3.4 KiB
3.4 KiB
DNS Configuration
Required DNS records for the cryodev infrastructure.
Primary Domain (cryodev.xyz)
A/AAAA Records
| Hostname | Type | Value | Purpose |
|---|---|---|---|
@ |
A | <SERVER_IP> |
Main server |
@ |
AAAA | <SERVER_IPV6> |
Main server (IPv6) |
www |
A | <SERVER_IP> |
www redirect |
www |
AAAA | <SERVER_IPV6> |
www redirect (IPv6) |
mail |
A | <SERVER_IP> |
Mail server |
mail |
AAAA | <SERVER_IPV6> |
Mail server (IPv6) |
CNAME Records
| Hostname | Type | Value | Purpose |
|---|---|---|---|
git |
CNAME | @ |
Forgejo |
headscale |
CNAME | @ |
Headscale |
headplane |
CNAME | @ |
Headplane |
netdata |
CNAME | @ |
Netdata Monitoring |
Mail Records
| Hostname | Type | Value | Purpose |
|---|---|---|---|
@ |
MX | 10 mail.cryodev.xyz. |
Mail delivery |
@ |
TXT | "v=spf1 mx ~all" |
SPF |
_dmarc |
TXT | "v=DMARC1; p=none" |
DMARC |
mail._domainkey |
TXT | (siehe unten) | DKIM |
Reverse DNS (PTR)
Fuer zuverlaessige Mail-Zustellung muss ein PTR Record beim Hosting-Provider konfiguriert werden (nicht im DNS-Panel der Domain):
| IP | PTR Value |
|---|---|
<SERVER_IP> |
mail.cryodev.xyz |
<SERVER_IPV6> |
mail.cryodev.xyz |
Hetzner Robot (Dedicated Server)
- robot.hetzner.com > Server > Server auswaehlen
- IPs Tab
- Bei der IPv4-Adresse auf das Stift-Symbol klicken
mail.cryodev.xyzeintragen und speichern- Fuer IPv6: Unter Subnets dasselbe fuer die primaere IPv6-Adresse
Hetzner Cloud
- cloud.hetzner.com > Server auswaehlen
- Networking Tab
- Bei "Primary IP" auf die IP klicken > Reverse DNS
mail.cryodev.xyzeintragen (fuer IPv4 und IPv6)
Getting the DKIM Key
After deploying the mailserver, retrieve the DKIM public key:
sudo cat /var/dkim/cryodev.xyz.mail.txt
Add this as a TXT record for mail._domainkey.cryodev.xyz.
Complete Checklist
- A/AAAA fuer
@(Root-Domain) - A/AAAA fuer
www - A/AAAA fuer
mail - CNAME fuer
git,headscale,headplane,netdata - MX Record
- TXT fuer SPF (
v=spf1 mx ~all) - TXT fuer DMARC (
v=DMARC1; p=none) - TXT fuer DKIM (
mail._domainkey-- nach erstem Deploy) - PTR Record beim Hosting-Provider (Reverse DNS)
Verification
Check DNS Propagation
# A record
dig A cryodev.xyz
# MX record
dig MX cryodev.xyz
# SPF
dig TXT cryodev.xyz
# DKIM
dig TXT mail._domainkey.cryodev.xyz
# DMARC
dig TXT _dmarc.cryodev.xyz
# Reverse DNS
dig -x <SERVER_IP>
Online Tools
- MXToolbox - Comprehensive DNS/mail testing
- Mail-tester - Email deliverability testing
- DMARC Analyzer - DMARC record validation
TTL Recommendations
For initial setup, use low TTLs (300 seconds) to allow quick changes.
After verification, increase to:
- A/AAAA records: 3600 (1 hour)
- CNAME records: 3600 (1 hour)
- MX records: 3600 (1 hour)
- TXT records: 3600 (1 hour)
Firewall Requirements
Ensure these ports are open on cryodev-main:
| Port | Protocol | Service |
|---|---|---|
| 2299 | TCP | SSH |
| 80 | TCP | HTTP (ACME/redirect) |
| 443 | TCP | HTTPS |
| 25 | TCP | SMTP |
| 465 | TCP | SMTPS |
| 587 | TCP | SMTP Submission |
| 993 | TCP | IMAPS |