X-Git-Url: https://git.ralfj.de/zonemaker.git/blobdiff_plain/e755148dea6ccfd48ee64670bd2f59f311dde159..HEAD:/db.example.com.py diff --git a/db.example.com.py b/db.example.com.py index 3187832..310a6bf 100644 --- a/db.example.com.py +++ b/db.example.com.py @@ -1,4 +1,4 @@ -from zonemaker.zone import * +from zone import * # Our IP addresses; we have machine one and machine two. one4 = A("172.16.254.1") # for each record type, there's a corresponding class with the same name @@ -13,14 +13,22 @@ mail = [MX('mx', 10)] # this is first server name, then priority (as in plain DN def HTTPS(key): return TLSA(Protocol.TCP, 443, TLSA.Usage.EndEntity, TLSA.Selector.Full, TLSA.MatchingType.SHA256, key) +# setup TTLs by record type +TTLs = { + '': 1*day, # special value: default TTL + 'NX': 1*hour, # special value: TTL for NXDOMAIN replies + 'A': 1*hour, # for the rest, just use the type of the resource records + 'AAAA': 1*hour, +} + # Now to the actual zone: the header part should be fairly self-explanatory. -__zone__ = Zone('example.com.', serialfile = 'db.example.com.srl', mail = 'root@example.com.', - NS = ['ns', 'ns.example.org.'], +__zone__ = Zone('example.com.', serialfile = 'db.example.com.srl', + mail = 'root@example.com.', NS = ['ns', 'ns.example.org.'], TTLs = TTLs, secondary_refresh = 6*hour, secondary_retry = 1*hour, secondary_expire = 7*day, - NX_TTL = 1*hour, A_TTL = 1*hour, other_TTL = 1*day, # Here come the actual domains. Each takes records as argument, either individually or as lists. domains = { - '.': Name(one, mail), # this will all all records from the list "one" and the list "mail" to this name + '@': Name(one, mail, HTTPS('0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef')), # this will add all records from the list "one" and the list "mail" to this name + '@': Name(CAA(0, CAA.Tag.Issue, "letsencrypt.org")), 'ns': Name(one), 'ipv4.ns': Name(one4), # just a single record 'ipv6.ns': Name(one6), @@ -33,6 +41,11 @@ __zone__ = Zone('example.com.', serialfile = 'db.example.com.srl', mail = 'root@ # 'orgstuff': CName('example.org.'), # CNAMEs cannot be combined with other records # - 'sub1': Delegation('ns.example.org.'), # this adds an NS record - 'sub2': SecureDelegation('ns.example.com.', 12345, Algorithm.RSA_SHA256, Digest.SHA256, '0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF'), # this adds an NS and a DS record + 'sub1': Delegation('ns.example.org.', 'ns'), # this adds an NS record + 'sub2': SecureDelegation(12345, Algorithm.RSA_SHA256, Digest.SHA256, '0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF', 'ns.example.com.'), # this adds an NS and a DS record + # + 'local': { + 'one': Name(one4), + 'stuff': CName('one'), + }, })