set NS2 uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org.
set NoSPF {"v=spf1 -all"}
+set NoMX "MX 0 ."
set ReSPF {"v=spf1 redirect=_spf.stargrave.org"}
proc zone {serial} {
set dn [fqdn $dn]
set dirname [string trimright $dn .]
set was [pwd]
+ set caas [list]
cd tls
foreach ca [lsort [glob ca/*/*]] {
set ca [join [lrange [split $ca /] 1 end] /]
set ee [file join ee $ca $dirname]
if {![file exists $ee]} { continue }
- puts "[shorten $dn] CAA 0 issue \"[lindex [split $ca /] end]\""
+ set caas [lappend $caas [lindex [split $ca /] end]]
puts "[shorten _$port._tcp.$dn] TLSA 3 1 1 [exec zeasypki dane $ee]"
}
cd $was
+ foreach ca [lsort -unique $caas] {
+ puts "[shorten $dn] CAA 0 issue \"$ca\""
+ }
}
proc ssh {dn} {
dane $dn $danePort
ssh $dn
- global NoSPF
- if {[lsearch $flags nospf] == -1} { puts "$short TXT $NoSPF" }
+ global NoSPF NoMX
+ if {[lsearch $flags mailable] == -1} {
+ puts "$short TXT $NoSPF"
+ puts "$short $NoMX"
+ }
if {[lsearch $flags y] != -1} {
global Y6
set short [shorten y.[fqdn $dn]]
puts "$short AAAA $Y6"
puts "$short TXT $NoSPF"
+ puts "$short $NoMX"
ssh $short
}
}