10       1       5620    theos

;;; Gale
gale                    CNAME  theos


;;; Users
johannes                TXT    "Johannes Löthberg <johannes@kyriasis.com>, +46739525259"

;;; Tailscale hosts
carbon.ts               A      100.94.202.24
hydrogen.ts             A      100.105.247.39
theos.ts                A      100.102.234.122

;;; Delegated subdomains

;; Arch-Tk
arch                    NS     ns1.he.net.
                        NS     ns2.he.net.
                        NS     ns3.he.net.
                        NS     ns4.he.net.
                        NS     ns5.he.net.

$INCLUDE "dns/lucifer.kyriasis.com.zone"

; vim: ft=bindzone ts=8 sw=8 nowrap et