Commit Graph

39 Commits

Author SHA1 Message Date
Jeremy Stanley 05d1c26ee7 Add an SPF record for the listserv
Recently, Gmail has started to rate-limit deliveries from our
mailing list server, with this message:

    SMTP error from remote mail server after end of data: This mail
    has been rate limited because it is unauthenticated. Gmail
    requires all senders to authenticate with either SPF or DKIM.

According to https://support.google.com/mail/answer/81126 also:

    Starting February 2024, Gmail will require the following for
    senders who send 5,000 or more messages a day to Gmail accounts:
    Authenticate outgoing email, avoid sending unwanted or
    unsolicited email, and make it easy for recipients to
    unsubscribe.

In order not to place undue additional load on our MTA's deferral
queue, adding a neutral SPF rule is nicer than unsubscribing and
blocking all Gmail users. A simple "a" rule should suffice, since we
don't relay through any smarthost currently. Set the TTL to 5
minutes for now, in case we need to make rapid adjustments to this
policy in the near future.

Change-Id: I388de615035156bc277ff1e1b11ac2bc0346cb27
2023-12-05 15:07:54 +00:00
James E. Blair cf6be6a37b Revert registry.zuul-ci.org
This project did not move past the test stage.  Clean it up.

Change-Id: Ia3c4a67eec1142e33dc959a29b8724fe5ae9611b
2023-11-14 16:06:25 -08:00
Ian Wienand 13fa071e4d
Remove old nameservers
These have been replaced with the Jammy refresh servers.  This should
be done after the registry is udpated to point to the new servers.

Change-Id: I3d10f8d0fb43ffa91efaa91107d3bbde93d642fa
2023-04-20 16:29:47 +10:00
Ian Wienand 3ea8678f9f
Add Jammy refresh NS records
Add the Jammy refresh nameservers to the NS records.  This should be
done before updating the registry records.

Change-Id: Ia720cbe3cbca9fe7100bebbf9a3aff489c295b9d
2023-04-20 16:29:44 +10:00
Clark Boylan 0a11a71415 Set default ttl to one hour
We did this for opendev.org's zonefile a while back and I mistakenly
assumed it had been done for other zones. Lets keep them in sync as a
longer TTL is kinder to servers and clients.

Change-Id: Idbcfa1cfc7f8567832788c62f1d82051bf5dc595
2023-04-12 10:48:12 -07:00
Clark Boylan f1bd01bd3a Revert short @ record TTLs
This is cleanup for the previous change. We should only land it once we
are happy with the new server serving things.

Change-Id: I794c96f8590a844764311049899cf4b4be49f845
2023-04-06 11:21:19 -07:00
Clark Boylan c98b81258e Update zuul dns records to the new static02 server
For records that can be CNAMEs we convert from A/AAAA records to CNAME
records to static.opendev.org. This will cut down on future updates
needed as we can simply update that CNAME in the future. For the @
records CNAMEs are not allowed forcing us to update the A/AAAA records
to point to the new IP addresses. I've also lowered the TTLs on the
A/AAAA records in case we need to revert.

I did not lower the TTLs on the CNAME records because we can simply
change the CNAME which has a small TTL for those records instead.

Depends-On: https://review.opendev.org/c/opendev/zone-opendev.org/+/879780
Change-Id: I82772e4bc8c742cc32febb11e3f2ac77ea8fffff
2023-04-06 11:21:18 -07:00
James E. Blair a7d6feb290 Add registry.zuul-ci.org
This is an experiment to determine if we can redirect
container image hosting.

Change-Id: I0d5d78ea3c0fdfac0cbbd695475ba8f028275946
2023-03-16 18:25:37 -07:00
Jeremy Stanley a49392b205 Restore the default TTL to lists
Now that we're comfortable we don't need to make any further urgent
changes, clean up the temporary TTL override.

Change-Id: Ib83e06f0f4fede35f2338ba11142ae55a90c4cc7
2022-12-05 17:49:24 +00:00
Jeremy Stanley 2aa353082d Switch lists to resolve to the new Mailman server
With the import work complete, repoint DNS to the new server so that
deliveries will resume normally.

