chore: prep for ipv6 glue records (#35)

Part of #13
ipshipyard · Jan 10, 2025 · e5d4fcc · e5d4fcc
1 parent 5d48da3
commit e5d4fcc
Showing 1 changed file with 10 additions and 7 deletions.
diff --git a/zones/libp2p.direct b/zones/libp2p.direct
@@ -3,37 +3,40 @@ $ORIGIN libp2p.direct.
 
 ;; SOA Records
 @                               86400   IN      SOA     ns1.libp2p.direct. domains.ipshipyard.com. (
-                                                        2024121101  ; serial
+                                                        2025011001  ; serial
                                                         86400       ; refresh
                                                         2400        ; retry
                                                         604800      ; expire
                                                         300         ; minimum
                                                         )
 
 ;; DNS Service
+;; NOTE: using subdomain here works because we have Glue Records set up at Registrar
 libp2p.direct.                  86400   IN      NS      ns1.libp2p.direct.
 libp2p.direct.                  86400   IN      NS      ns2.libp2p.direct.
 libp2p.direct.                  86400   IN      NS      ns3.libp2p.direct.
-libp2p.direct.                  86400   IN      NS      ns1.p2p-forge.dwebops.net.
-libp2p.direct.                  86400   IN      NS      ns2.p2p-forge.dwebops.net.
 
 ns1.libp2p.direct.              86400   IN      A       40.160.8.207
-;ns1.p2p-forge.dwebops.net.     86400   IN      AAAA    2604:2dc0:101:100::265
+ns1.libp2p.direct.              86400   IN      AAAA    2604:2dc0:101:100::265
 
 ns2.libp2p.direct.              86400   IN      A       15.204.28.76
-;ns2.p2p-forge.dwebops.net.     86400   IN      AAAA    2604:2dc0:202:200::64e
+ns2.libp2p.direct.              86400   IN      AAAA    2604:2dc0:202:200::64e
 
 ns3.libp2p.direct.              86400   IN      A       18.188.47.119
-;ns3.libp2p.direct.             86400   IN      AAAA    2600:1f16:f2:9800:9fe5:445b:d8ae:efe3
+ns3.libp2p.direct.              86400   IN      AAAA    2600:1f16:f2:9800:9fe5:445b:d8ae:efe3
 
-;; TLS Provider
+;; Limit allowed CAs to Let's Encrypt, we discussed feasibility with them and no concerns were raised:
+;; https://community.letsencrypt.org/t/feedback-on-raising-certificates-per-registered-domain-to-enable-peer-to-peer-networking/223003
 libp2p.direct.                                    86400   IN        CAA     0 issue "letsencrypt.org"
 
 ;; HTTP Service
+;; NOTE: HTTP endpoints MUST have cert from LE due to the CAA record above.
+;; Cloudflare has setting for specifying CA provider, and me pinned it to LE.
 registration.libp2p.direct.     86400   IN      NS      hera.ns.cloudflare.com.
 registration.libp2p.direct.     86400   IN      NS      lloyd.ns.cloudflare.com.
 
 ;; PSL Records
+;; This makes libp2p.direct an eTLD, meaning verious permissions and limits are applied per peerid.libp2p.direct
 _psl.libp2p.direct.             86400   IN      TXT     "https://github.com/publicsuffix/list/pull/2084"
 _psl.libp2p.direct.             86400   IN      TXT     "https://github.com/publicsuffix/list/pull/2105"