Skip to content

Commit

Permalink
chore: Add explicit hostname records, drop server ip from spf, tempor…
Browse files Browse the repository at this point in the history 
…arily reduce ttl of src records
  • Loading branch information
@SvenKirschbaum
SvenKirschbaum committed Mar 11, 2024
1 parent cca52df commit c2f0392
Show file tree
Hide file tree
Showing 2 changed files with 67 additions and 29 deletions.
22 changes: 16 additions & 6 deletions lib/constructs/CommonRecords.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,18 @@ import {Duration} from "aws-cdk-lib";

export const DEFAULT_TTL = Duration.hours(1);

export const E12_SERVER_IPV4 = "89.58.11.239";
export const E12_SERVER_IPV6 = "2a03:4000:5f:ba0::1";
/**
* @Deprecated
*/
export const E12_OLD_SERVER_IPV4 = "89.58.11.239";
/**
* @Deprecated
*/
export const E12_OLD_SERVER_IPV6 = "2a03:4000:5f:ba0::1";

export const MAIN_01_NUE_NC_IPV4 = "89.58.34.152";

export const MAIN_01_NUE_NC_IPV6 = "2a03:4000:64:95::1";
export const E12_MONITORING_IPV4 = "152.53.19.135";
export const E12_MONITORING_IPV6 = "2a0a:4cc0:1:11b6::1";

Expand All @@ -25,7 +35,7 @@ export interface CommonRecordProps {
export interface NameableCommonRecordProps extends CommonRecordProps {
name?: string
}
export class E12ServerRecord extends Construct {
export class E12MainRecord extends Construct {

constructor(scope: Construct, id: string, props: NameableCommonRecordProps) {
super(scope, id);
Expand All @@ -34,13 +44,13 @@ export class E12ServerRecord extends Construct {
zone: props.zone,
ttl: DEFAULT_TTL,
recordName: props.name,
target: RecordTarget.fromIpAddresses(E12_SERVER_IPV4),
target: RecordTarget.fromIpAddresses(E12_OLD_SERVER_IPV4),
});
new AaaaRecord(this, 'AAAARecord', {
zone: props.zone,
ttl: DEFAULT_TTL,
recordName: props.name,
target: RecordTarget.fromIpAddresses(E12_SERVER_IPV6),
target: RecordTarget.fromIpAddresses(E12_OLD_SERVER_IPV6),
});
}
}
Expand Down Expand Up @@ -147,7 +157,7 @@ export class GoogleMailRecords extends Construct {
zone: props.zone,
ttl: DEFAULT_TTL,
values: [
`v=spf1 include:_spf.google.com ip4:${E12_SERVER_IPV4}/32 ip6:${E12_SERVER_IPV6}/64 ~all`
`v=spf1 include:_spf.google.com ~all`
]
});

Expand Down
74 changes: 51 additions & 23 deletions lib/dns-stack.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,12 @@ import {
import {AccountPrincipal, Effect, PolicyStatement, ServicePrincipal} from "aws-cdk-lib/aws-iam";
import {
DEFAULT_TTL,
E12_SERVER_IPV4,
E12_SERVER_IPV6,
E12_OLD_SERVER_IPV4,
E12_OLD_SERVER_IPV6,
E12MonitoringRecord,
E12ServerRecord,
E12MainRecord,
GoogleMailRecords,
LetsencryptCAARecord
LetsencryptCAARecord, MAIN_01_NUE_NC_IPV4, MAIN_01_NUE_NC_IPV6
} from "./constructs/CommonRecords";
import {CrossAccountRoute53Role, Route53User} from "@fallobst22/cdk-cross-account-route53";
import {Key, KeySpec, KeyUsage} from "aws-cdk-lib/aws-kms";
Expand Down Expand Up @@ -100,6 +100,7 @@ export class DNSStack extends Stack {
);

this.createNameserverRecords(hostedZones['elite12.de']);
this.createHostnameRecords(hostedZones['elite12.de']);
this.createElite12Records(hostedZones['elite12.de']);
this.createKirschbaumMeRecords(hostedZones['kirschbaum.me']);
this.createKirschbaumCloudRecords(hostedZones['kirschbaum.cloud']);
Expand Down Expand Up @@ -207,7 +208,7 @@ export class DNSStack extends Stack {
Aspects.of(this).add({
visit(node: IConstruct): void {
if (node instanceof CfnRecordSet) {
if(node.resourceRecords?.includes(E12_SERVER_IPV4) || node.resourceRecords?.includes(E12_SERVER_IPV6)){
if(node.resourceRecords?.includes(E12_OLD_SERVER_IPV4) || node.resourceRecords?.includes(E12_OLD_SERVER_IPV6) || node.resourceRecords?.some((v) => v.includes('server.elite12.de'))) {
node.ttl = '60';
}
}
Expand Down Expand Up @@ -291,11 +292,38 @@ export class DNSStack extends Stack {
});
}

