diff --git a/main.go b/main.go index 0a27f38..1762c3f 100644 --- a/main.go +++ b/main.go @@ -20,7 +20,9 @@ func main() { var nameservers = flag.String("nameservers", "ns-do-sg.sslip.io.,ns-gce.sslip.io.,ns-hetzner.sslip.io.,ns-ovh.sslip.io.", "comma-separated list of FQDNs of nameservers. If you're running your own sslip.io nameservers, set them here") var addresses = flag.String("addresses", - "sslip.io=78.46.204.247,"+ + "nip.io=78.46.204.247,"+ + "sslip.io=78.46.204.247,"+ + "nip.io=2a01:4f8:c17:b8f::2,"+ "sslip.io=2a01:4f8:c17:b8f::2,"+ "ns.sslip.io=146.190.110.69,"+ "ns.sslip.io=2400:6180:0:d2:0:1:da21:d000,"+ @@ -41,7 +43,11 @@ func main() { "ns-ovh.sslip.io=51.75.53.19,"+ "ns-ovh.sslip.io=2001:41d0:602:2313::1,"+ "ns-ovh-sg.sslip.io=51.79.178.89,"+ - "ns-ovh-sg.sslip.io=2402:1f00:8001:d59::1", + "ns-ovh-sg.sslip.io=2402:1f00:8001:d59::1"+ + "ns1.nip.io=51.75.53.19,"+ + "ns1.nip.io=2001:41d0:602:2313::1,"+ + "ns2.nip.io=5.78.115.44,"+ + "ns2.nip.io=2a01:4ff:1f0:c920::,", "comma-separated list of hosts and corresponding IPv4 and/or IPv6 address(es). If you're running your own sslip.io nameservers, add their hostnames and addresses here. If unsure, add to the list rather than replace") var delegates = flag.String("delegates", "", "comma-separated list of domains you own "+ "and nameservers you control to which to delegate, often used to acquire wildcard certificates from "+ diff --git a/xip/xip.go b/xip/xip.go index 0720b4d..981be20 100644 --- a/xip/xip.go +++ b/xip/xip.go @@ -103,6 +103,19 @@ var ( MetricsBufferSize = 200 // big enough to run our tests, and small enough to prevent DNS amplification attacks Customizations = DomainCustomizations{ + "nip.io.": { + MX: []dnsmessage.MXResource{ + { + Pref: 10, + MX: mx1, + }, + { + Pref: 20, + MX: mx2, + }, + }, + TXT: TXTNipIoSPF, + }, "sslip.io.": { MX: []dnsmessage.MXResource{ { @@ -117,7 +130,22 @@ var ( TXT: TXTSslipIoSPF, }, // nameserver addresses; we get queries for those every once in a while - // CNAMEs for sslip.io for DKIM signing + // CNAMEs for nip.io/sslip.io for DKIM signing + "protonmail._domainkey.nip.io.": { + CNAME: dnsmessage.CNAMEResource{ + CNAME: dkim1, + }, + }, + "protonmail2._domainkey.nip.io.": { + CNAME: dnsmessage.CNAMEResource{ + CNAME: dkim2, + }, + }, + "protonmail3._domainkey.nip.io.": { + CNAME: dnsmessage.CNAMEResource{ + CNAME: dkim3, + }, + }, "protonmail._domainkey.sslip.io.": { CNAME: dnsmessage.CNAMEResource{ CNAME: dkim1, @@ -956,7 +984,18 @@ func (x *Xip) PTRResource(fqdn []byte) *dnsmessage.PTRResource { return nil } -// TXTSslipIoSPF SFP records for sslio.io +// TXTSslipIoSPF SPF records for nip.io +func TXTNipIoSPF(_ *Xip, _ net.IP) ([]dnsmessage.TXTResource, error) { + // Although multiple TXT records with multiple strings are allowed, we're sticking + // with a multiple TXT records with a single string apiece because that's what ProtonMail requires + // and that's what google.com does. + return []dnsmessage.TXTResource{ + {TXT: []string{"protonmail-verification=19b0837cc4d9daa1f49980071da231b00e90b313"}}, // ProtonMail verification; don't delete + {TXT: []string{"v=spf1 include:_spf.protonmail.ch mx ~all"}}, + }, nil // Sender Policy Framework +} + +// TXTSslipIoSPF SPF records for sslio.io func TXTSslipIoSPF(_ *Xip, _ net.IP) ([]dnsmessage.TXTResource, error) { // Although multiple TXT records with multiple strings are allowed, we're sticking // with a multiple TXT records with a single string apiece because that's what ProtonMail requires