set NS1 uz544mqwggqbf3z4utlhfqn45vpbpq78nc63hpg5u2ut29stkt0pkr.ns7.stargrave.org.
set NS2 uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org.
-set NoSPF {"v=spf1 -all"}
-set ReSPF {"v=spf1 redirect=_spf.stargrave.org"}
+set NoSPF "v=spf1 -all"
+set NoMX "MX 0 ."
+set ReSPF "v=spf1 redirect=_spf.stargrave.org"
+set DKIMKey "v=DKIM1; k=ed25519; p=R1JVW376WZiRHuK1+74hESbo1Jt3hBCv13l8fVJZrBk="
proc zone {serial} {
global DOMAIN NS1 NS2
puts "$dn MX 20 mail2.stargrave.org."
puts "$dn MX 30 mailfake1.stargrave.org."
global ReSPF
- puts "$dn TXT $ReSPF"
+ puts "$dn TXT \"$ReSPF\""
}
proc dane {dn {port 443}} {
set dn [fqdn $dn]
set dirname [string trimright $dn .]
set was [pwd]
+ set caas [list]
cd tls
foreach ca [lsort [glob ca/*/*]] {
set ca [join [lrange [split $ca /] 1 end] /]
set ee [file join ee $ca $dirname]
if {![file exists $ee]} { continue }
- puts "[shorten $dn] CAA 0 issue \"[lindex [split $ca /] end]\""
+ set caas [lappend $caas [lindex [split $ca /] end]]
puts "[shorten _$port._tcp.$dn] TLSA 3 1 1 [exec zeasypki dane $ee]"
}
cd $was
+ foreach ca [lsort -unique $caas] {
+ puts "[shorten $dn] CAA 0 issue \"$ca\""
+ }
}
proc ssh {dn} {
dane $dn $danePort
ssh $dn
- global NoSPF
- if {[lsearch $flags nospf] == -1} { puts "$short TXT $NoSPF" }
+ global NoSPF NoMX
+ if {[lsearch $flags mailable] == -1} {
+ puts "$short TXT \"$NoSPF\""
+ puts "$short $NoMX"
+ }
if {[lsearch $flags y] != -1} {
global Y6
set short [shorten y.[fqdn $dn]]
puts "$short AAAA $Y6"
- puts "$short TXT $NoSPF"
+ puts "$short TXT \"$NoSPF\""
+ puts "$short $NoMX"
ssh $short
}
}