diff --git a/SOURCES/dnssec-trigger-default.conf b/SOURCES/dnssec-trigger-default.conf index cc18335..5c7c27f 100644 --- a/SOURCES/dnssec-trigger-default.conf +++ b/SOURCES/dnssec-trigger-default.conf @@ -72,28 +72,14 @@ url: "http://fedoraproject.org/static/hotspot.txt OK" # hash is output of openssl x509 -sha256 -fingerprint -in server.pem # You can add more with extra config lines. -# Provided by fedoraproject.org, #fedora-admin +# provided by NLnetLabs # It is provided on a best effort basis, with no service guarantee. -ssl443: 140.211.169.201 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 -tcp80: 140.211.169.201 -ssl443: 66.35.62.163 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 -tcp80: 66.35.62.163 -ssl443: 152.19.134.150 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 -tcp80: 152.19.134.150 -ssl443: 2610:28:3090:3001:dead:beef:cafe:fed9 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 -tcp80: 2610:28:3090:3001:dead:beef:cafe:fed9 - -# provided by Paul Wouters (pwouters@redhat.com) -# It is provided on a best effort basis, with no service guarantee. -# tcp80: 193.110.157.123 -# tcp80: 2001:888:2003:1004::123 -# ssl443: 193.110.157.123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 -# ssl443: 2001:888:2003:1004::123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 - -# provided by NLnetLabs (www.nlnetlabs.nl) -# It is provided on a best effort basis, with no service guarantee. -# tcp80: 213.154.224.3 -# tcp80: 2001:7b8:206:1:bb:: -# ssl443: 213.154.224.3 DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F -# ssl443: 2001:7b8:206:1:bb:: DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F +tcp80: 185.49.140.67 +tcp80: 2a04:b900::10:0:0:67 +ssl443: 185.49.140.67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF +ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF +# How to add your own record: +# openssl s_client -connect example.com:443 -showcerts /tmp/dns.crt +# openssl x509 -noout -in /tmp/dns.crt -fingerprint -sha256 +# Append returned sha256 Fingerprint after ssl443: IP-address section. diff --git a/SOURCES/dnssec-trigger-workstation.conf b/SOURCES/dnssec-trigger-workstation.conf index 78b0cc6..5f63664 100644 --- a/SOURCES/dnssec-trigger-workstation.conf +++ b/SOURCES/dnssec-trigger-workstation.conf @@ -74,28 +74,14 @@ control-cert-file: "/etc/dnssec-trigger/dnssec_trigger_control.pem" # hash is output of openssl x509 -sha256 -fingerprint -in server.pem # You can add more with extra config lines. -# Provided by fedoraproject.org, #fedora-admin +# provided by NLnetLabs # It is provided on a best effort basis, with no service guarantee. -ssl443: 140.211.169.201 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 -tcp80: 140.211.169.201 -ssl443: 66.35.62.163 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 -tcp80: 66.35.62.163 -ssl443: 152.19.134.150 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 -tcp80: 152.19.134.150 -ssl443: 2610:28:3090:3001:dead:beef:cafe:fed9 A8:3E:DA:F0:12:82:55:7E:60:B5:B5:56:F1:66:BB:13:A8:BD:FC:B4:51:41:C0:F2:E7:8E:7B:64:AA:87:E6:F2 -tcp80: 2610:28:3090:3001:dead:beef:cafe:fed9 - -# provided by Paul Wouters (pwouters@redhat.com) -# It is provided on a best effort basis, with no service guarantee. -# tcp80: 193.110.157.123 -# tcp80: 2001:888:2003:1004::123 -# ssl443: 193.110.157.123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 -# ssl443: 2001:888:2003:1004::123 16:41:49:E0:9D:62:CD:DB:79:A7:2B:71:58:C4:D5:E8:70:FA:BF:4D:6D:36:CC:07:35:33:C0:16:17:1B:61:E7 - -# provided by NLnetLabs (www.nlnetlabs.nl) -# It is provided on a best effort basis, with no service guarantee. -# tcp80: 213.154.224.3 -# tcp80: 2001:7b8:206:1:bb:: -# ssl443: 213.154.224.3 DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F -# ssl443: 2001:7b8:206:1:bb:: DC:22:7B:1C:00:1A:CE:C5:48:49:B1:E3:30:DE:61:93:61:12:4E:CB:5C:B4:33:C4:BC:75:8C:D6:16:9D:F0:9F +tcp80: 185.49.140.67 +tcp80: 2a04:b900::10:0:0:67 +ssl443: 185.49.140.67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF +ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF +# How to add your own record: +# openssl s_client -connect example.com:443 -showcerts /tmp/dns.crt +# openssl x509 -noout -in /tmp/dns.crt -fingerprint -sha256 +# Append returned sha256 Fingerprint after ssl443: IP-address section.