89 lines
3.9 KiB
Dns
89 lines
3.9 KiB
Dns
$TTL 900
|
|
; SOA record structure: <https://en.wikipedia.org/wiki/SOA_record#Structure>
|
|
; SOA MNAME RNAME (... rest)
|
|
; MNAME = Master name server for this zone. this is where update requests should be sent.
|
|
; RNAME = admin contact (encoded email address)
|
|
; Serial = YYYYMMDDNN, where N is incremented every time this file changes, to trigger secondary NS to re-fetch it.
|
|
; Refresh = how frequently secondary NS should query master
|
|
; Retry = how long secondary NS should wait until re-querying master after a failure (must be < Refresh)
|
|
; Expire = how long secondary NS should continue to reply to queries after master fails (> Refresh + Retry)
|
|
@ IN SOA ns1.uninsane.org. admin-dns.uninsane.org. (
|
|
2022121207 ; Serial
|
|
4h ; Refresh
|
|
30m ; Retry
|
|
7d ; Expire
|
|
5m) ; Negative response TTL
|
|
|
|
rev TXT "2022121207"
|
|
|
|
@ A %NATIVE%
|
|
; XXX: RFC's specify that the MX record CANNOT BE A CNAME
|
|
mx A 185.157.162.178
|
|
; XXX NS records must also not be CNAME
|
|
; it's best that we keep this identical, or a superset of, what org. lists as our NS.
|
|
; so, org. can specify ns2/ns3 as being to the VPN, with no mention of ns1. we provide ns1 here.
|
|
ns1 A %NATIVE%
|
|
ns2 A 185.157.162.178
|
|
ns3 A 185.157.162.178
|
|
native A %NATIVE%
|
|
ovpns A 185.157.162.178
|
|
|
|
@ NS ns1.uninsane.org.
|
|
@ NS ns2.uninsane.org.
|
|
@ NS ns3.uninsane.org.
|
|
;@ NS uninsane.port0.org.
|
|
;@ NS uninsane.psybnc.org.
|
|
|
|
@ MX 10 mx.uninsane.org.
|
|
|
|
bt CNAME native
|
|
fed CNAME native
|
|
git CNAME native
|
|
imap CNAME native
|
|
ipfs CNAME native
|
|
jackett CNAME native
|
|
jelly CNAME native
|
|
matrix CNAME native
|
|
web.matrix CNAME native
|
|
music CNAME native
|
|
nixcache CNAME native
|
|
pl-dev CNAME native
|
|
rss CNAME native
|
|
sink CNAME native
|
|
w CNAME native
|
|
|
|
xmpp CNAME native
|
|
conference.xmpp CNAME native
|
|
pubsub.xmpp CNAME native
|
|
upload.xmpp CNAME native
|
|
vjid.xmpp CNAME native
|
|
|
|
; _Service._Proto.Name TTL Class SRV Priority Weight Port Target
|
|
_xmpp-client._tcp SRV 0 0 5222 native
|
|
_xmpp-server._tcp SRV 0 0 5269 native
|
|
|
|
; Sender Policy Framework:
|
|
; +mx => mail passes if it originated from the MX
|
|
; +a => mail passes if it originated from the A address of this domain
|
|
; +ip4:.. => mail passes if it originated from this IP
|
|
; -all => mail fails if none of these conditions were met
|
|
@ TXT "v=spf1 a mx -all"
|
|
|
|
; DKIM public key:
|
|
mx._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkSyMufc2KrRx3j17e/LyB+3eYSBRuEFT8PUka8EDX04QzCwDPdkwgnj3GNDvnB5Ktb05Cf2SJ/S1OLqNsINxJRWtkVfZd/C339KNh9wrukMKRKNELL9HLUw0bczOI4gKKFqyrRE9qm+4csCMAR79Te9FCjGV/jVnrkLdPT0GtFwIDAQAB"
|
|
|
|
; DMARC fields <https://datatracker.ietf.org/doc/html/rfc7489>:
|
|
; p=none|quarantine|reject: what to do with failures
|
|
; sp = p but for subdomains
|
|
; rua = where to send aggregrate reports
|
|
; ruf = where to send individual failure reports
|
|
; fo=0|1|d|s controls WHEN to send failure reports
|
|
; (1=on bad alignment; d=on DKIM failure; s=on SPF failure);
|
|
; Additionally:
|
|
; adkim=r|s (is DKIM relaxed [default] or strict)
|
|
; aspf=r|s (is SPF relaxed [default] or strict)
|
|
; pct = sampling ratio for punishing failures (default 100 for 100%)
|
|
; rf = report format
|
|
; ri = report interval
|
|
_dmarc TXT "v=DMARC1;p=quarantine;sp=reject;rua=mailto:admin+mail@uninsane.org;ruf=mailto:admin+mail@uninsane.org;fo=1:d:s"
|