complete DNS docs: add www, PTR record, DKIM checklist, fix SSH port
This commit is contained in:
steffen
parent
da219a52ec
commit
9f4f8b9c97
1 changed files with 33 additions and 3 deletions
|
|
@ -10,6 +10,8 @@ Required DNS records for the cryodev infrastructure.
|
|||
|----------|------|-------|---------|
|
||||
| `@` | A | `<SERVER_IP>` | Main server |
|
||||
| `@` | AAAA | `<SERVER_IPV6>` | Main server (IPv6) |
|
||||
| `www` | A | `<SERVER_IP>` | www redirect |
|
||||
| `www` | AAAA | `<SERVER_IPV6>` | www redirect (IPv6) |
|
||||
| `mail` | A | `<SERVER_IP>` | Mail server |
|
||||
| `mail` | AAAA | `<SERVER_IPV6>` | Mail server (IPv6) |
|
||||
|
||||
|
|
@ -29,7 +31,20 @@ Required DNS records for the cryodev infrastructure.
|
|||
| `@` | MX | `10 mail.cryodev.xyz.` | Mail delivery |
|
||||
| `@` | TXT | `"v=spf1 mx ~all"` | SPF |
|
||||
| `_dmarc` | TXT | `"v=DMARC1; p=none"` | DMARC |
|
||||
| `mail._domainkey` | TXT | `"v=DKIM1; k=rsa; p=..."` | DKIM |
|
||||
| `mail._domainkey` | TXT | *(siehe unten)* | DKIM |
|
||||
|
||||
### Reverse DNS (PTR)
|
||||
|
||||
Fuer zuverlaessige Mail-Zustellung muss ein **PTR Record** beim Hosting-Provider
|
||||
konfiguriert werden (nicht im DNS-Panel der Domain):
|
||||
|
||||
| IP | PTR Value |
|
||||
|----|-----------|
|
||||
| `<SERVER_IP>` | `mail.cryodev.xyz` |
|
||||
| `<SERVER_IPV6>` | `mail.cryodev.xyz` |
|
||||
|
||||
> **Hinweis:** PTR Records werden beim Hosting-Provider (z.B. Hetzner Robot)
|
||||
> konfiguriert, nicht im Domain-DNS-Panel.
|
||||
|
||||
## Getting the DKIM Key
|
||||
|
||||
|
|
@ -41,6 +56,18 @@ sudo cat /var/dkim/cryodev.xyz.mail.txt
|
|||
|
||||
Add this as a TXT record for `mail._domainkey.cryodev.xyz`.
|
||||
|
||||
## Complete Checklist
|
||||
|
||||
- [ ] A/AAAA fuer `@` (Root-Domain)
|
||||
- [ ] A/AAAA fuer `www`
|
||||
- [ ] A/AAAA fuer `mail`
|
||||
- [ ] CNAME fuer `git`, `headscale`, `headplane`, `netdata`
|
||||
- [ ] MX Record
|
||||
- [ ] TXT fuer SPF (`v=spf1 mx ~all`)
|
||||
- [ ] TXT fuer DMARC (`v=DMARC1; p=none`)
|
||||
- [ ] TXT fuer DKIM (`mail._domainkey` -- nach erstem Deploy)
|
||||
- [ ] PTR Record beim Hosting-Provider (Reverse DNS)
|
||||
|
||||
## Verification
|
||||
|
||||
### Check DNS Propagation
|
||||
|
|
@ -60,6 +87,9 @@ dig TXT mail._domainkey.cryodev.xyz
|
|||
|
||||
# DMARC
|
||||
dig TXT _dmarc.cryodev.xyz
|
||||
|
||||
# Reverse DNS
|
||||
dig -x <SERVER_IP>
|
||||
```
|
||||
|
||||
### Online Tools
|
||||
|
|
@ -84,7 +114,7 @@ Ensure these ports are open on `cryodev-main`:
|
|||
|
||||
| Port | Protocol | Service |
|
||||
|------|----------|---------|
|
||||
| 22 | TCP | SSH |
|
||||
| 2299 | TCP | SSH |
|
||||
| 80 | TCP | HTTP (ACME/redirect) |
|
||||
| 443 | TCP | HTTPS |
|
||||
| 25 | TCP | SMTP |
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue