~mdw / zones / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
*.lisp: Add CAA records to discourage wrong CAs from issuing.
[zones] / odin.lisp
diff --git a/odin.lisp b/odin.lisp
index 3ef3a87..f17fc24 100644 (file)
--- a/odin.lisp
+++ b/odin.lisp
@@ -19,6 +19,10 @@
           :tlsa (:https (:service-certificate-constraint
                          :public-key :sha-256 #p"https-stratocaster")))
 
+  ;; Certification.
+  :caa ((:issue "letsencrypt.org")
+       (:issue "distorted.org.uk"))
+
   ;; Mail servers
   :mx ((mail :ip stratocaster))
   :srv ((:smtp mail))
Zone files for the DNS zones I administer