*.lisp: Add CAA records to discourage wrong CAs from issuing.

[zones] / distorted.lisp

diff --git a/distorted.lisp b/distorted.lisp
index d71124a191bdb57d8d6d5017d7c47190e7496ecc..e17768b486a13f4b170ce74b2b464a0662dfee54 100644 (file)
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -77,6 +77,10 @@ (defzone distorted.org.uk
        #-view/inside (mythic-beasts-3.ns :ip mythic-ns3)
        #-view/inside (chiark.ns :ip chiark.greenend.org.uk))
 
+  ;; Certification.
+  :caa ((:issue "letsencrypt.org")
+       (:issue "distorted.org.uk"))
+
   ;; Mail servers.
   ((@ mail blackhole) :mx mail :srv ((:smtp mail)))
   ((bugs) :ttl 300 :mx lists :srv ((:smtp bugs)))