2 set GW6 2a03:e2c0:2663:1::1
5 set VPS6 2a04:ac00:a:146::25
7 set Y6 21a:af91:8d0e:b05:9645:e4e9:12be:3c39
9 set NS1 uz544mqwggqbf3z4utlhfqn45vpbpq78nc63hpg5u2ut29stkt0pkr.ns7.stargrave.org.
10 set NS2 uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org.
12 set NoSPF {"v=spf1 -all"}
13 set ReSPF {"v=spf1 redirect=_spf.stargrave.org"}
19 $DOMAIN. 21600 IN SOA $NS1 admin.$DOMAIN. (
28 puts {_dmarc TXT "v=DMARC1; p=none"}
36 * { return $dn.$DOMAIN. }
43 if {$dn == "$DOMAIN."} { return @ }
44 set domainLen [llength [split $DOMAIN .]]
45 return [join [lrange [split $dn .] 0 end-[expr $domainLen + 1]] .]
50 puts "$dn MX 10 mailfake0.stargrave.org."
51 puts "$dn MX 20 mail2.stargrave.org."
52 puts "$dn MX 30 mailfake1.stargrave.org."
57 proc dane {dn {port 443}} {
59 set dirname [string trimright $dn .]
62 foreach ca [lsort [glob ca/*/*]] {
63 set ca [join [lrange [split $ca /] 1 end] /]
64 set ee [file join ee $ca $dirname]
65 if {![file exists $ee]} { continue }
66 puts "[shorten $dn] CAA 0 issue \"[lindex [split $ca /] end]\""
67 puts "[shorten _$port._tcp.$dn] TLSA 3 1 1 [exec zeasypki dane $ee]"
74 set fn ssh/[string trimright $dn .]
75 if {![file exists $fn]} { return }
76 set fd [open "|ssh-keygen -f $fn -r $dn"]
77 while {[gets $fd line] >= 0} {
78 if {[string first "SSHFP 4 2" $line] == -1} { continue }
79 puts "[shorten $dn] [lrange [split $line " "] 2 end]"
84 proc subdomain {dn addrs {flags {}}} {
85 set short [shorten $dn]
87 if {[string first : $addr] == -1} { set atyp A } { set atyp AAAA }
88 puts "$short $atyp $addr"
91 set danePort [lsearch -inline $flags dane:*]
92 if {$danePort == ""} {
95 set danePort [lindex [split $danePort :] end]
101 if {[lsearch $flags nospf] == -1} { puts "$short TXT $NoSPF" }
102 if {[lsearch $flags y] != -1} {
104 set short [shorten y.[fqdn $dn]]
105 puts "$short AAAA $Y6"
106 puts "$short TXT $NoSPF"
111 proc pgp {keyid {uid ""}} {
112 if {$uid == ""} { set uid $keyid }
113 set fd [open "|gpg --export-options export-dane --export $keyid"]
114 while {[gets $fd line] >= 0} {
115 if {[string first $uid $line] != -1} { break }
118 set line [split [gets $fd]]
119 set line [lreplace $line 0 0 "[lindex $line 0]._openpgpkey"]
121 while {[gets $fd line] >= 0} {
122 if {$line == ""} { break }