CAs are generally uselsss and can't be relied on to take any notice, but
it's better than nothing.
Add a record for our own CA for form's sake, even though I don't take
any notice.
(mythic-beasts-2.ns :ip mythic-ns2)
(mythic-beasts-3.ns :ip mythic-ns3))
(mythic-beasts-2.ns :ip mythic-ns2)
(mythic-beasts-3.ns :ip mythic-ns3))
+ ;; Certification.
+ :caa ((:issue "letsencrypt.org")
+ (:issue "distorted.org.uk"))
+
;; Internal hosts.
(binswrt :a binswrt.binswood)
(mango :a mango.binswood)
;; Internal hosts.
(binswrt :a binswrt.binswood)
(mango :a mango.binswood)
#-view/inside (mythic-beasts-3.ns :ip mythic-ns3)
#-view/inside (chiark.ns :ip chiark.greenend.org.uk))
#-view/inside (mythic-beasts-3.ns :ip mythic-ns3)
#-view/inside (chiark.ns :ip chiark.greenend.org.uk))
+ ;; Certification.
+ :caa ((:issue "letsencrypt.org")
+ (:issue "distorted.org.uk"))
+
;; Mail servers.
((@ mail blackhole) :mx mail :srv ((:smtp mail)))
((bugs) :ttl 300 :mx lists :srv ((:smtp bugs)))
;; Mail servers.
((@ mail blackhole) :mx mail :srv ((:smtp mail)))
((bugs) :ttl 300 :mx lists :srv ((:smtp bugs)))
;; Web service.
((@ www) :svc stratocaster)
;; Web service.
((@ www) :svc stratocaster)
+ ;; Certification.
+ :caa ((:issue "letsencrypt.org")
+ (:issue "distorted.org.uk"))
+
;; Mail servers
:mx ((mail :ip stratocaster))
:srv ((:smtp mail))
;; Mail servers
:mx ((mail :ip stratocaster))
:srv ((:smtp mail))
:tlsa (:https (:service-certificate-constraint
:public-key :sha-256 #p"https-stratocaster")))
:tlsa (:https (:service-certificate-constraint
:public-key :sha-256 #p"https-stratocaster")))
+ ;; Certification.
+ :caa ((:issue "letsencrypt.org")
+ (:issue "distorted.org.uk"))
+
;; Mail servers
:mx ((mail :ip stratocaster))
:srv ((:smtp mail))
;; Mail servers
:mx ((mail :ip stratocaster))
:srv ((:smtp mail))