Skip to content
/ dns Public
forked from miraheze/dns

Production DNS configuration

0 stars 21 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

OAuthority/dns

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,909 Commits
zones
zones
 
 
.gitattributes
.gitattributes
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
README.md
README.md
 
 
admin_state
admin_state
 
 
config
config
 
 

Repository files navigation

Miraheze DNS Production Configuration

All changes pushed to this repository are automatically deployed to nameservers by puppet. However, syntax is checked for changes to go live, so please be aware when pushing changes.

CAA Records

From September 2017, CAA records will be mandatory for CAs.

A CAA record is a DNS record which allows DNS admins to authorise CAs to issue SSL certificates for certain domains. This decreases the chance of phishing through fake issuance of SSL certificates from genuine CAs. Furthermore, this allows Miraheze to more realistically control which CAs are allowed onto our platform.

Unfortunately due to a lack of upstream implementation, CAA records have to be defined using TYPE257 instead of the more appealing CAA.

To allow a CA to issue a certificate, check the box at SSLMate CAA Generator and use "Legacy Zone File" value.

All CAA definitions should end with a location to email violations too which can be done as: TYPE257 # 37 0005696F6465666D61696C746F3A6F7065726174696F6E73406D69726168657A652E6F7267

About

Production DNS configuration

Resources

Readme

Code of conduct

Code of conduct
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published