X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/zones/blobdiff_plain/1b9508ad37b8ea9d28f3135ec55a1833c13584db..HEAD:/odin.lisp

diff --git a/odin.lisp b/odin.lisp
index acce6a9..fc921ca 100644
--- a/odin.lisp
+++ b/odin.lisp
@@ -9,18 +9,28 @@ (setf *default-zone-source* 'radius.distorted.org.uk.)
 (defzone odin.gg
 
   ;; Nameservers
-  :ns ((radius.ns :ip radius)
-       (precision.ns :ip precision)
-       (telecaster.ns :ip telecaster)
-       (gandi6.ns :ip gandi-ns6))
+  :ns ((radius-ns :ip radius)
+       (precision-ns :ip precision)
+       (telecaster-ns :ip telecaster)
+       (national-ns :ip national)
+       (eggle-ns :ip eggle))
 
   ;; Web service.
-  ((@ www) :svc stratocaster)
+  ((@ www) :svc stratocaster
+	   :tlsa (:https (:service-certificate-constraint
+			  :public-key :sha-256 #p"https-stratocaster")))
+
+  ;; Certification.
+  :caa ((:issue "letsencrypt.org")
+	(:issue "distorted.org.uk"))
 
   ;; Mail servers
   :mx ((mail :ip stratocaster))
   :srv ((:smtp mail))
-
-  (stratocaster.20140403._domainkey
-   :dkim ("stratocaster-20140403"
-	  :v "DKIM1" :k "rsa" :h "sha256" :s "email")))
+  :spf ((:version "spf1")
+	(:pass :ip stratocaster.dmz)
+	(:soft :all))
+  (_dmarc :dmarc (:v "DMARC1"
+		  :p "quarantine" :sp "quarantine"
+		  :adkim "s" :aspf "s"))
+  (_domainkey :dname stratocaster.dkim.distorted.org.uk.))