Need DNS records help for single server (and IP), and multi-domain mail server.
Grant Taylor
gtaylor at tnetconsulting.net
Wed Aug 23 22:30:51 UTC 2017
On 08/23/2017 01:28 PM, Tom Browder wrote:
> Given such a configuration described in the first paragraph, does the
> following set of DNS records for a domain look look appropriate:
>
> # For each domain X.TLD:
> X.TLD. IN A 142.54.186.2.
> *.X.TLD. IN CNAME X.TLD.
> X.TLD. IN MX 10 142.54.186.2.
> X.TLD. IN TXT "v=spf1 mx -all"
I would encourage you to contemplate adding DNSSEC support. DNSSEC will
enable multiple other options down the road.
Further, BIND makes it trivial to have it manage most of DNSSEC for you.
Don't forget your obligatory SOA and NS records for the zones themselves.
You may end up adding TXT records to authenticate your site for various
Google services.
Depending on what you're doing for SSL certificates, you may be
interested in CAA records to publish which CA is allowed to issue
certificates for you. Possibly DNS based authentication for Let's
Encrypt via TXT records at the _acme-challenge.example.com name.
You may end up creating various additional TXT records for things like
DMARC / DKIM.
Finally, I personally like to use Tarbaby from Junk Email Filter as a
high order MX (99) to help cut down on spam.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3717 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170823/af8f450d/attachment-0001.bin>
More information about the bind-users
mailing list