From 16226ecfde3b3d1d8f4c27c9a02b6ea933d24a8b Mon Sep 17 00:00:00 2001
From: Sanchayan Maity <sanchayan@sanchayanmaity.net>
Date: Tue, 13 Dec 2022 20:47:40 +0530
Subject: [PATCH] dnscontrol: Add TLSA record

For reference
https://community.letsencrypt.org/t/tlsa-record-changes-with-every-renewal-process-which-breaks-dane/144145
https://gist.github.com/buffrr/609285c952e9cb28f76da168ef8c2ca6
https://www.huque.com/bin/gen_tlsa

Verify with
https://www.huque.com/bin/danecheck
---
 dnscontrol/dnsconfig.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/dnscontrol/dnsconfig.js b/dnscontrol/dnsconfig.js
index e640460..8a51c9f 100644
--- a/dnscontrol/dnsconfig.js
+++ b/dnscontrol/dnsconfig.js
@@ -38,7 +38,8 @@ D('sanchayanmaity.net', REG_NONE, DnsProvider(DNS_DESEC),
     SRV('_carddav._tcp'   , 0 , 0, 0  , '.'),
     SRV('_carddavs._tcp'  , 0 , 1, 443, 'carddav.fastmail.com.'),
     SRV('_caldav._tcp'    , 0 , 0, 0  , '.'),
-    SRV('_caldavs._tcp'   , 0 , 1, 443, 'caldav.fastmail.com.')
+    SRV('_caldavs._tcp'   , 0 , 1, 443, 'caldav.fastmail.com.'),
+    TLSA("_443._tcp"      , 3 , 1, 1  , "421ea3303e6f4f72329ad70307179463ed70b38be518233b9d1075ea295866a8")
 );
 
 D('sanchayanmaity.com', REG_NONE, DnsProvider(DNS_DESEC),
@@ -65,5 +66,6 @@ D('sanchayanmaity.com', REG_NONE, DnsProvider(DNS_DESEC),
     SRV('_carddav._tcp'   , 0 , 0, 0  , '.'),
     SRV('_carddavs._tcp'  , 0 , 1, 443, 'carddav.fastmail.com.'),
     SRV('_caldav._tcp'    , 0 , 0, 0  , '.'),
-    SRV('_caldavs._tcp'   , 0 , 1, 443, 'caldav.fastmail.com.')
+    SRV('_caldavs._tcp'   , 0 , 1, 443, 'caldav.fastmail.com.'),
+    TLSA("_443._tcp"      , 3 , 1, 1  , "bc66287a474ef9b6bd41cf38da8d02a58d07b39ea851d117359c1cc9e70b6272")
 );