complete DNS docs: add www, PTR record, DKIM checklist, fix SSH port

2026-03-14 12:58:15 +01:00 · 2026-03-14 12:58:15 +01:00 · 9f4f8b9c97
commit 9f4f8b9c97
parent da219a52ec
1 changed files with 33 additions and 3 deletions
--- a/docs/deployment/dns.md
+++ b/docs/deployment/dns.md
@ -10,6 +10,8 @@ Required DNS records for the cryodev infrastructure.
 |----------|------|-------|---------|
 | `@` | A | `<SERVER_IP>` | Main server |
 | `@` | AAAA | `<SERVER_IPV6>` | Main server (IPv6) |
 | `www` | A | `<SERVER_IP>` | www redirect |
 | `www` | AAAA | `<SERVER_IPV6>` | www redirect (IPv6) |
 | `mail` | A | `<SERVER_IP>` | Mail server |
 | `mail` | AAAA | `<SERVER_IPV6>` | Mail server (IPv6) |
@ -29,7 +31,20 @@ Required DNS records for the cryodev infrastructure.
 | `@` | MX | `10 mail.cryodev.xyz.` | Mail delivery |
 | `@` | TXT | `"v=spf1 mx ~all"` | SPF |
 | `_dmarc` | TXT | `"v=DMARC1; p=none"` | DMARC |
-| `mail._domainkey` | TXT | `"v=DKIM1; k=rsa; p=..."` | DKIM |
+| `mail._domainkey` | TXT | *(siehe unten)* | DKIM |
 ### Reverse DNS (PTR)
 Fuer zuverlaessige Mail-Zustellung muss ein **PTR Record** beim Hosting-Provider
 konfiguriert werden (nicht im DNS-Panel der Domain):
 | IP | PTR Value |
 |----|-----------|
 | `<SERVER_IP>` | `mail.cryodev.xyz` |
 | `<SERVER_IPV6>` | `mail.cryodev.xyz` |
 > **Hinweis:** PTR Records werden beim Hosting-Provider (z.B. Hetzner Robot)
 > konfiguriert, nicht im Domain-DNS-Panel.
 ## Getting the DKIM Key
@ -41,6 +56,18 @@ sudo cat /var/dkim/cryodev.xyz.mail.txt
 Add this as a TXT record for `mail._domainkey.cryodev.xyz`.
 ## Complete Checklist
 - [ ] A/AAAA fuer `@` (Root-Domain)
 - [ ] A/AAAA fuer `www`
 - [ ] A/AAAA fuer `mail`
 - [ ] CNAME fuer `git`, `headscale`, `headplane`, `netdata`
 - [ ] MX Record
 - [ ] TXT fuer SPF (`v=spf1 mx ~all`)
 - [ ] TXT fuer DMARC (`v=DMARC1; p=none`)
 - [ ] TXT fuer DKIM (`mail._domainkey` -- nach erstem Deploy)
 - [ ] PTR Record beim Hosting-Provider (Reverse DNS)
 ## Verification
 ### Check DNS Propagation
@ -60,6 +87,9 @@ dig TXT mail._domainkey.cryodev.xyz
 # DMARC
 dig TXT _dmarc.cryodev.xyz
 # Reverse DNS
 dig -x <SERVER_IP>
 ```
 ### Online Tools
@ -74,7 +104,7 @@ For initial setup, use low TTLs (300 seconds) to allow quick changes.
 After verification, increase to:
 - A/AAAA records: 3600 (1 hour)
- CNAME records: 3600 (1 hour)  
+- CNAME records: 3600 (1 hour)
 - MX records: 3600 (1 hour)
 - TXT records: 3600 (1 hour)
@ -84,7 +114,7 @@ Ensure these ports are open on `cryodev-main`:
 | Port | Protocol | Service |
 |------|----------|---------|
-| 22 | TCP | SSH |
+| 2299 | TCP | SSH |
 | 80 | TCP | HTTP (ACME/redirect) |
 | 443 | TCP | HTTPS |
 | 25 | TCP | SMTP |