Difference between revisions of "CNMCyber.com DNS"

From CNM Wiki
Jump to: navigation, search
(SOA and NS)
 
(25 intermediate revisions by the same user not shown)
Line 1: Line 1:
a @ 207.244.231.53 600 seconds
+
[[CNMCyber.com DNS]] is the subset of [[Opplet DNS]] that is created and administered to handle [[DNS record]]s for [[CNMCyber.com]].
a cert 207.244.231.53 1 Hour
 
a corp 188.34.147.106 600 seconds
 
a dash-status 188.34.147.107 600 seconds
 
a influxdb 188.34.147.107 600 seconds
 
a lab 207.244.231.53 1 Hour
 
a mail 62.171.189.106 1 Hour
 
a monitor 188.34.147.107 600 seconds
 
a next 5.9.40.148 1 Hour
 
a npm 188.34.147.107 600 seconds
 
a page 207.244.231.53 1 Hour
 
a pass 188.34.147.107 600 seconds
 
a portainer 188.34.147.107 600 seconds
 
a social 188.34.147.106 1 Hour
 
a status 188.34.147.107 600 seconds
 
a talk 188.34.147.106 1 Hour
 
a tube 207.244.231.53 1 Hour
 
a wiki 207.244.231.53 1 Hour
 
ns @ ns63.domaincontrol.com. 1 Hour
 
ns @ ns64.domaincontrol.com. 1 Hour
 
cname d6seqr27awll.mail.cnmcyber.com gv-xwlt4chigzes6a.dv.googlehosted.com. 1 Hour
 
cname www cnmcyber.com. 1 Hour
 
cname _domainconnect _domainconnect.gd.domaincontrol.com. 1 Hour
 
soa @ Primary nameserver: ns63.domaincontrol.com. 1 Hour
 
mx @ mail.cnmcyber.com. (Priority: 10) 1 Hour
 
mx next.cnmcyber.com mail.next.cnmcyber.com. (Priority: 10) 1 Hour
 
txt @ google-site-verification=NoAShLTQRVThCMTCbQtDGrBYB8JEacObhSg4DmbYwmA 1 Day
 
txt @ v=spf1 +a +mx +a:mail.cnmcyber.com ~all 1 Hour
 
txt mail._domainkey v=DKIM1; h=sha256; k=rsa; t=y; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYkGdTezRjLEjaicGQSfVyD30bp8P3Ezmv08cFwuDsOg+8zQCNNP8qXYZ0gYo6PQSU+E2yznlSBebwouMVhHjs4+4n+s3KxoJ3wr/fIL+hztwpJ5OArEx7U9CtJMn5GKkLRT1oCmaIk77yLQN2X4ibHs8YbwZIuCMw8qq6BAMzEMLcqMjh22CYgUO4psPOs+GegwT4AvbFgoJ9yYyB+LoSE9f1w0vSVB1qdSrEUyDevnzKgmzJB1fIn/XmxgAVT+Yoa4FhsLTExCzrNf8o52GpBK+tz4O0s3bBz+EJbO5PA3ik/0GpIPrj4mAz3Xoqv+z2WQRNimI9Wv/EyA9pIU1wIDAQAB; 1 Hour
 
txt _acme-challenge.corp
 
txt _acme-challenge.social
 
txt _acme-challenge.talk
 
txt _dmarc v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:postmaster@cnmcyber.com 1 Hour
 
  
cnmcyber.com 35 a / 1 mX / 3 nS / 1 sOA / 1 tXT (NS: digitalocean.com)
 
  
TXT mail.next.cnmcyber.com returns v=spf1 +a +mx -all
+
==Non-mail DNS records==
MX mail.next.cnmcyber.com mail handled by mail.next.cnmcyber.com.
+
===SOA and NS===
A opplet.handson.cnmcyber.com directs to 159.65.220.3
+
{|class="wikitable" width=100%
A cabin.cnmcyber.com directs to 159.89.93.1
+
!Type!!Resource record!!Data
A talk.handson.cnmcyber.com directs to 159.65.220.3
+
|-
A venture.handson.cnmcyber.com directs to 159.65.220.3
+
|soa||@||Primary nameserver: ns63.domaincontrol.com.
A linkup.handson.cnmcyber.com directs to 159.65.220.3
+
|-
A lab.handson.cnmcyber.com directs to 159.65.220.3
+
|ns||@||ns63.domaincontrol.com.
A mail.handson.cnmcyber.com directs to 159.65.220.3
+
|-
A cert.handson.cnmcyber.com directs to 159.65.220.3
+
|ns||@||ns64.domaincontrol.com.
A wiki.handson.cnmcyber.com directs to 159.65.220.3
+
|}
A page.handson.cnmcyber.com directs to 159.65.220.3
+
 
A tube.handson.cnmcyber.com directs to 159.65.220.3
+
===A and AAAA===
A social.handson.cnmcyber.com directs to 159.65.220.3
+
{|class="wikitable" width=100%
A handson.cnmcyber.com directs to 165.22.107.127
+
!Type!!Resource record!!Data
A social.next.cnmcyber.com directs to 167.71.244.79
+
|-
A tube.next.cnmcyber.com directs to 167.71.244.79
+
|a||@||88.99.214.92
A page.next.cnmcyber.com directs to 167.71.244.79
+
|-
A wiki.next.cnmcyber.com directs to 167.71.244.79
+
|a||cert||88.99.214.92
A cert.next.cnmcyber.com directs to 167.71.244.79
+
|-
A mail.next.cnmcyber.com directs to 164.68.97.65
+
|a||corp||188.34.147.106
A lab.next.cnmcyber.com directs to 167.71.244.79
+
|-
A linkup.next.cnmcyber.com directs to 167.71.244.79
+
|a||dash-status||188.34.147.107
A venture.next.cnmcyber.com directs to 167.71.244.79
+
|-
A talk.next.cnmcyber.com directs to 167.71.244.79
+
|a||focalboard||188.34.147.107
A next.cnmcyber.com directs to 167.71.244.79
+
|-
A cnmcyber.com directs to 159.89.230.212
+
|a||influxdb||188.34.147.107
A talk.cnmcyber.com directs to 159.89.230.212
+
|-
A venture.cnmcyber.com directs to 159.89.230.212
+
|a||lab||88.99.214.92
A linkup.cnmcyber.com directs to 159.89.230.212
+
|-
A lab.cnmcyber.com directs to 159.89.230.212
+
|a||mail||188.34.147.106
A mail.cnmcyber.com directs to 159.89.230.212
+
|-
A cert.cnmcyber.com directs to 159.89.230.212
+
|a||monitor||188.34.147.107
A wiki.cnmcyber.com directs to 159.89.230.212
+
|-
A page.cnmcyber.com directs to 159.89.230.212
+
|a||next||5.9.40.148
A tube.cnmcyber.com directs to 159.89.230.212
+
|-
A social.cnmcyber.com directs to 159.89.230.212
+
|a||npm||188.34.147.107
 +
|-
 +
|a||page||88.99.214.92
 +
|-
 +
|a||pass||188.34.147.107
 +
|-
 +
|a||portainer||188.34.147.107
 +
|-
 +
|a||social||188.34.147.106
 +
|-
 +
|a||status||188.34.147.107
 +
|-
 +
|a||taiga||88.99.214.92
 +
|-
 +
|a||talk||188.34.147.106
 +
|-
 +
|a||tube||88.99.214.92
 +
|-
 +
|a||wiki||88.99.214.92
 +
|}
 +
 
 +
===CNAME===
 +
{|class="wikitable" width=100%
 +
!Type!!Resource record!!Data
 +
|-
 +
|cname||www||cnmcyber.com.
 +
|}
 +
 
 +
==Mail DNS records==
 +
===MX===
 +
{|class="wikitable" width=100%
 +
!Type!!Resource record!!Data
 +
|-
 +
|mx||@||mail.cnmcyber.com. (Priority: 10)
 +
|-
 +
|mx||next.cnmcyber.com||mail.next.cnmcyber.com. (Priority: 10)
 +
|}
 +
 
 +
===SPF===
 +
{|class="wikitable" width=100%
 +
!Type!!Resource record!!Data
 +
|-
 +
|txt||@||v=spf1 a mx ip4:188.34.147.106 ~all
 +
|}
 +
 
 +
===DKIM===
 +
{|class="wikitable" width=100%
 +
!Type!!Resource record!!Data
 +
|-
 +
|txt||mail._domainkey||v=DKIM1; h=sha256; k=rsa; t=s; s=mail; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu88YzniPNK8Dolkeb5ZJ3m2ugbZu8BYt0S8iPzns1RlqoCzkUNebfMOI4BxfzHyvFu7zP89Zsqy3amNiBIX1i/w4j6uULmgNm9MAWt99Bxy9sZOORhSC6jz5T16tehmLjbXd3L4LwPVP4OE9CmMgFL/rSp5ytKRp2mXGAH+0hEZk8TVh5AeLcMSCka4IIxIaFDeMJs5mjmMMKy9mt6sTfH8yH09yFEuPepKSr/IO/ENGUVnjr4KOTTWI1BGnQDN1JVxRx88eY1btlzfs2gX5tCYSlhlZOwfFshobr9xb2RgW4b8Q/8SuqJ6XAt9CeuoJJjHxVL1B/C0fPCaFPJzUEQIDAQAB
 +
|}
 +
 
 +
Your DKIM record seems to be valid, but there are some optional tags that you can add or modify to improve your email authentication. Here are some suggestions:
 +
# You can add the s tag to specify the service types that your DKIM record applies to. For example, if you only use your domain for email, you can add s=email to your record.
 +
# You can change the t tag to remove the y flag, which indicates that your DKIM record is in testing mode. This flag may cause some email receivers to ignore your DKIM signature. You can either delete the t=y tag or change it to t=s to indicate that your DKIM record is in strict mode.
 +
# You can add the n tag to provide a note or comment for your DKIM record. This can be useful for administrative purposes or for debugging issues. For example, you can add n=This is my DKIM record for mail._domainkey to your record.
 +
 
 +
A DKIM DNS record is valid if it contains the following elements:
 +
* The version, which is usually v=DKIM1
 +
* The encryption algorithm, which is always RSA (k=rsa)
 +
* The public key, which is a long string of characters (p=...)
 +
* Optionally, some other tags that specify the service types, the testing mode, or the notes for the record (s=..., t=..., n=...)
 +
These elements are stored as a TXT record in the domain’s DNS zone, and they are used to verify the digital signature of the emails sent from that domain. The digital signature ensures that the email has not been tampered with and that it comes from a legitimate sender.
 +
 
 +
===DMARC===
 +
{|class="wikitable" width=100%
 +
!Type!!Resource record!!Data
 +
|-
 +
|txt||_dmarc||v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:postmaster@cnmcyber.com
 +
|}
 +
 
 +
===Other records===
 +
{|class="wikitable" width=100%
 +
!Type!!Resource record!!Data
 +
|-
 +
|txt||@||google-site-verification=NoAShLTQRVThCMTCbQtDGrBYB8JEacObhSg4DmbYwmA
 +
|-
 +
|txt||_acme-challenge.corp||QlxBC4Pv_oiA5XNoR3HtJZM8tO9ifiqTx2UucKW2xxU
 +
|-
 +
|txt||_acme-challenge.social||pr3Pw-RToXjuAs5Uebu5uDu208ZQYyAvmO3ztbAUQDY
 +
|-
 +
|txt||_acme-challenge.talk||N6-YE8SjvofQgWzVOgu1MAaJAFfoBQE1K3Ncb49fb2M
 +
|}
 +
 
 +
==Web hosting==
 +
===Location===
 +
===BIND===
 +
===SSL certificates===
 +
==Web servers==
 +
===Choice===
 +
===Files===
 +
==Administration==
 +
===API===
 +
===Choice of model===

Latest revision as of 14:19, 6 March 2024

CNMCyber.com DNS is the subset of Opplet DNS that is created and administered to handle DNS records for CNMCyber.com.


Non-mail DNS records

SOA and NS

Type Resource record Data
soa @ Primary nameserver: ns63.domaincontrol.com.
ns @ ns63.domaincontrol.com.
ns @ ns64.domaincontrol.com.

