From 3b98076f59540d9847fff0d92a7739dd29cf6728 Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Wed, 22 May 2019 13:00:01 +1000 Subject: [PATCH] Use A/AAAA records for CAA According to https://sslmate.com/caa/about ; when the domain is a CNAME, it looks for these records on the target domain. Otherwise, we get bind errors about duplicate CNAME data, because a CNAME must be unique. Change-Id: Icdffe2e0b438e9e0f46fabb945902fd149759280 --- zones/opendev.org/zone.db | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/zones/opendev.org/zone.db b/zones/opendev.org/zone.db index c3851ae..48ef2e6 100644 --- a/zones/opendev.org/zone.db +++ b/zones/opendev.org/zone.db @@ -2,7 +2,7 @@ $ORIGIN opendev.org. $TTL 5m @ IN SOA adns1.opendev.org. hostmaster.opendev.org. ( - 1558491424 ; serial number unixtime + 1558493991 ; serial number unixtime 1h ; refresh (secondary checks for updates) 10m ; retry (secondary retries failed axfr) 10d ; expire (secondary ends serving old data) @@ -37,8 +37,8 @@ gitea08 IN A 38.108.68.22 graphite01 IN A 162.209.77.51 graphite01 IN AAAA 2001:4800:7818:103:be76:4eff:fe04:763e graphite IN CNAME graphite01 -graphite IN CAA 0 issue "letsencrypt.org" -graphite IN CAA 0 iodef "mailto:infra-root@openstack.org" +graphite01 IN CAA 0 issue "letsencrypt.org" +graphite01 IN CAA 0 iodef "mailto:infra-root@openstack.org" insecure-ci-registry01 IN AAAA 2001:4800:7818:101:be76:4eff:fe04:67f5 insecure-ci-registry01 IN A 104.130.132.79 insecure-ci-registry IN CNAME insecure-ci-registry01 @@ -77,5 +77,5 @@ mirror01.dfw.rax IN AAAA 2001:4800:7819:105:be76:4eff:fe04:9b8a mirror.dfw.rax IN CNAME mirror01.dfw.rax _acme-challenge.mirror01.dfw.rax IN CNAME acme.opendev.org. _acme-challenge.mirror.dfw.rax IN CNAME acme.opendev.org. -mirror.dfw.rax IN CAA 0 issue "letsencrypt.org" -mirror.dfw.rax IN CAA 0 iodef "mailto:infra-root@openstack.org" +mirror01.dfw.rax IN CAA 0 issue "letsencrypt.org" +mirror01.dfw.rax IN CAA 0 iodef "mailto:infra-root@openstack.org"