<!> Note that the content on this page, while still valid, is somewhat outdated. There's now a team managing debian.net infrastructure and while you are still free to go solo like this, you should probably take a look at Teams/DebianNet first.

http://db.debian.org/doc-mail.html is THE one canonical place of documentation for the features (and many others that can be set by mail). In short, you need to send a signed mail in the correct format, below are a few examples and hints...

Debian.net DNS Zone Entry. The only way to get a debian.net address is to use the mail gateway. It will verify the request and prevent name collisions automatically. You can set A, AAAA, TXT, CNAME and MX records, the exact syntax is described (and uptodate) on the page linked above.

IMPORTANT: sending in a new record deletes all old ones, of all the domains you own. Thus, you have to send absolute changesets for all your domains.

Note: You can use inline pgp option in icedove/thunderbird with engmail to send these mails.

/!\ If your MUA or MTA breaks outgoing signatures, try either sending mail from a debian.org machine, or using armored signing.

ssh master.debian.org mail changes@db.debian.org
gpg --armor --sign

To get your currently allocated domains:

echo show | gpg --clearsign | mail changes@db.debian.org


To REPLACE previous records with a new A record for 'foo' that points to '10.11.12.13', just do

echo "foo in a 10.11.12.13" | gpg --clearsign | mail changes@db.debian.org

from an account that has access to your OpenPGP key in the DebianKeyring. Don't forget this erases all your other records for all your domains. See up top and down below.

To add a new record to the existing ones you have to list ALL records in the email.

Please add your records to DebianNetDomains!


To assign an MX record to a debian.net subdomain, the following will do, if sent from an account that has access to your OpenPGP key in the DebianKeyring.

echo "bar in mx 10 debbar.madduck.net." | gpg --clearsign | mail changes@db.debian.org

Be sure to put that trailing dot... it's critical. Don't forget this erases all your other records for all your domains. See up top and down below.


To get a CNAME record for 'bar' that points to 'debbar.quux.com', just do (and don't forget the final dot after the domain name pointed to):

echo "bar in cname debbar.quux.com." | gpg --clearsign | mail changes@db.debian.org

from an account that has access to your OpenPGP key in the DebianKeyring. Be sure to put that trailing dot... it's critical. Don't forget this erases all your other records for all your domains. See up top and down below.

Note that you cannot mix CNAME records with any other ones for the same subdomain.


Now, to have more than one debian.net address, you have to do a little more.

gpg --clearsign <<EOF | mail changes@db.debian.org
foo in a 10.11.12.13
bar in cname debbar.madduck.net.
baz in a 10.11.12.42
EOF

Don't forget that the account you run this from needs to have access to your OpenPGP key that's in the DebianKeyring. And don't forget the trailing dots! See up top... an email like this replaces all your entries!


To delete all DNS entries you have, use:

gpg --clearsign <<EOF | mail changes@db.debian.org
del dnsZoneEntry
EOF


You can get a list of entries for your account via LDAP. Currently, this is only possible from the developer machines:

ldapsearch -x -LLL -H ldap://db.debian.org -b ou=users,dc=debian,dc=org uid=<your UID> dnsZoneEntry


If you get an "administrative prohibition" back from the mail server, make sure you're using a real email sender address in both the envelope and header, or leave out the header sender address by using sendmail -f <valid sender> changes@db.debian.org instead of mail.