blob: 098466fdb723c1fa1f207c7436f13334bd0db5fb [file] [log] [blame] [edit]
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;; This is the zone file for the luci.app domain. This file is used
;;; to populate the zone records in the skia-public GCP project,
;;; which is where our zone file is hosted.
;;;
;;; If you add or change any records in this file then they will
;;; automatically be applied by the `zone-apply` application
;;; running in skia-infra-corp.
;;;
;;; See //skfe/go/zone-apply/README.md for more details.
;;;
;;; Once the changes have propogated you can update the tests in:
;;;
;;; //skfe/go/dns/dns_test.go
;;;
;;; And then run the tests to confirm the configuration is working
;;; as intended.
;;;
;;; bazelisk test //skfe/go/dns:dns_test
;;;
;;; See go/skia-dns for details on the registration of skia.org.
;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
$TTL 3600 ; default TTL 1 hour
;;; SSL/TLS certificates policy
;;; Certification Authority Authorization (CAA) records are
;;; used to specify which certificate authorities (CAs) are
;;; allowed to issue certificates for a domain.
;;; The record below restricts certificate issuance to
;;; Google CA only.
@ 86400 IN CAA 0 issue "pki.goog"
;;;; This record is required to validate domains for
;;;; certificate issuance.
_validate_domain 3600 IN CNAME _validate_domain.pki.goog.
;;; Master A record. Hosted in the GCP project skia-infra-public.
@ 300 IN A 34.110.212.89
;;; CNAME all the hosts for this domain.
* 3600 IN CNAME luci.app.
;;; config subdomain A record and AAAA record. Hosted in Cloud Run service
;;; luci-config in GCP Project luci-config.
config 300 IN A 216.239.32.21
config 300 IN A 216.239.34.21
config 300 IN A 216.239.36.21
config 300 IN A 216.239.38.21
config 300 IN AAAA 2001:4860:4802:32::15
config 300 IN AAAA 2001:4860:4802:34::15
config 300 IN AAAA 2001:4860:4802:36::15
config 300 IN AAAA 2001:4860:4802:38::15
;;; config-dev subdomain A record and AAAA record. Hosted in Cloud Run service
;;; luci-config-dev in GCP Project luci-config-dev.
config-dev 300 IN A 216.239.32.21
config-dev 300 IN A 216.239.34.21
config-dev 300 IN A 216.239.36.21
config-dev 300 IN A 216.239.38.21
config-dev 300 IN AAAA 2001:4860:4802:32::15
config-dev 300 IN AAAA 2001:4860:4802:34::15
config-dev 300 IN AAAA 2001:4860:4802:36::15
config-dev 300 IN AAAA 2001:4860:4802:38::15
;;; TXT records for site verification
config 3600 IN TXT "google-site-verification=RQ5PG1uJSEsw-ypgV7fSHduKsVeLOAji3JIAINecC8A"
config-dev 3600 IN TXT "google-site-verification=xhhLX2KKlm_Eq8crnrbqSkAueTKVaRKUjvqhxi8P-tw"
;;; LUCI Analysis.
;;; Production hosted in GCP Project luci-analysis.
;;; Staging hosted in GCP Project luci-analysis-dev.
;;; Buganizer testing hosted in GCP Project chops-weetbix-dev.
analysis.api 300 IN A 34.36.210.79
staging.analysis.api 300 IN A 35.244.170.126
*.staging.analysis.api 300 IN A 35.244.170.126
staging.weetbix.api 300 IN A 34.54.113.219
*.staging.weetbix.api 300 IN A 34.54.113.219
;; Do not use the address 2600:1901:0:489:: (ending in all zeroes)
;; as this IP can be used as the anycast address for the subnet.
analysis.api 300 IN AAAA 2600:1901:0:312f::10
staging.analysis.api 300 IN AAAA 2600:1901:0:489::10
*.staging.analysis.api 300 IN AAAA 2600:1901:0:489::10
staging.weetbix.api 300 IN AAAA 2600:1901:0:4897::10
*.staging.weetbix.api 300 IN AAAA 2600:1901:0:4897::10
;;; LUCI Bisection.
;;; Production hosted in GCP Project luci-bisection.
;;; Staging hosted in GCP Project luci-bisection-dev.
bisection.api 300 IN A 34.54.234.46
staging.bisection.api 300 IN A 34.49.80.97
*.staging.bisection.api 300 IN A 34.49.80.97
bisection.api 300 IN AAAA 2600:1901:0:fbc7::10
staging.bisection.api 300 IN AAAA 2600:1901:0:7e33::10
*.staging.bisection.api 300 IN AAAA 2600:1901:0:7e33::10
;;; LUCI Milo.
;;; Production hosted in GCP Project luci-milo.
;;; Staging hosted in GCP Project luci-milo-dev.
milo.api 300 IN A 34.54.88.98
staging.milo.api 300 IN A 34.54.86.131
*.staging.milo.api 300 IN A 34.54.86.131
milo.api 300 IN AAAA 2600:1901:0:287c::10
staging.milo.api 300 IN AAAA 2600:1901:0:6207::10
*.staging.milo.api 300 IN AAAA 2600:1901:0:6207::10
;;; LUCI Notify.
;;; Production hosted in GCP Project luci-notify.
