From a7e0d8e9a841766eab51dab1d583c0c050ba2dfe Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Thu, 26 Dec 2024 18:03:10 +0200
Subject: [PATCH] Ansible: Add iodef tag to the CAA record.

Get an email for failed CSRs.
---
 Ansible/roles/router/files/nsd/nehe.sr     | 3 ++-
 Ansible/roles/router/files/nsd/nehes.co    | 3 ++-
 Ansible/roles/router/files/nsd/shore.co.il | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/Ansible/roles/router/files/nsd/nehe.sr b/Ansible/roles/router/files/nsd/nehe.sr
index 4812368..007686e 100644
--- a/Ansible/roles/router/files/nsd/nehe.sr
+++ b/Ansible/roles/router/files/nsd/nehe.sr
@@ -2,7 +2,7 @@
 $TTL 1h
 $ORIGIN nehe.sr.
 @               IN      SOA     ns1.shore.co.il.     hostmaster (
-        2021050201
+        2024122601
         1h
         5m
         4w
@@ -15,6 +15,7 @@ $ORIGIN nehe.sr.
         IN      SPF     "v=spf1 +mx -all"
         IN      MX      10      smtp.shore.co.il.
         IN      CAA     128 issue "letsencrypt.org"
+        IN      CAA     128 iodef "mailto:security@shore.co.il"
 
 
 _imaps._tcp IN  SRV 0 1 993 imap.shore.co.il.
diff --git a/Ansible/roles/router/files/nsd/nehes.co b/Ansible/roles/router/files/nsd/nehes.co
index 25a3c3a..780db00 100644
--- a/Ansible/roles/router/files/nsd/nehes.co
+++ b/Ansible/roles/router/files/nsd/nehes.co
@@ -2,7 +2,7 @@
 $TTL 1h
 $ORIGIN nehes.co.
 @               IN      SOA     ns1.shore.co.il.     hostmaster (
-        2021071401
+        2024122601
         1h
         5m
         4w
@@ -15,6 +15,7 @@ $ORIGIN nehes.co.
         IN      SPF     "v=spf1 +mx -all"
         IN      MX      10      smtp.shore.co.il.
         IN      CAA     128 issue "letsencrypt.org"
+        IN      CAA     128 iodef "mailto:security@shore.co.il"
 
 
 _imaps._tcp IN  SRV 0 1 993 imap.shore.co.il.
diff --git a/Ansible/roles/router/files/nsd/shore.co.il b/Ansible/roles/router/files/nsd/shore.co.il
index 5092d2c..c39b8b2 100644
--- a/Ansible/roles/router/files/nsd/shore.co.il
+++ b/Ansible/roles/router/files/nsd/shore.co.il
@@ -2,7 +2,7 @@
 $TTL 1h
 $ORIGIN shore.co.il.
 @               IN      SOA     ns1     hostmaster (
-        2024020301 ; Serial
+        2024122601 ; Serial
         4h         ; Refresh
         1h         ; Retry
         4w         ; Expire
@@ -16,6 +16,7 @@ $ORIGIN shore.co.il.
         IN      SPF     "v=spf1 +mx -all"
         IN      MX      10      smtp
         IN      CAA     128 issue "letsencrypt.org"
+        IN      CAA     128 iodef "mailto:security@shore.co.il"
 
 ns1     IN      A       62.219.131.121
         IN      SPF     "v=spf1 -all"
-- 
GitLab