A and AAAA

Type Resource record Data
a @ 88.99.214.92
a cert 88.99.214.92
a corp 188.34.147.106
a dash-status 188.34.147.107
a focalboard 188.34.147.107
a influxdb 188.34.147.107
a lab 88.99.214.92
a mail 188.34.147.106
a monitor 188.34.147.107
a next 5.9.40.148
a npm 188.34.147.107
a page 88.99.214.92
a pass 188.34.147.107
a portainer 188.34.147.107
a social 188.34.147.106
a status 188.34.147.107
a taiga 88.99.214.92
a talk 188.34.147.106
a tube 88.99.214.92
a wiki 88.99.214.92

CNAME

Type Resource record Data
cname www cnmcyber.com.

Mail DNS records

MX

Type Resource record Data
mx @ mail.cnmcyber.com. (Priority: 10)
mx next.cnmcyber.com mail.next.cnmcyber.com. (Priority: 10)

SPF

Type Resource record Data
txt @ v=spf1 a mx ip4:188.34.147.106 ~all

DKIM

Type Resource record Data
txt mail._domainkey v=DKIM1; h=sha256; k=rsa; t=s; s=mail; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu88YzniPNK8Dolkeb5ZJ3m2ugbZu8BYt0S8iPzns1RlqoCzkUNebfMOI4BxfzHyvFu7zP89Zsqy3amNiBIX1i/w4j6uULmgNm9MAWt99Bxy9sZOORhSC6jz5T16tehmLjbXd3L4LwPVP4OE9CmMgFL/rSp5ytKRp2mXGAH+0hEZk8TVh5AeLcMSCka4IIxIaFDeMJs5mjmMMKy9mt6sTfH8yH09yFEuPepKSr/IO/ENGUVnjr4KOTTWI1BGnQDN1JVxRx88eY1btlzfs2gX5tCYSlhlZOwfFshobr9xb2RgW4b8Q/8SuqJ6XAt9CeuoJJjHxVL1B/C0fPCaFPJzUEQIDAQAB

Your DKIM record seems to be valid, but there are some optional tags that you can add or modify to improve your email authentication. Here are some suggestions:

  1. You can add the s tag to specify the service types that your DKIM record applies to. For example, if you only use your domain for email, you can add s=email to your record.
  2. You can change the t tag to remove the y flag, which indicates that your DKIM record is in testing mode. This flag may cause some email receivers to ignore your DKIM signature. You can either delete the t=y tag or change it to t=s to indicate that your DKIM record is in strict mode.
  3. You can add the n tag to provide a note or comment for your DKIM record. This can be useful for administrative purposes or for debugging issues. For example, you can add n=This is my DKIM record for mail._domainkey to your record.

A DKIM DNS record is valid if it contains the following elements:

  • The version, which is usually v=DKIM1
  • The encryption algorithm, which is always RSA (k=rsa)
  • The public key, which is a long string of characters (p=...)
  • Optionally, some other tags that specify the service types, the testing mode, or the notes for the record (s=..., t=..., n=...)

These elements are stored as a TXT record in the domain’s DNS zone, and they are used to verify the digital signature of the emails sent from that domain. The digital signature ensures that the email has not been tampered with and that it comes from a legitimate sender.

DMARC

Type Resource record Data
txt _dmarc v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:postmaster@cnmcyber.com

Other records

Type Resource record Data
txt @ google-site-verification=NoAShLTQRVThCMTCbQtDGrBYB8JEacObhSg4DmbYwmA
txt _acme-challenge.corp QlxBC4Pv_oiA5XNoR3HtJZM8tO9ifiqTx2UucKW2xxU
txt _acme-challenge.social pr3Pw-RToXjuAs5Uebu5uDu208ZQYyAvmO3ztbAUQDY
txt _acme-challenge.talk N6-YE8SjvofQgWzVOgu1MAaJAFfoBQE1K3Ncb49fb2M

Web hosting

Location

BIND

SSL certificates

Web servers

Choice

Files

Administration

API

Choice of model