set NS2 uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org.
set NoSPF {"v=spf1 -all"}
+set NoMX "MX 0 ."
set ReSPF {"v=spf1 redirect=_spf.stargrave.org"}
proc zone {serial} {
global DOMAIN NS1 NS2
-puts "\$TTL 21600
+ puts "\$TTL 21600
\$ORIGIN $DOMAIN.
$DOMAIN. 21600 IN SOA $NS1 admin.$DOMAIN. (
$serial ; Serial
2h ; Retry
2w ; Expire
6h ; TTL
-)
-@ NS $NS1
-@ NS $NS2
-_dmarc TXT \"v=DMARC1; p=none\""
+)"
+ puts "@ NS $NS1"
+ puts "@ NS $NS2"
+ puts {_dmarc TXT "v=DMARC1; p=none"}
}
proc fqdn {dn} {
proc shorten {dn} {
set dn [fqdn $dn]
global DOMAIN
- if { $dn == "$DOMAIN." } { return @ }
- return [join [lrange [split $dn .] 0 end-[expr [llength [split $DOMAIN .]] + 1]] .]
+ if {$dn == "$DOMAIN."} { return @ }
+ set domainLen [llength [split $DOMAIN .]]
+ return [join [lrange [split $dn .] 0 end-[expr $domainLen + 1]] .]
}
proc mx {dn} {
set dn [shorten $dn]
- global ReSPF
puts "$dn MX 10 mailfake0.stargrave.org."
puts "$dn MX 20 mail2.stargrave.org."
puts "$dn MX 30 mailfake1.stargrave.org."
+ global ReSPF
puts "$dn TXT $ReSPF"
}
-proc dane {dn {port ""}} {
+proc dane {dn {port 443}} {
set dn [fqdn $dn]
- if {$port == ""} { set port 443 }
set dirname [string trimright $dn .]
set was [pwd]
+ set caas [list]
cd tls
foreach ca [lsort [glob ca/*/*]] {
set ca [join [lrange [split $ca /] 1 end] /]
- if {![file exists [file join ee $ca $dirname]]} { continue }
- puts "[shorten $dn] CAA 0 issue \"[lindex [split $ca /] end]\""
- puts "[shorten _$port._tcp.$dn] TLSA 3 1 1 [exec zeasypki dane ee/$ca/$dirname]"
+ set ee [file join ee $ca $dirname]
+ if {![file exists $ee]} { continue }
+ set caas [lappend $caas [lindex [split $ca /] end]]
+ puts "[shorten _$port._tcp.$dn] TLSA 3 1 1 [exec zeasypki dane $ee]"
}
cd $was
+ foreach ca [lsort -unique $caas] {
+ puts "[shorten $dn] CAA 0 issue \"$ca\""
+ }
}
proc ssh {dn} {
set dn [fqdn $dn]
set fn ssh/[string trimright $dn .]
if {![file exists $fn]} { return }
- set fd [open "| ssh-keygen -f $fn -r $dn"]
+ set fd [open "|ssh-keygen -f $fn -r $dn"]
while {[gets $fd line] >= 0} {
if {[string first "SSHFP 4 2" $line] == -1} { continue }
puts "[shorten $dn] [lrange [split $line " "] 2 end]"
}
proc subdomain {dn addrs {flags {}}} {
- global Y6 NoSPF
set short [shorten $dn]
foreach addr $addrs {
if {[string first : $addr] == -1} { set atyp A } { set atyp AAAA }
puts "$short $atyp $addr"
}
- dane $dn [lindex [split [lindex $flags [lsearch $flags dane:*]] :] end]
+
+ set danePort [lsearch -inline $flags dane:*]
+ if {$danePort == ""} {
+ set danePort 443
+ } {
+ set danePort [lindex [split $danePort :] end]
+ }
+ dane $dn $danePort
ssh $dn
- if {[lsearch $flags nospf] == -1} { puts "$short TXT $NoSPF" }
+
+ global NoSPF NoMX
+ if {[lsearch $flags mailable] == -1} {
+ puts "$short TXT $NoSPF"
+ puts "$short $NoMX"
+ }
if {[lsearch $flags y] != -1} {
+ global Y6
set short [shorten y.[fqdn $dn]]
puts "$short AAAA $Y6"
puts "$short TXT $NoSPF"
+ puts "$short $NoMX"
ssh $short
}
}
proc pgp {keyid {uid ""}} {
if {$uid == ""} { set uid $keyid }
- set fd [open "| gpg --export-options export-dane --export $keyid"]
+ set fd [open "|gpg --export-options export-dane --export $keyid"]
while {[gets $fd line] >= 0} {
if {[string first $uid $line] != -1} { break }
}