;;; Staging hosted in GCP Project luci-notify-dev.
notify.api 300 IN A 34.102.138.22
staging.notify.api 300 IN A 34.107.239.117
*.staging.notify.api 300 IN A 34.107.239.117
notify.api 300 IN AAAA 2600:1901:0:bb3c::10
staging.notify.api 300 IN AAAA 2600:1901:0:afd7::10
*.staging.notify.api 300 IN AAAA 2600:1901:0:afd7::10
;;; LUCI Source Index.
;;; Production hosted in GCP Project luci-source-index.
;;; Staging hosted in GCP Project luci-source-index-dev.
sourceindex.api 300 IN A 34.144.246.9
staging.sourceindex.api 300 IN A 35.190.0.117
*.staging.sourceindex.api 300 IN A 35.190.0.117
sourceindex.api 300 IN AAAA 2600:1901:0:f175::10
staging.sourceindex.api 300 IN AAAA 2600:1901:0:670e::10
*.staging.sourceindex.api 300 IN AAAA 2600:1901:0:670e::10
;;; LUCI Teams.
;;; Production hosted in GCP Project luci-teams.
;;; Staging hosted in GCP Project luci-teams-dev.
teams.api 300 IN A 34.117.98.141
staging.teams.api 300 IN A 35.190.79.93
*.staging.teams.api 300 IN A 35.190.79.93
teams.api 300 IN AAAA 2600:1901:0:218a::10
staging.teams.api 300 IN AAAA 2600:1901:0:68c1::10
*.staging.teams.api 300 IN AAAA 2600:1901:0:68c1::10
;;; LUCI Tree Status.
;;; Production hosted in GCP Project luci-tree-status.
;;; Staging hosted in GCP Project luci-tree-status-dev.
treestatus.api 300 IN A 34.49.214.220
staging.treestatus.api 300 IN A 34.96.70.99
*.staging.treestatus.api 300 IN A 34.96.70.99
treestatus.api 300 IN AAAA 2600:1901:0:6408::10
staging.treestatus.api 300 IN AAAA 2600:1901:0:a74e::10
*.staging.treestatus.api 300 IN AAAA 2600:1901:0:a74e::10
;;; CNAME records for certificate domain ownership verification.
;;; See https://cloud.google.com/certificate-manager/docs/dns-authorizations
;;; LUCI Analysis.
_acme-challenge.analysis.api 3600 IN CNAME (
f741f022-b926-4023-a9ac-e99fbf5d54c1.15.authorize.certificatemanager.goog. )
_acme-challenge.staging.analysis.api 3600 IN CNAME (
2c7f813c-1ce4-4c7a-96a5-53723121ca5b.12.authorize.certificatemanager.goog. )
_acme-challenge.staging.weetbix.api 3600 IN CNAME (
6dd6bacc-7f06-4134-8ebe-d97f5e83713d.11.authorize.certificatemanager.goog. )
;;; LUCI Bisection.
_acme-challenge.bisection.api 3600 IN CNAME (
4c8db828-0d74-48d9-b611-e71bd761c001.19.authorize.certificatemanager.goog. )
_acme-challenge.staging.bisection.api 3600 IN CNAME (
d42a57d1-2db3-489f-ac12-ca66324b022a.14.authorize.certificatemanager.goog. )
;;; LUCI Milo.
_acme-challenge.milo.api 3600 IN CNAME (
cfe233c1-96a4-4644-8673-e931d5c06202.12.authorize.certificatemanager.goog. )
_acme-challenge.staging.milo.api 3600 IN CNAME (
2a8e87f3-baa9-40c8-a2f6-7e0a20828eec.1.authorize.certificatemanager.goog. )
;;; LUCI Notify.
_acme-challenge.notify.api 3600 IN CNAME (
1918d404-6e4f-4651-ba6c-0b62f95a8f26.3.authorize.certificatemanager.goog. )
_acme-challenge.staging.notify.api 3600 IN CNAME (
c282b0fc-121a-4250-8559-7f83664d1d4a.16.authorize.certificatemanager.goog. )
;;; LUCI Source Index.
_acme-challenge.sourceindex.api 3600 IN CNAME (
33f244cb-7681-4c68-8cf0-c08f48f8572d.9.authorize.certificatemanager.goog. )
_acme-challenge.staging.sourceindex.api 3600 IN CNAME (
41dffe04-7a9a-4e69-b7d2-e98e0c850812.13.authorize.certificatemanager.goog. )
;;; LUCI Teams.
_acme-challenge.teams.api 3600 IN CNAME (
72f19f8f-83bc-4246-8b00-239bc89f332e.11.authorize.certificatemanager.goog. )
_acme-challenge.staging.teams.api 3600 IN CNAME (
008420fd-336b-4400-badc-b67880d1511d.2.authorize.certificatemanager.goog. )
;;; LUCI Tree Status.
_acme-challenge.treestatus.api 3600 IN CNAME (
cf6f1189-c322-4fd8-b5fb-9826d6416a03.18.authorize.certificatemanager.goog. )
_acme-challenge.staging.treestatus.api 3600 IN CNAME (
da0fe0b0-4d10-41a3-82cb-73b7593b8866.19.authorize.certificatemanager.goog. )
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;; End of luci.app.zone
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;