(defzone odin.gg
- ;; Nameservers
- :ns ((radius-ns :ip radius)
- (precision-ns :ip precision)
- ns6.gandi.net.)
+ ;; Nameservers. Sadly, the registry permits at most six. Don't deploy
+ ;; `mythic-ns1' (Linode Texas, duplicates `national') or `mythic-ns2'
+ ;; (Mythic Beasts in Cambridge, too close to home0; `mythic-ns3' is in the
+ ;; Netherlands, which is a better choice.
+ :ns #+odin-glue
+ ((radius.ns :ip radius)
+ (precision.ns :ip precision)
+ (telecaster.ns :ip telecaster)
+ (national.ns :ip national)
+ (eggle.ns :ip eggle)
+ ;;(mythic-beasts-1.ns :ip mythic-ns1)
+ ;;(mythic-beasts-2.ns :ip mythic-ns2)
+ (mythic-beasts-3.ns :ip mythic-ns3))
+ #-odin-glue
+ (radius.distorted.org.uk.
+ precision.distorted.org.uk.
+ telecaster.distorted.org.uk.
+ national.distorted.org.uk.
+ eggle.distorted.org.uk.
+ ns3.mythic-beasts.com.)
;; Web service.
- ((@ www) :svc stratocaster)
+ ((@ www) :svc stratocaster
+ :tlsa (:https (:service-certificate-constraint
+ :public-key :sha-256 #p"https-stratocaster")))
+
+ ;; Certification.
+ :caa ((:issue "letsencrypt.org")
+ (:issue "distorted.org.uk"))
;; Mail servers
:mx ((mail :ip stratocaster))
:srv ((:smtp mail))
-
- (stratocaster.20140403._domainkey
- :dkim ("dkim-stratocaster.20140403.pub"
- :v "DKIM1"
- :k "rsa"
- :h "sha256"
- :s "email")))
+ :spf ((:version "spf1")
+ (:pass :ip stratocaster.dmz)
+ (:soft :all))
+ (_dmarc :dmarc (:v "DMARC1"
+ :p "quarantine" :sp "quarantine"
+ :adkim "s" :aspf "s"))
+ (_domainkey :dname stratocaster.dkim.distorted.org.uk.))
~mdw / zones / blobdiff