nip.io: accommodate email and webservers

- Proton insists on have a TXT record before adding that domain, and we
  comply with "protonmail-verification=19b0837cc4d9daa1f49980071da231b00e90b313"
- We add A & AAAA records for nip.io, identical to sslip.io's.
- We add convenience records for ns1.nip.io and ns2.nip.io to eliminate
  the dreaded automated message "dig: couldn't get address for
  'ns1.nip.io': not found"

main.go

@@ -20,7 +20,9 @@ func main() {
 	var nameservers = flag.String("nameservers", "ns-do-sg.sslip.io.,ns-gce.sslip.io.,ns-hetzner.sslip.io.,ns-ovh.sslip.io.",
 		"comma-separated list of FQDNs of nameservers. If you're running your own sslip.io nameservers, set them here")
 	var addresses = flag.String("addresses",
+		"nip.io=78.46.204.247,"+
 			"sslip.io=78.46.204.247,"+
+			"nip.io=2a01:4f8:c17:b8f::2,"+
 			"sslip.io=2a01:4f8:c17:b8f::2,"+
 			"ns.sslip.io=146.190.110.69,"+
 			"ns.sslip.io=2400:6180:0:d2:0:1:da21:d000,"+
@@ -41,7 +43,11 @@ func main() {
 			"ns-ovh.sslip.io=51.75.53.19,"+
 			"ns-ovh.sslip.io=2001:41d0:602:2313::1,"+
 			"ns-ovh-sg.sslip.io=51.79.178.89,"+
-			"ns-ovh-sg.sslip.io=2402:1f00:8001:d59::1",
+			"ns-ovh-sg.sslip.io=2402:1f00:8001:d59::1"+
+			"ns1.nip.io=51.75.53.19,"+
+			"ns1.nip.io=2001:41d0:602:2313::1,"+
+			"ns2.nip.io=5.78.115.44,"+
+			"ns2.nip.io=2a01:4ff:1f0:c920::,",
 		"comma-separated list of hosts and corresponding IPv4 and/or IPv6 address(es). If you're running your own sslip.io nameservers, add their hostnames and addresses here. If unsure, add to the list rather than replace")
 	var delegates = flag.String("delegates", "", "comma-separated list of domains you own "+
 		"and nameservers you control to which to delegate, often used to acquire wildcard certificates from "+

xip/xip.go

@@ -103,6 +103,19 @@ var (
 	MetricsBufferSize = 200 // big enough to run our tests, and small enough to prevent DNS amplification attacks
 
 	Customizations = DomainCustomizations{
+		"nip.io.": {
+			MX: []dnsmessage.MXResource{
+				{
+					Pref: 10,
+					MX:   mx1,
+				},
+				{
+					Pref: 20,
+					MX:   mx2,
+				},
+			},
+			TXT: TXTNipIoSPF,
+		},
 		"sslip.io.": {
 			MX: []dnsmessage.MXResource{
 				{
@@ -117,7 +130,22 @@ var (
 			TXT: TXTSslipIoSPF,
 		},
 		// nameserver addresses; we get queries for those every once in a while
-		// CNAMEs for sslip.io for DKIM signing
+		// CNAMEs for nip.io/sslip.io for DKIM signing
+		"protonmail._domainkey.nip.io.": {
+			CNAME: dnsmessage.CNAMEResource{
+				CNAME: dkim1,
+			},
+		},
+		"protonmail2._domainkey.nip.io.": {
+			CNAME: dnsmessage.CNAMEResource{
+				CNAME: dkim2,
+			},
+		},
+		"protonmail3._domainkey.nip.io.": {
+			CNAME: dnsmessage.CNAMEResource{
+				CNAME: dkim3,
+			},
+		},
 		"protonmail._domainkey.sslip.io.": {
 			CNAME: dnsmessage.CNAMEResource{
 				CNAME: dkim1,
@@ -956,7 +984,18 @@ func (x *Xip) PTRResource(fqdn []byte) *dnsmessage.PTRResource {
 	return nil
 }
 
-// TXTSslipIoSPF SFP records for sslio.io
+// TXTSslipIoSPF SPF records for nip.io
+func TXTNipIoSPF(_ *Xip, _ net.IP) ([]dnsmessage.TXTResource, error) {
+	// Although multiple TXT records with multiple strings are allowed, we're sticking
+	// with a multiple TXT records with a single string apiece because that's what ProtonMail requires
+	// and that's what google.com does.
+	return []dnsmessage.TXTResource{
+		{TXT: []string{"protonmail-verification=19b0837cc4d9daa1f49980071da231b00e90b313"}}, // ProtonMail verification; don't delete
+		{TXT: []string{"v=spf1 include:_spf.protonmail.ch mx ~all"}},
+	}, nil // Sender Policy Framework
+}
+
+// TXTSslipIoSPF SPF records for sslio.io
 func TXTSslipIoSPF(_ *Xip, _ net.IP) ([]dnsmessage.TXTResource, error) {
 	// Although multiple TXT records with multiple strings are allowed, we're sticking
 	// with a multiple TXT records with a single string apiece because that's what ProtonMail requires