private createHostnameRecords(zone: IPublicHostedZone) {
new ARecord(zone, 'ServerHostnameARecord', {
zone,
ttl: Duration.days(2),
recordName: 'server',
target: RecordTarget.fromIpAddresses(E12_OLD_SERVER_IPV4)
});
new AaaaRecord(zone, 'ServerHostnameAAAARecord', {
zone,
ttl: Duration.days(2),
recordName: 'server',
target: RecordTarget.fromIpAddresses(E12_OLD_SERVER_IPV6)
});
new ARecord(zone, 'Main01NueNcARecord', {
zone,
ttl: Duration.days(2),
recordName: 'main-01-nue-nc',
target: RecordTarget.fromIpAddresses(MAIN_01_NUE_NC_IPV4)
});
new AaaaRecord(zone, 'Main01NueNcAAAARecord', {
zone,
ttl: Duration.days(2),
recordName: 'main-01-nue-nc',
target: RecordTarget.fromIpAddresses(MAIN_01_NUE_NC_IPV6)
});
}

private createElite12Records(zone: IPublicHostedZone) {
new E12ServerRecord(zone, 'E12Root', {
new E12MainRecord(zone, 'E12Root', {
zone
});
new E12ServerRecord(zone, 'E12Wild', {
new E12MainRecord(zone, 'E12Wild', {
zone,
name: '*'
});
Expand All @@ -311,13 +339,13 @@ export class DNSStack extends Stack {
zone,
ttl: DEFAULT_TTL,
recordName: 'ipv4',
target: RecordTarget.fromIpAddresses(E12_SERVER_IPV4),
target: RecordTarget.fromIpAddresses(E12_OLD_SERVER_IPV4),
});
new AaaaRecord(zone, 'Ipv6Record', {
zone,
ttl: DEFAULT_TTL,
recordName: 'ipv6',
target: RecordTarget.fromIpAddresses(E12_SERVER_IPV6),
target: RecordTarget.fromIpAddresses(E12_OLD_SERVER_IPV6),
});
new LetsencryptCAARecord(zone, 'CAA', {
zone
Expand Down Expand Up @@ -360,10 +388,10 @@ export class DNSStack extends Stack {
});
}
private createKirschbaumMeRecords(zone: IPublicHostedZone) {
new E12ServerRecord(zone, 'E12Root', {
new E12MainRecord(zone, 'E12Root', {
zone
});
new E12ServerRecord(zone, 'E12Wild', {
new E12MainRecord(zone, 'E12Wild', {
zone,
name: '*'
});
Expand Down Expand Up @@ -392,10 +420,10 @@ export class DNSStack extends Stack {

}
private createBundvonTeramoreDeRecords(zone: IPublicHostedZone) {
new E12ServerRecord(zone, 'E12Root', {
new E12MainRecord(zone, 'E12Root', {
zone
});
new E12ServerRecord(zone, 'E12Wild', {
new E12MainRecord(zone, 'E12Wild', {
zone,
name: '*'
});
Expand Down Expand Up @@ -424,10 +452,10 @@ export class DNSStack extends Stack {
});
}
private createTheramoReRecords(zone: IPublicHostedZone) {
new E12ServerRecord(zone, 'E12Root', {
new E12MainRecord(zone, 'E12Root', {
zone
});
new E12ServerRecord(zone, 'E12Wild', {
new E12MainRecord(zone, 'E12Wild', {
zone,
name: '*'
});
Expand Down Expand Up @@ -479,10 +507,10 @@ export class DNSStack extends Stack {
});
}
private createMarkusDopeRecords(zone: IPublicHostedZone) {
new E12ServerRecord(zone, 'E12Root', {
new E12MainRecord(zone, 'E12Root', {
zone
});
new E12ServerRecord(zone, 'E12Wild', {
new E12MainRecord(zone, 'E12Wild', {
zone,
name: '*'
});
Expand All @@ -498,10 +526,10 @@ export class DNSStack extends Stack {
});
}
private createGrillteller42DeRecords(zone: IPublicHostedZone) {
new E12ServerRecord(zone, 'E12Root', {
new E12MainRecord(zone, 'E12Root', {
zone
});
new E12ServerRecord(zone, 'E12Wild', {
new E12MainRecord(zone, 'E12Wild', {
zone,
name: '*'
});
Expand All @@ -510,10 +538,10 @@ export class DNSStack extends Stack {
});
}
private createTrigardonRgDeRecords(zone: IPublicHostedZone) {
new E12ServerRecord(zone, 'E12Root', {
new E12MainRecord(zone, 'E12Root', {
zone
});
new E12ServerRecord(zone, 'E12Wild', {
new E12MainRecord(zone, 'E12Wild', {
zone,
name: '*'
});
Expand Down Expand Up @@ -543,10 +571,10 @@ export class DNSStack extends Stack {
}

private createWesterwaldEsportDeRecords(zone: PublicHostedZone) {
new E12ServerRecord(zone, 'E12Root', {
new E12MainRecord(zone, 'E12Root', {
zone
});
new E12ServerRecord(zone, 'E12Wild', {
new E12MainRecord(zone, 'E12Wild', {
zone,
name: '*'
});
Expand Down

0 comments on commit c2f0392

Please sign in to comment.