Differences between revisions 16 and 17
Revision 16 as of 2007-03-14 11:28:38
Size: 2630
Editor: madduck
Comment:
Revision 17 as of 2007-08-30 09:36:42
Size: 2883
Editor: madduck
Comment:
Deletions are marked like this. Additions are marked like this.
Line 44: Line 44:

If you get an "administrative prohibition" back, make sure you're using an existing envelope ''and'' header sender address, or leave out the header sender address by using {{{sendmail -f <valid sender> changes@db.debian.org}}} instead of {{{mail}}}.

From http://db.debian.org/doc-mail.html ...

Debian.net DNS Zone Entry. The only way to get a debian.net address is to use the mail gateway. It will verify the request and prevent name collisions automatically. Requests can take two forms: 'foo in a 1.2.3.4' or 'foo in cname foo.bar.' The precise form is critical and must not be deviated from. Like the SSH function above, multiple hosts are supported, but they must all be sent at once.

I repeat: sending in a new record deletes all old ones. Thus, you have to send absolute changesets. To get your currently allocated domains: 

echo show | gpg --clearsign | mail changes@db.debian.org

So...to get an A record for 'foo' that points to '10.11.12.13', just do 

echo "foo in a 10.11.12.13" | gpg --clearsign | mail changes@db.debian.org'

from an account that has access to your GPG key in the DebianKeyring. Don't forget this erases all your other records. See up top and down below.

To assign an MX record to a debian.net subdomain, the following will do, if sent from an account that has access to your GPG key in the DebianKeyring. 

echo "bar in mx 10 debbar.madduck.net." | gpg --clearsign | mail changes@db.debian.org'

Be sure to put that trailing dot... it's critical. Don't forget this erases all your other records. See up top and down below.

To get a CNAME record for 'bar' that points to 'debbar.quux.com', just do (and don't forget the final dot after the domain name pointed to): 

echo "bar in cname debbar.quux.com." | gpg --clearsign | mail changes@db.debian.org'

from an account that has access to your GPG key in the DebianKeyring. Be sure to put that trailing dot... it's critical. Don't forget this erases all your other records. See up top and down below.

Note that you cannot mix CNAME records with any other ones for the same subdomain.

Now, to have more than one debian.net address, you have to do a little more. 

gpg --clearsign <<EOF | mail changes@db.debian.org
foo in a 10.11.12.13
bar in cname debbar.madduck.net.
baz in a 10.11.12.42
EOF

Don't forget that the account you run this from needs to have access to your GPG key that's in the DebianKeyring. And don't forget the trailing dots! See up top... an email like this replaces all your entries!

If you get an "administrative prohibition" back, make sure you're using an existing envelope and header sender address, or leave out the header sender address by using sendmail -f <valid sender> changes@db.debian.org instead of mail.

You can get a list of entries for your account via LDAP. Currently, this is only possible from the developer machines: 

ldapsearch -x -LLL -H ldap://db.debian.org -b ou=users,dc=debian,dc=org uid=<your UID> dnsZoneEntry