X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/zones/blobdiff_plain/b30cc2156fad9cefea07fca2697c0bee69f837de..HEAD:/odin.lisp

diff --git a/odin.lisp b/odin.lisp
index 8263a74..fc921ca 100644
--- a/odin.lisp
+++ b/odin.lisp
@@ -11,12 +11,26 @@ (defzone odin.gg
   ;; Nameservers
   :ns ((radius-ns :ip radius)
        (precision-ns :ip precision)
-       ns6.gandi.net.)
+       (telecaster-ns :ip telecaster)
+       (national-ns :ip national)
+       (eggle-ns :ip eggle))
 
   ;; Web service.
-  ((@ www) :svc stratocaster)
+  ((@ www) :svc stratocaster
+	   :tlsa (:https (:service-certificate-constraint
+			  :public-key :sha-256 #p"https-stratocaster")))
+
+  ;; Certification.
+  :caa ((:issue "letsencrypt.org")
+	(:issue "distorted.org.uk"))
 
   ;; Mail servers
-  (@ :ttl 300
-     :mx ((mail :ip vampire))
-     :srv ((:smtp mail))))
+  :mx ((mail :ip stratocaster))
+  :srv ((:smtp mail))
+  :spf ((:version "spf1")
+	(:pass :ip stratocaster.dmz)
+	(:soft :all))
+  (_dmarc :dmarc (:v "DMARC1"
+		  :p "quarantine" :sp "quarantine"
+		  :adkim "s" :aspf "s"))
+  (_domainkey :dname stratocaster.dkim.distorted.org.uk.))