Use A/AAAA records for CAA

According to https://sslmate.com/caa/about ; when the domain is a CNAME, it looks for these records on the target domain. Otherwise, we get bind errors about duplicate CNAME data, because a CNAME must be unique. Change-Id: Icdffe2e0b438e9e0f46fabb945902fd149759280
2019-05-22 13:00:01 +10:00 · 2019-05-22 13:00:01 +10:00 · 3b98076f59
commit 3b98076f59
parent 3a43186bb4
1 changed files with 5 additions and 5 deletions
--- a/zones/opendev.org/zone.db
+++ b/zones/opendev.org/zone.db
@ -2,7 +2,7 @@
 $ORIGIN opendev.org.
 $TTL 5m
@			IN	SOA	adns1.opendev.org. hostmaster.opendev.org. (
-				1558491424  ; serial number unixtime
+				1558493991  ; serial number unixtime
 				1h          ; refresh (secondary checks for updates)
 				10m         ; retry   (secondary retries failed axfr)
 				10d         ; expire  (secondary ends serving old data)
@ -37,8 +37,8 @@ gitea08			IN	A	38.108.68.22
 graphite01		IN	A	162.209.77.51
 graphite01		IN	AAAA	2001:4800:7818:103:be76:4eff:fe04:763e
 graphite		IN	CNAME	graphite01
-graphite		IN	CAA	0	issue	"letsencrypt.org"
-graphite		IN	CAA	0	iodef	"mailto:infra-root@openstack.org"
+graphite01		IN	CAA	0	issue	"letsencrypt.org"
+graphite01		IN	CAA	0	iodef	"mailto:infra-root@openstack.org"
 insecure-ci-registry01	IN	AAAA	2001:4800:7818:101:be76:4eff:fe04:67f5
 insecure-ci-registry01	IN	A	104.130.132.79
 insecure-ci-registry	IN	CNAME	insecure-ci-registry01
@ -77,5 +77,5 @@ mirror01.dfw.rax			IN	AAAA	2001:4800:7819:105:be76:4eff:fe04:9b8a
 mirror.dfw.rax				IN	CNAME	mirror01.dfw.rax
 _acme-challenge.mirror01.dfw.rax	IN	CNAME	acme.opendev.org.
 _acme-challenge.mirror.dfw.rax		IN	CNAME	acme.opendev.org.
-mirror.dfw.rax				IN	CAA	0	issue	"letsencrypt.org"
-mirror.dfw.rax				IN	CAA	0	iodef	"mailto:infra-root@openstack.org"
+mirror01.dfw.rax			IN	CAA	0	issue	"letsencrypt.org"
+mirror01.dfw.rax			IN	CAA	0	iodef	"mailto:infra-root@openstack.org"