Change-Id: Iad42f7b5a0a898b24ee5e21b3d42a1613f50855d
2022-12-05 17:49:23 +00:00
Jeremy Stanley 866228372f Temporarily point lists to review.o.o for deferral
This is a cheap hack to get incoming messages for lists.zuul-ci.org
to sit in senders' deferral queues while we're working on moving its
mailing lists to the new server. The firewall rules for
review02.opendev.org are set up to reject connections on 25/tcp,
which causes connecting MTAs to wait and try again after some period
of time. Once we update the records to match the new server instead,
any queued deliveries should arrive normally.

Change-Id: Ida33de7cbfc2c17ea0ef3e4ba736ad86640f11ad
2022-12-05 17:49:01 +00:00
Jeremy Stanley 347100bbda Temporarily lower the address TTLs for lists
Maintenance is coming up in a few hours, during which lists will
have its DNS records changed at least a couple of times, so lower
the TTL on those in advance in order to facilitate faster global
updates.

Change-Id: I3befc7c09e76dd46af80aa6bb4b996d877eb6e3f
2022-12-05 17:10:29 +00:00
James E. Blair b2b654ee4a Add google site verification
This will let Jim use the google search console to help with SEO.

Change-Id: I7eeccd459e9de7cbd9fec91618260c39bb4a2495
2022-01-20 07:11:54 -08:00
Jeremy Stanley 6e0e3a0f1d Add letsencrypt record for lists site
In preparation for Mailman 3, get plumb DNS for Let's Encrypt.

Change-Id: I0c68ee9473dff4cac2fb9ace5c8bf66a172a9bd6
2021-12-17 18:48:53 +00:00
Ian Wienand aece598ab8 Use static.opendev.org
We shutdown files02.openstack.org which was the old host.  Point this
at static.opendev.org that has replaced it.

Change-Id: I6accdaa25965bec5e04410cc617108ef744f051b
Story: #2006598
2020-03-05 19:54:40 +11:00
Ian Wienand 3bc08af331 git.zuul-ci.org : point to static.opendev.org
This is currently a CNAME for git.openstack.org, which is a CNAME to
static.opendev.org anyway, which then runs the redirect rules to
opendev gitea.  Cut out a layer and just point it at
static.opendev.org directly.

Change-Id: I71b18c3e5f56378daf050cb98d0e91fbd3435f2e
2020-02-27 08:20:46 +11:00
James E. Blair fc2169da2c Also delegate git. acme challenge to opendev
So that opendev can get a LE cert for git.zuul-ci.org.

Change-Id: Id915850f40e1dd8a792df7f015bfc57eccd59af6
2020-01-08 14:40:03 -08:00
James E. Blair 2adfc0712e Also delegate www. acme record to opendev
So we can get a cert for 'zuul-ci.org' and 'www.zuul-ci.org'.

Change-Id: I9e327660cb85a0f4a8eb56ae10e4adf203ad62e1
2020-01-06 09:20:18 -08:00
James E. Blair fb442971f8 Use tabs instead of spaces
We should use only tabs in the zonefile for consistency (it shouldn't
break anything, but that's the custom).

Change-Id: I6a3f407c90350079323d8f830f68404c7c8a2dbf
2020-01-06 08:58:34 -08:00
James E. Blair c37fb45c33 Delegate acme challenges to opendev
This will allow us to use the opendev letsencrypt infrastructure.

Change-Id: I1feb17401611c1440cf43a15aebdb3557eac7c57
2020-01-06 08:45:50 -08:00
James E. Blair ac908492f5 Update gitreview
Change-Id: Ibcc2b8732a66914552aa54e15124c293a81f55a4
2020-01-06 08:45:49 -08:00
Ian Wienand 32a97f2c70 Add zone-check job
This job uses the new validate-zone-db job in the dependent change to
run named-checkconfig over the zone.db files.

Depends-On: https://review.opendev.org/661138
Change-Id: I0853a59d1b7ec46d821d3034841a2eee3c1562ea
2019-05-24 10:43:23 +10:00
OpenDev Sysadmins ff19ddc2bc OpenDev Migration Patch
This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.
2019-04-19 19:52:23 +00:00
James E. Blair 0b38224147 Revert "Add temporary record for cert renewal"
This reverts commit 2511f4d0cd.

