a0da5be8fc
Translate 8 documentation files from German to English: - docs/index.md (complete) - docs/getting-started/first-install.md (complete) - docs/getting-started/new-client.md (complete) - docs/getting-started/reinstall.md (complete) - docs/getting-started/sd-image.md (complete) - docs/deployment/dns.md (PTR, Hetzner, checklist sections) - docs/services/tailscale.md (code comments) - docs/services/forgejo.md (placeholder names)
3.4 KiB
3.4 KiB
DNS Configuration
Required DNS records for the cryodev infrastructure.
Primary Domain (cryodev.xyz)
A/AAAA Records
| Hostname | Type | Value | Purpose |
|---|---|---|---|
@ |
A | <SERVER_IP> |
Main server |
@ |
AAAA | <SERVER_IPV6> |
Main server (IPv6) |
www |
A | <SERVER_IP> |
www redirect |
www |
AAAA | <SERVER_IPV6> |
www redirect (IPv6) |
mail |
A | <SERVER_IP> |
Mail server |
mail |
AAAA | <SERVER_IPV6> |
Mail server (IPv6) |
CNAME Records
| Hostname | Type | Value | Purpose |
|---|---|---|---|
git |
CNAME | @ |
Forgejo |
headscale |
CNAME | @ |
Headscale |
headplane |
CNAME | @ |
Headplane |
netdata |
CNAME | @ |
Netdata Monitoring |
Mail Records
| Hostname | Type | Value | Purpose |
|---|---|---|---|
@ |
MX | 10 mail.cryodev.xyz. |
Mail delivery |
@ |
TXT | "v=spf1 mx ~all" |
SPF |
_dmarc |
TXT | "v=DMARC1; p=none" |
DMARC |
mail._domainkey |
TXT | (see below) | DKIM |
Reverse DNS (PTR)
For reliable mail delivery, a PTR record must be configured at the hosting provider (not in the domain's DNS panel):
| IP | PTR Value |
|---|---|
<SERVER_IP> |
mail.cryodev.xyz |
<SERVER_IPV6> |
mail.cryodev.xyz |
Hetzner Robot (Dedicated Server)
- robot.hetzner.com > Server > Select the server
- IPs tab
- Click the pencil icon next to the IPv4 address
- Enter
mail.cryodev.xyzand save - For IPv6: Under Subnets, repeat the same for the primary IPv6 address
Hetzner Cloud
- cloud.hetzner.com > Select the server
- Networking tab
- Under "Primary IP", click the IP > Reverse DNS
- Enter
mail.cryodev.xyz(for both IPv4 and IPv6)
Getting the DKIM Key
After deploying the mailserver, retrieve the DKIM public key:
sudo cat /var/dkim/cryodev.xyz.mail.txt
Add this as a TXT record for mail._domainkey.cryodev.xyz.
Complete Checklist
- A/AAAA for
@(root domain) - A/AAAA for
www - A/AAAA for
mail - CNAME for
git,headscale,headplane,netdata - MX record
- TXT for SPF (
v=spf1 mx ~all) - TXT for DMARC (
v=DMARC1; p=none) - TXT for DKIM (
mail._domainkey-- after first deployment) - PTR record at hosting provider (reverse DNS)
Verification
Check DNS Propagation
# A record
dig A cryodev.xyz
# MX record
dig MX cryodev.xyz
# SPF
dig TXT cryodev.xyz
# DKIM
dig TXT mail._domainkey.cryodev.xyz
# DMARC
dig TXT _dmarc.cryodev.xyz
# Reverse DNS
dig -x <SERVER_IP>
Online Tools
- MXToolbox - Comprehensive DNS/mail testing
- Mail-tester - Email deliverability testing
- DMARC Analyzer - DMARC record validation
TTL Recommendations
For initial setup, use low TTLs (300 seconds) to allow quick changes.
After verification, increase to:
- A/AAAA records: 3600 (1 hour)
- CNAME records: 3600 (1 hour)
- MX records: 3600 (1 hour)
- TXT records: 3600 (1 hour)
Firewall Requirements
Ensure these ports are open on cryodev-main:
| Port | Protocol | Service |
|---|---|---|
| 2299 | TCP | SSH |
| 80 | TCP | HTTP (ACME/redirect) |
| 443 | TCP | HTTPS |
| 25 | TCP | SMTP |
| 465 | TCP | SMTPS |
| 587 | TCP | SMTP Submission |
| 993 | TCP | IMAPS |