diff --git a/docs/deployment/dns.md b/docs/deployment/dns.md
index 0e00b35..0c72bbc 100644
--- a/docs/deployment/dns.md
+++ b/docs/deployment/dns.md
@@ -10,6 +10,8 @@ Required DNS records for the cryodev infrastructure.
 |----------|------|-------|---------|
 | `@` | A | `<SERVER_IP>` | Main server |
 | `@` | AAAA | `<SERVER_IPV6>` | Main server (IPv6) |
+| `www` | A | `<SERVER_IP>` | www redirect |
+| `www` | AAAA | `<SERVER_IPV6>` | www redirect (IPv6) |
 | `mail` | A | `<SERVER_IP>` | Mail server |
 | `mail` | AAAA | `<SERVER_IPV6>` | Mail server (IPv6) |
 
@@ -29,7 +31,20 @@ Required DNS records for the cryodev infrastructure.
 | `@` | MX | `10 mail.cryodev.xyz.` | Mail delivery |
 | `@` | TXT | `"v=spf1 mx ~all"` | SPF |
 | `_dmarc` | TXT | `"v=DMARC1; p=none"` | DMARC |
-| `mail._domainkey` | TXT | `"v=DKIM1; k=rsa; p=..."` | DKIM |
+| `mail._domainkey` | TXT | *(siehe unten)* | DKIM |
+
+### Reverse DNS (PTR)
+
+Fuer zuverlaessige Mail-Zustellung muss ein **PTR Record** beim Hosting-Provider
+konfiguriert werden (nicht im DNS-Panel der Domain):
+
+| IP | PTR Value |
+|----|-----------|
+| `<SERVER_IP>` | `mail.cryodev.xyz` |
+| `<SERVER_IPV6>` | `mail.cryodev.xyz` |
+
+> **Hinweis:** PTR Records werden beim Hosting-Provider (z.B. Hetzner Robot)
+> konfiguriert, nicht im Domain-DNS-Panel.
 
 ## Getting the DKIM Key
 
@@ -41,6 +56,18 @@ sudo cat /var/dkim/cryodev.xyz.mail.txt
 
 Add this as a TXT record for `mail._domainkey.cryodev.xyz`.
 
+## Complete Checklist
+
+- [ ] A/AAAA fuer `@` (Root-Domain)
+- [ ] A/AAAA fuer `www`
+- [ ] A/AAAA fuer `mail`
+- [ ] CNAME fuer `git`, `headscale`, `headplane`, `netdata`
+- [ ] MX Record
+- [ ] TXT fuer SPF (`v=spf1 mx ~all`)
+- [ ] TXT fuer DMARC (`v=DMARC1; p=none`)
+- [ ] TXT fuer DKIM (`mail._domainkey` -- nach erstem Deploy)
+- [ ] PTR Record beim Hosting-Provider (Reverse DNS)
+
 ## Verification
 
 ### Check DNS Propagation
@@ -60,6 +87,9 @@ dig TXT mail._domainkey.cryodev.xyz
 
 # DMARC
 dig TXT _dmarc.cryodev.xyz
+
+# Reverse DNS
+dig -x <SERVER_IP>
 ```
 
 ### Online Tools
@@ -74,7 +104,7 @@ For initial setup, use low TTLs (300 seconds) to allow quick changes.
 
 After verification, increase to:
 - A/AAAA records: 3600 (1 hour)
-- CNAME records: 3600 (1 hour)  
+- CNAME records: 3600 (1 hour)
 - MX records: 3600 (1 hour)
 - TXT records: 3600 (1 hour)
 
@@ -84,7 +114,7 @@ Ensure these ports are open on `cryodev-main`:
 
 | Port | Protocol | Service |
 |------|----------|---------|
-| 22 | TCP | SSH |
+| 2299 | TCP | SSH |
 | 80 | TCP | HTTP (ACME/redirect) |
 | 443 | TCP | HTTPS |
 | 25 | TCP | SMTP |