Change-Id: I3072d9e799bb9924165b3ff66a67fe32381589a4
2019-03-26 18:34:39 -07:00
James E. Blair 2511f4d0cd Add temporary record for cert renewal
Change-Id: I6b535041853b26a95df8f8b8e216db65ff88167a
2019-03-26 18:34:14 -07:00
Jeremy Stanley 50f700d17d Remove temporary cert renewal cname
Once the new certificate has been received, this commit is safe to
merge.

Change-Id: Ib6c0a80c71e1d5715e3fa915d381a3355962b1bb
2019-01-20 15:53:11 +00:00
Jeremy Stanley 4ab35a7073 Add temporary cert renewal cname
To work around lack of whois contact these days, we're stuck using
either HTTP or DNS based domain validation for x.509 certificate
renewals. This record is temporary and will be removed as soon as
the renewed certificate is received.

Change-Id: I174409fc9df0339086ccc56162ccc99310cea6b8
2019-01-20 15:52:53 +00:00
James E. Blair 4f4361cdb8 Move ns records to opendev
We're ready to replace the nameservers now.

Change-Id: I13756d8e9585d7ec0c50c6d553ab95470dbda6bd
2019-01-04 12:55:41 -08:00
Jeremy Stanley 5eb555370e Add zuulci.org typo domain
In an effort to thwart egregious typosquatting, host a zuulci.org
domain which will serve as an alias for the canonical zuul-ci.org.

Change-Id: Ic26f4728024839b0b2e978368cca96e463c98c18
2018-05-15 18:14:30 +00:00
James E. Blair c110c2ded5 Add git.zuul-ci.org
This is handled by the OpenStack git farm.

Change-Id: I4a5ad4afd716b8a38ed99beeb08ed4a0a54025f1
2018-03-27 09:22:49 -07:00
Zuul c968a78f54 Merge "Zuul: Remove project name" 2018-02-02 12:20:55 +00:00
James E. Blair 7d4c4ecab9 Zuul: Remove project name
Zuul no longer requires the project-name for in-repo configuration.
Omitting it makes forking or renaming projects easier.

Change-Id: I08749ff82a1494585a55d084935bad435d45ae91
2018-02-01 20:44:18 -08:00
James E. Blair cf88fa54ca Add records for web site
Add records pointing to files02.openstack.org for zuul-ci.org and
www.zuul-ci.org.

We could make the www records a CNAME, but we can't do so for the
zone itself, because CNAME can't be used with other record types
and the zone must also carry SOA and NS records.

Change-Id: Ia7d2257876e636042b12f9f87c82772fbdb3abc3
2018-02-01 08:35:51 -08:00
Jeremy Stanley 459f93cb4d Update zone serial after manual testing
The serial number for the zuul-ci.org zone was manually increased to
1515959169 for the purposes of manually testing zone reloading and
automated signing. This change merely catches the Git repository up
with the current state of that file in production.

Change-Id: Ibda4fd19245ebc3cfca92bb22eaf7be9c01e69ab
2018-01-14 19:51:52 +00:00
James E. Blair 86a29ee4a5 Replace lists CNAME with A/AAAA
Mail hosts may not be the target of CNAMEs.  We could use an MX,
but we still need A records for the web site, so just use those.

Change-Id: Icf95451f3c9abec17cdbe6bab3a0bda6b422fa2c
2018-01-13 08:15:49 -08:00
James E. Blair d5eccfc804 Make zuul-ci.org self-hosting
The .org registry doesn't seem happy to have ns1.openstack.org as
NS servers for this domain.  Since we're planning to create a
"neutrally branded" domain for our infrastructure hosting, rather
than track down that problem, let's just self-host zuul-ci.org for
now, and we'll move nameservers to the new domain when ready.

These NS records have been added to the registry as glue records.

Change-Id: Ia838de9faa9281be1ab2f4309b70cbe2befca4b9
2017-12-21 16:33:25 -08:00
James E. Blair 9fc2c84cda Replace ns2 with ns3 for testing
Change-Id: I295a70f40b067515452542c239b091082daf7a7a
2017-12-21 14:16:48 -08:00
James E. Blair 7b55d6a012 Initial commit
Change-Id: I762e7a7856471f85b6d19016d5ed559bd18a1bc6
2017-12-18 08:45:17 -08:00
OpenStack Project Creator 1c48b104f5 Added .gitreview 2017-12-15 14:49:39 +00:00