From 19854395584f91a393de09ebb66102682c28e320 Mon Sep 17 00:00:00 2001 From: Jimmy Briggs Date: Tue, 14 May 2024 17:22:55 -0400 Subject: [PATCH 1/2] config: refresh and update spfcache.json --- spfcache.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 spfcache.json diff --git a/spfcache.json b/spfcache.json new file mode 100644 index 0000000..f0e697a --- /dev/null +++ b/spfcache.json @@ -0,0 +1,14 @@ +{ + "_netblocks.google.com": { + "SPF": "v=spf1 ip4:35.190.247.0/24 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all" + }, + "_netblocks2.google.com": { + "SPF": "v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all" + }, + "_netblocks3.google.com": { + "SPF": "v=spf1 ip4:172.217.0.0/19 ip4:172.217.32.0/20 ip4:172.217.128.0/19 ip4:172.217.160.0/20 ip4:172.217.192.0/19 ip4:172.253.56.0/21 ip4:172.253.112.0/20 ip4:108.177.96.0/19 ip4:35.191.0.0/16 ip4:130.211.0.0/22 ~all" + }, + "_spf.google.com": { + "SPF": "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" + } +} \ No newline at end of file From fc10d18cb09fdd341f8dcdf855c60647ed33e53c Mon Sep 17 00:00:00 2001 From: Jimmy Briggs Date: Tue, 14 May 2024 17:25:01 -0400 Subject: [PATCH 2/2] feat: revamp dnsconfig.js resolves #54, #65, #66 #67 #68 #72 --- dnsconfig.js | 302 ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 240 insertions(+), 62 deletions(-) diff --git a/dnsconfig.js b/dnsconfig.js index 95a016c..6067df9 100644 --- a/dnsconfig.js +++ b/dnsconfig.js @@ -1,71 +1,249 @@ /// @ts-check /// +var DOMAIN = "noclocks.dev"; + var DSP_PORKBUN = NewDnsProvider("porkbun"); var REG_NONE = NewRegistrar("none"); -D("noclocks.dev", REG_NONE +D( + DOMAIN + , REG_NONE + + // Setup DNS Provider: Porkbun , DnsProvider(DSP_PORKBUN) + + // Set the Default TTL , DefaultTTL(600) + + // Porkbun's default `ALIAS`/`CNAME` records + , ALIAS("@", "lixie.porkbun.com.") + , CNAME("*", "lixie.porkbun.com.") + + // Set up the root domain A records + , A("@", "216.239.32.21") + , A("@", "216.239.34.21") + , A("@", "216.239.36.21") + , A("@", "216.239.38.21") + + // Set up the root domain AAAA records + , AAAA("@", "2001:4860:4802:32::15") + , AAAA("@", "2001:4860:4802:34::15") + , AAAA("@", "2001:4860:4802:36::15") + , AAAA("@", "2001:4860:4802:38::15") + + // Set medium A records , A("medium", "162.159.152.4") - , A("medium", "162.159.153.4") - // Comment out Porkbun's default `ALIAS`/`CNAME` records - // , ALIAS("@", "lixie.porkbun.com.") - // , CNAME("*", "lixie.porkbun.com.") - , A("@", "216.239.32.21") - , A("@", "216.239.34.21") - , A("@", "216.239.36.21") - , A("@", "216.239.38.21") - , AAAA("@", "2001:4860:4802:32::15") - , AAAA("@", "2001:4860:4802:34::15") - , AAAA("@", "2001:4860:4802:36::15") - , AAAA("@", "2001:4860:4802:38::15") - , CNAME("dev", "ghs.googlehosted.com.") - , CNAME("ad3ak4dqkd3micxscovcihwulfyajce5._domainkey", "ad3ak4dqkd3micxscovcihwulfyajce5.dkim.custom-email-domain.stripe.com.") - , CNAME("cgktxy47vh5wl4ghp5hdgk6tnmy62zbl._domainkey", "cgktxy47vh5wl4ghp5hdgk6tnmy62zbl.dkim.custom-email-domain.stripe.com.") - , CNAME("cwisojmcg2hxnv5mu6p75xj554z25eoa._domainkey", "cwisojmcg2hxnv5mu6p75xj554z25eoa.dkim.custom-email-domain.stripe.com.") - , CNAME("gkyumb4mjcb52t3ijd7ri3cvxcsn5wzd._domainkey", "gkyumb4mjcb52t3ijd7ri3cvxcsn5wzd.dkim.custom-email-domain.stripe.com.") - , CNAME("lzwub5fb3bv3v772nfrqoui6lezjdcxa._domainkey", "lzwub5fb3bv3v772nfrqoui6lezjdcxa.dkim.custom-email-domain.stripe.com.") - , CNAME("manc63vpfqdyzxpefcyuhkc6a226isin._domainkey", "manc63vpfqdyzxpefcyuhkc6a226isin.dkim.custom-email-domain.stripe.com.") - // Redirect `testimonials.noclocks.dev` to `senja.io/p/noclocks/r/testimonials` - // , CNAME("testimonials", "senja.io.") - , CNAME("testimonials", "cname.testimonial.to.") - , CNAME("bounce", "custom-email-domain.stripe.com.") - , CNAME("hub", "39843493.group43.sites.hubspot.net.") - , CNAME("blog", "hashnode.network.") - , CNAME("k2._domainkey", "dkim2.mcsv.net.") - , CNAME("k3._domainkey", "dkim3.mcsv.net.") - , CNAME("pay", "hosted-checkout.stripecdn.com.") - , CNAME("docs", "noclocks.github.io.") - , CNAME("store", "shops.myshopify.com.") - , CNAME("gcal", "ghs.googlehosted.com.") - , CNAME("gdrive", "ghs.googlehosted.com.") - , CNAME("gmail", "ghs.googlehosted.com.") - , CNAME("ggroups", "ghs.googlehosted.com.") - , CNAME("gsites", "ghs.googlehosted.com.") - , CNAME("bastien", "ghs.googlehosted.com.") - , CNAME("envshare", "cname.vercel-dns.com.") - , CNAME("infisical", "r0fdqqto.up.railway.app.") - , CNAME("analytics", "ofv54ogz.up.railway.app.") - , CNAME("docuseal", "docuseal-h7bm.onrender.com.") - , MX("@", 1, "smtp.google.com.") - , MX("send", 10, "feedback-smtp.us-east-1.amazonses.com.") - , TXT("@", "v=spf1 include:_spf.google.com amazonses.com stripe.com ~all") - , TXT("_dmarc", "v=DMARC1; p=none;") - , TXT("send", "v=spf1 include:amazonses.com ~all") - , TXT("resend._domainkey", "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbhzizp7AkDF14jqZ4ZDBe/DcgsI5vbuSrsobM/lWH82/vlYw+Xj+dCBCcy0NLO1fUZiQRetJ01lCsOsEH/n/jHp9fIsRB4psJP5X/rXmHQ4rD8p3Df7j6mhm4sNDBZpwR1UhW444Vp88BqvgzawMvzaRgu9Nstx/6tFV7trDnNwIDAQAB") - , TXT("@", "stripe-verification=89f4a41b52e121c2857c7989fa0edea55106bec6c43be66692ce13c3fd826707") - , TXT("google._domainkey", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxb49YRvvMIjYWCEkGS8uRyi2jFfJYwuA4/b59aMAraFcJjeB+Xx6MvhAVpCe2/Zh/QGPtaAFbsluKJPTzW4qnddz85WVurrdIhxgVeyr417kPlYu1t8GbGQ1MQ53J4cPxs3x7beCLNbfXOF16o3wektAKb9Ap9oEioFysB9ingRLju+xGzpCii3vSFeDbYBYnheSzgPpo7fw5eQbnEN8iHu1XUQCunSxC0pOD8dWdM6pgXZ2UR3zehE+jjwtlNgz216+wUVn5E1CELk4fPqbMM0lhXFBUyAceH0sx4Zbo09ix74cOU34OlNxvdCUgQYNYCEBe7psW9hesbSiev8twIDAQAB") - , TXT("@", "openai-domain-verification=dv-WDNa7wSBc2RN0lM0rlnVs25c") - , TXT("_vercel", "vc-domain-verify=www.noclocks.dev,2b1841e6fdcd5c8bbb74") - , TXT("@", "google-site-verification=VLlDxf4pO-GZ4oe2YSGplYGhKYEoMwIeSUiHzjMJd4s") - , TXT("_vercel", "vc-domain-verify=noclocks.dev,a2b5da3a50a19754c1e0") - , TXT("@", "google-site-verification=8esyvYnZaJ9-JUcC81RlatPuElBjXcGziiqYiq8FJw8") - , TXT("@", "amazon-business-verification=1229ee0236ee3c28b825288e96e890beaad42a4a461d7a0eb65537601da42912") - , TXT("_github-challenge-noclocks-org", "5b7bfb8c3a") - , TXT("_acme-challenge.pay", "d9uRKsP6foqYEgijjeBA1MB50wa4KW4NNe1BQE5-EP4") - , TXT("_acme-challenge", "YfcZoPb1JoXtiwUP0k4aimMlw712-NxzrrIsxMAJJtY") - , TXT("_acme-challenge", "duFW0ARxb60Rd6snfskR9b4db08jaoGVrM_dGY-PUcA") - , TXT("_github-pages-challenge-noclocks", "8c88c3f5791a75585aedc0a0e821fb") - , TXT("_vercel", "vc-domain-verify=envshare.noclocks.dev,bf8cb3e4ff05d0d85b9d") -) + , A("medium", "162.159.153.4") + + // Set MTA-STS A record + , A("mta-sts", "34.149.121.105") + + // CNAME Records - Google Workspace + , CNAME("ggroups", "ghs.googlehosted.com.") + , CNAME("gmail", "ghs.googlehosted.com.") + , CNAME("gsites", "ghs.googlehosted.com.") + , CNAME("gcal", "ghs.googlehosted.com.") + , CNAME("gdrive", "ghs.googlehosted.com.") + + // CNAME Records - Stripe Email + , CNAME( + "ad3ak4dqkd3micxscovcihwulfyajce5._domainkey", + "ad3ak4dqkd3micxscovcihwulfyajce5.dkim.custom-email-domain.stripe.com." + ) + , CNAME( + "cgktxy47vh5wl4ghp5hdgk6tnmy62zbl._domainkey", + "cgktxy47vh5wl4ghp5hdgk6tnmy62zbl.dkim.custom-email-domain.stripe.com." + ) + , CNAME( + "cwisojmcg2hxnv5mu6p75xj554z25eoa._domainkey", + "cwisojmcg2hxnv5mu6p75xj554z25eoa.dkim.custom-email-domain.stripe.com." + ) + , CNAME( + "gkyumb4mjcb52t3ijd7ri3cvxcsn5wzd._domainkey", + "gkyumb4mjcb52t3ijd7ri3cvxcsn5wzd.dkim.custom-email-domain.stripe.com." + ) + , CNAME( + "lzwub5fb3bv3v772nfrqoui6lezjdcxa._domainkey", + "lzwub5fb3bv3v772nfrqoui6lezjdcxa.dkim.custom-email-domain.stripe.com." + ) + , CNAME( + "manc63vpfqdyzxpefcyuhkc6a226isin._domainkey", + "manc63vpfqdyzxpefcyuhkc6a226isin.dkim.custom-email-domain.stripe.com." + ) + + // CNAME Records - Bounce (Stripe) + , CNAME("bounce", "custom-email-domain.stripe.com.") + + // CNAME Records - Selfhosted (Render.com) + , CNAME("docuseal", "docuseal-h7bm.onrender.com.") + + // CNAME Records - Selfhosted (Railway) + , CNAME("infisical", "r0fdqqto.up.railway.app.") + , CNAME("analytics", "ofv54ogz.up.railway.app.") + + // CNAME Records - Testimonials + , CNAME("testimonials", "cname.testimonial.to.") + + // CNAME Records - Hubspot + , CNAME("hub", "39843493.group43.sites.hubspot.net.") + + // CNAME Records - Hashnode + , CNAME("blog", "hashnode.network.") + + // CNAME Records - Vercel + , CNAME("envshare", "cname.vercel-dns.com.") + + // CNAME Records - Mailchimp + , CNAME("k2._domainkey", "dkim2.mcsv.net.") + , CNAME("k3._domainkey", "dkim3.mcsv.net.") + + // CNAME Records - Stripe Checkout + ,CNAME("pay", "hosted-checkout.stripecdn.com.") + + // CNAME Records - GitHub Pages + ,CNAME("docs", "noclocks.github.io.") + + // CNAME Records - Shopify + ,CNAME("store", "shops.myshopify.com.") + ,CNAME("devstore", "shops.myshopify.com.") + + // CNAME Records - Client - BastienLaw + ,CNAME("bastien", "ghs.googlehosted.com.") + + // CNAME Records - Development + ,CNAME("dev", "ghs.googlehosted.com.") + + // MX Records - Google Workspace + , MX("@", 1, "smtp.google.com.") + + // MX Records - Amazon SES (Resend) + , MX("send", 10, "feedback-smtp.us-east-1.amazonses.com.") + + // TXT Records - Vercel + , TXT("_vercel", "vc-domain-verify=envshare.noclocks.dev,bf8cb3e4ff05d0d85b9d") + + // TXT Records - Stripe + , TXT( + "@", + "stripe-verification=89f4a41b52e121c2857c7989fa0edea55106bec6c43be66692ce13c3fd826707" + ) + + // TXT Records - Google Workspace DKIM + , TXT( + "google._domainkey", + "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxb49YRvvMIjYWCEkGS8uRyi2jFfJYwuA4/b59aMAraFcJjeB+Xx6MvhAVpCe2/Zh/QGPtaAFbsluKJPTzW4qnddz85WVurrdIhxgVeyr417kPlYu1t8GbGQ1MQ53J4cPxs3x7beCLNbfXOF16o3wektAKb9Ap9oEioFysB9ingRLju+xGzpCii3vSFeDbYBYnheSzgPpo7fw5eQbnEN8iHu1XUQCunSxC0pOD8dWdM6pgXZ2UR3zehE+jjwtlNgz216+wUVn5E1CELk4fPqbMM0lhXFBUyAceH0sx4Zbo09ix74cOU34OlNxvdCUgQYNYCEBe7psW9hesbSiev8twIDAQAB" + ) + + // TXT Records - SPF for `@` + , SPF_BUILDER({ + label: "@", + // overflow: "_spf%d", // Delete this line if you don't want big strings split. + // overhead1: "20", // There are 20 bytes of other TXT records on this domain. Compensate for this. + // raw: "_rawspf", // Delete this line if the default is sufficient. + // ttl: "5m", + parts: [ + "v=spf1", + "include:_spf.google.com", // GSuite + // "include:amazonses.com", // Amazon SES (Resend) + // "include:stripe.com", // Stripe + // "include:mailgun.org", // Mailgun (forwards to GSuite) + // "include:servers.mcsv.net", // Mailchimp + // "include:sendgrid.net", // SendGrid + "~all", + ], + flatten: [ + "amazonses.com", // Rationale: Amazon SES is used by Resend + "stripe.com", // Rationale: Stripe is used by custom email domains + ], + }) + + // TXT Records - SPF for `send` + , SPF_BUILDER({ + label: "send", + parts: [ + "v=spf1", + "include:amazonses.com", // Amazon SES (Resend) + "~all", + ], + }) + + // TXT Records - DMARC for `@` + , DMARC_BUILDER({ + policy: "reject", + subdomainPolicy: "none", + percent: 100, + alignmentSPF: "r", + alignmentDKIM: "strict", + rua: [ + "mailto:mailto:w0qdgxol@ag.us.dmarcian.com", // DMARC Aggregate Reports (RUA) + ], + ruf: [ + "mailto:w0qdgxol@fr.us.dmarcian.com", // DMARC Forensic Reports (RUF) + ], + }) + + // TXT Records - MTA-STS + , TXT("_mta-sts", "v=STSv1; id=20190425085703", TTL(3600)) + + // TXT Records - Resend + , TXT( + "resend._domainkey", + "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbhzizp7AkDF14jqZ4ZDBe/DcgsI5vbuSrsobM/lWH82/vlYw+Xj+dCBCcy0NLO1fUZiQRetJ01lCsOsEH/n/jHp9fIsRB4psJP5X/rXmHQ4rD8p3Df7j6mhm4sNDBZpwR1UhW444Vp88BqvgzawMvzaRgu9Nstx/6tFV7trDnNwIDAQAB" + ) + + // TXT Records - OpenAI + , TXT("@", "openai-domain-verification=dv-WDNa7wSBc2RN0lM0rlnVs25c") + + // TXT Records - Vercel + , TXT("_vercel", "vc-domain-verify=www.noclocks.dev,2b1841e6fdcd5c8bbb74") + , TXT("_vercel", "vc-domain-verify=noclocks.dev,a2b5da3a50a19754c1e0") + + // TXT Records - Google Search Console + , TXT( + "@", + "google-site-verification=VLlDxf4pO-GZ4oe2YSGplYGhKYEoMwIeSUiHzjMJd4s" + ) + , TXT( + "@", + "google-site-verification=8esyvYnZaJ9-JUcC81RlatPuElBjXcGziiqYiq8FJw8" + ) + + // TXT Records - Amazon Business + , TXT( + "@", + "amazon-business-verification=1229ee0236ee3c28b825288e96e890beaad42a4a461d7a0eb65537601da42912" + ) + + // TXT Records - GitHub Pages + , TXT("_github-pages-challenge-noclocks", "8c88c3f5791a75585aedc0a0e821fb") + , TXT( + "_github-pages-challenge-noclocks.mta-sts", + "1b9d8ac75aca5c5f9de35a29cbbd94" + ) + + // TXT Records - GitHub Verification + , TXT("_github-challenge-noclocks-org", "5b7bfb8c3a") + + // TXT Records - ACME Challenge (Stripe?) + , TXT("_acme-challenge.pay", "d9uRKsP6foqYEgijjeBA1MB50wa4KW4NNe1BQE5-EP4") + , TXT("_acme-challenge", "duFW0ARxb60Rd6snfskR9b4db08jaoGVrM_dGY-PUcA") + , TXT("_acme-challenge", "YfcZoPb1JoXtiwUP0k4aimMlw712-NxzrrIsxMAJJtY") + + // TXT Records - TLS Reporting + , TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:w0qdgxol@tls.us.dmarcian.com") +); + +// DEPRECATED: +// , CNAME("dev", "ghs.googlehosted.com.") +// Redirect `testimonials.noclocks.dev` to `senja.io/p/noclocks/r/testimonials` +// , CNAME("testimonials", "senja.io.") +// ALIAS Record for the root domain +// , ALIAS("@", "hixie.porkbun.com.") +// CNAME Records - Porkbun +// , CNAME("*", "hixie.porkbun.com.") +// CAA Records - Let's Encrypt +// CAA("@", "issue", "letsencrypt.org"), +// , TXT("_dmarc", "v=DMARC1; p=quarantine; rua=mailto:w0qdgxol@ag.us.dmarcian.com.") +// , TXT("@", "v=spf1 include:_spf.google.com ~all") +// , TXT("send", "v=spf1 include:amazonses.com ~all")