printing necessary CAA and TLSA records
* ssh(domain) -- searches for corresponding public key in ssh/
subdirectory and (if it exists) prints corresponding SSHFP record
-* subdomain(domain, addrs, [y nospf dane:PORT]) -- adds specified domain
+* subdomain(domain, addrs, [y mailable dane:PORT]) -- adds specified domain
with provided space-separated addresses. It automatically calls dane
and ssh helpers. Third argument is a list containing three optional
- elements. Unless "nospf" is specified, it prints "-all" SPF policy. If
- "y" is specified, it adds "y.domain" address with predefined $Y6
- address and "-all" SPF policy
+ elements. Unless "mailable" is specified, it prints "-all" SPF policy
+ and sets null MX. If "y" is specified, it adds "y.domain" address with
+ predefined $Y6 address with "-all" SPF policy and null MX
* pgp(keyid, uid) -- prints _openpgpkey DANE record for given OpenPGP
key of desired UID. "uid" is optional and useful only if your key have
got multiple UIDs and you need to add only the single specified one
_443._tcp.www TLSA 3 1 1 9b98...7b3a
www SSHFP 4 2 e72b...c53f
www TXT "v=spf1 -all"
+ www MX 0 .
y.www AAAA 21a:af91:8d0e:b05:9645:e4e9:12be:3c39
y.www TXT "v=spf1 -all"
+ y.www MX 0 .
openpgpkey A 91.211.5.21
openpgpkey AAAA 2a03:e2c0:2663:1::1
openpgpkey CAA 0 issue "ca.cypherpunks.ru"
openpgpkey CAA 0 issue "cagost.cypherpunks.ru"
_443._tcp.openpgpkey TLSA 3 1 1 2075...7c3d
openpgpkey TXT "v=spf1 -all"
+ openpgpkey MX 0 .
y.openpgpkey AAAA 21a:af91:8d0e:b05:9645:e4e9:12be:3c39
y.openpgpkey TXT "v=spf1 -all"
+ y.openpgpkey MX 0 .
; NNCP releases <releases@nncpgo.org>
2019...15ac._openpgpkey TYPE61 \# 655 (...)
set NS2 uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org.
set NoSPF {"v=spf1 -all"}
+set NoMX "MX 0 ."
set ReSPF {"v=spf1 redirect=_spf.stargrave.org"}
proc zone {serial} {
dane $dn $danePort
ssh $dn
- global NoSPF
- if {[lsearch $flags nospf] == -1} { puts "$short TXT $NoSPF" }
+ global NoSPF NoMX
+ if {[lsearch $flags mailable] == -1} {
+ puts "$short TXT $NoSPF"
+ puts "$short $NoMX"
+ }
if {[lsearch $flags y] != -1} {
global Y6
set short [shorten y.[fqdn $dn]]
puts "$short AAAA $Y6"
puts "$short TXT $NoSPF"
+ puts "$short $NoMX"
ssh $short
}
}