2 set GW6 2a03:e2c0:2663:1::1
5 set VPS6 2a04:ac00:a:146::25
7 set Y6 21a:af91:8d0e:b05:9645:e4e9:12be:3c39
9 set NS1 uz544mqwggqbf3z4utlhfqn45vpbpq78nc63hpg5u2ut29stkt0pkr.ns7.stargrave.org.
10 set NS2 uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org.
12 set NoSPF {"v=spf1 -all"}
14 set ReSPF {"v=spf1 redirect=_spf.stargrave.org"}
20 $DOMAIN. 21600 IN SOA $NS1 admin.$DOMAIN. (
29 puts {_dmarc TXT "v=DMARC1; p=none"}
37 * { return $dn.$DOMAIN. }
44 if {$dn == "$DOMAIN."} { return @ }
45 set domainLen [llength [split $DOMAIN .]]
46 return [join [lrange [split $dn .] 0 end-[expr $domainLen + 1]] .]
51 puts "$dn MX 10 mailfake0.stargrave.org."
52 puts "$dn MX 20 mail2.stargrave.org."
53 puts "$dn MX 30 mailfake1.stargrave.org."
58 proc dane {dn {port 443}} {
60 set dirname [string trimright $dn .]
64 foreach ca [lsort [glob ca/*/*]] {
65 set ca [join [lrange [split $ca /] 1 end] /]
66 set ee [file join ee $ca $dirname]
67 if {![file exists $ee]} { continue }
68 set caas [lappend $caas [lindex [split $ca /] end]]
69 puts "[shorten _$port._tcp.$dn] TLSA 3 1 1 [exec zeasypki dane $ee]"
72 foreach ca [lsort -unique $caas] {
73 puts "[shorten $dn] CAA 0 issue \"$ca\""
79 set fn ssh/[string trimright $dn .]
80 if {![file exists $fn]} { return }
81 set fd [open "|ssh-keygen -f $fn -r $dn"]
82 while {[gets $fd line] >= 0} {
83 if {[string first "SSHFP 4 2" $line] == -1} { continue }
84 puts "[shorten $dn] [lrange [split $line " "] 2 end]"
89 proc subdomain {dn addrs {flags {}}} {
90 set short [shorten $dn]
92 if {[string first : $addr] == -1} { set atyp A } { set atyp AAAA }
93 puts "$short $atyp $addr"
96 set danePort [lsearch -inline $flags dane:*]
97 if {$danePort == ""} {
100 set danePort [lindex [split $danePort :] end]
106 if {[lsearch $flags mailable] == -1} {
107 puts "$short TXT $NoSPF"
110 if {[lsearch $flags y] != -1} {
112 set short [shorten y.[fqdn $dn]]
113 puts "$short AAAA $Y6"
114 puts "$short TXT $NoSPF"
120 proc pgp {keyid {uid ""}} {
121 if {$uid == ""} { set uid $keyid }
122 set fd [open "|gpg --export-options export-dane --export $keyid"]
123 while {[gets $fd line] >= 0} {
124 if {[string first $uid $line] != -1} { break }
127 set line [split [gets $fd]]
128 set line [lreplace $line 0 0 "[lindex $line 0]._openpgpkey"]
130 while {[gets $fd line] >= 0} {
131 if {$line == ""} { break }