Difference between revisions of "CNMCyber.com DNS"
(→DKIM) |
(→DKIM) |
||
Line 74: | Line 74: | ||
# You can change the t tag to remove the y flag, which indicates that your DKIM record is in testing mode. This flag may cause some email receivers to ignore your DKIM signature. You can either delete the t=y tag or change it to t=s to indicate that your DKIM record is in strict mode. | # You can change the t tag to remove the y flag, which indicates that your DKIM record is in testing mode. This flag may cause some email receivers to ignore your DKIM signature. You can either delete the t=y tag or change it to t=s to indicate that your DKIM record is in strict mode. | ||
# You can add the n tag to provide a note or comment for your DKIM record. This can be useful for administrative purposes or for debugging issues. For example, you can add n=This is my DKIM record for mail._domainkey to your record. | # You can add the n tag to provide a note or comment for your DKIM record. This can be useful for administrative purposes or for debugging issues. For example, you can add n=This is my DKIM record for mail._domainkey to your record. | ||
+ | |||
+ | A DKIM DNS record is valid if it contains the following elements: | ||
+ | * The version, which is usually v=DKIM1 | ||
+ | * The encryption algorithm, which is always RSA (k=rsa) | ||
+ | * The public key, which is a long string of characters (p=...) | ||
+ | * Optionally, some other tags that specify the service types, the testing mode, or the notes for the record (s=..., t=..., n=...) | ||
+ | These elements are stored as a TXT record in the domain’s DNS zone, and they are used to verify the digital signature of the emails sent from that domain. The digital signature ensures that the email has not been tampered with and that it comes from a legitimate sender. | ||
===DMARC=== | ===DMARC=== |
Revision as of 17:03, 30 December 2023
CNMCyber.com DNS is the subset of Opplet DNS that is created and administered to handle DNS records for CNMCyber.com.
Contents
Non-mail DNS records
SOA and NS
soa @ Primärer Nameserver: ns63.domaincontrol.com. 1 Stunde ns @ ns63.domaincontrol.com.
ns @ ns64.domaincontrol.com.
A
a | @ | 207.244.231.53 |
a | cert | 207.244.231.53 |
a | corp | 188.34.147.106 |
a | dash-status | 188.34.147.107 |
a | influxdb | 188.34.147.107 |
a | lab | 207.244.231.53 |
a | 188.34.147.106 | |
a | monitor | 188.34.147.107 |
a | next | 5.9.40.148 |
a | npm | 188.34.147.107 |
a | page | 88.99.214.92 |
a | pass | 188.34.147.107 |
a | portainer | 188.34.147.107 |
a | social | 188.34.147.106 |
a | status | 188.34.147.107 |
a | talk | 188.34.147.106 |
a | tube | 207.244.231.53 |
a | wiki | 207.244.231.53 |
AAAA
CNAME
cname d6seqr27awll.mail.cnmcyber.com gv-xwlt4chigzes6a.dv.googlehosted.com. 1 Stunde cname www cnmcyber.com. 1 Stunde cname _domainconnect _domainconnect.gd.domaincontrol.com. 1 Stunde
Mail DNS records
MX
mx | @ | mail.cnmcyber.com. |
mx | next.cnmcyber.com | mail.next.cnmcyber.com. |
SPF
txt | @ | v=spf1 a mx ip4:188.34.147.106 ~all |
DKIM
txt | mail._domainkey (legacy) | v=DKIM1; h=sha256; k=rsa; t=y; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYkGdTezRjLEjaicGQSfVyD30bp8P3Ezmv08cFwuDsOg+8zQCNNP8qXYZ0gYo6PQSU+E2yznlSBebwouMVhHjs4+4n+s3KxoJ3wr/fIL+hztwpJ5OArEx7U9CtJMn5GKkLRT1oCmaIk77yLQN2X4ibHs8YbwZIuCMw8qq6BAMzEMLcqMjh22CYgUO4psPOs+GegwT4AvbFgoJ9yYyB+LoSE9f1w0vSVB1qdSrEUyDevnzKgmzJB1fIn/XmxgAVT+Yoa4FhsLTExCzrNf8o52GpBK+tz4O0s3bBz+EJbO5PA3ik/0GpIPrj4mAz3Xoqv+z2WQRNimI9Wv/EyA9pIU1wIDAQAB; |
txt | mail._domainkey | "v=DKIM1; h=sha256; k=rsa; t=y; " "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu88YzniPNK8Dolkeb5ZJ3m2ugbZu8BYt0S8iPzns1RlqoCzkUNebfMOI4BxfzHyvFu7zP89Zsqy3amNiBIX1i/w4j6uULmgNm9MAWt99Bxy9sZOORhSC6jz5T16tehmLjbXd3L4LwPVP4OE9CmMgFL/rSp5ytKRp2mXGAH+0hEZk8TVh5AeLcMSCka4IIxIaFDeMJs5mjmMMKy" "9mt6sTfH8yH09yFEuPepKSr/IO/ENGUVnjr4KOTTWI1BGnQDN1JVxRx88eY1btlzfs2gX5tCYSlhlZOwfFshobr9xb2RgW4b8Q/8SuqJ6XAt9CeuoJJjHxVL1B/C0fPCaFPJzUEQIDAQAB" |
Your DKIM record seems to be valid, but there are some optional tags that you can add or modify to improve your email authentication. Here are some suggestions:
- You can add the s tag to specify the service types that your DKIM record applies to. For example, if you only use your domain for email, you can add s=email to your record.
- You can change the t tag to remove the y flag, which indicates that your DKIM record is in testing mode. This flag may cause some email receivers to ignore your DKIM signature. You can either delete the t=y tag or change it to t=s to indicate that your DKIM record is in strict mode.
- You can add the n tag to provide a note or comment for your DKIM record. This can be useful for administrative purposes or for debugging issues. For example, you can add n=This is my DKIM record for mail._domainkey to your record.
A DKIM DNS record is valid if it contains the following elements:
- The version, which is usually v=DKIM1
- The encryption algorithm, which is always RSA (k=rsa)
- The public key, which is a long string of characters (p=...)
- Optionally, some other tags that specify the service types, the testing mode, or the notes for the record (s=..., t=..., n=...)
These elements are stored as a TXT record in the domain’s DNS zone, and they are used to verify the digital signature of the emails sent from that domain. The digital signature ensures that the email has not been tampered with and that it comes from a legitimate sender.
DMARC
txt | _dmarc | v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:postmaster@cnmcyber.com |
Other mail records
txt | @ | google-site-verification=NoAShLTQRVThCMTCbQtDGrBYB8JEacObhSg4DmbYwmA |
txt | _acme-challenge.corp | QlxBC4Pv_oiA5XNoR3HtJZM8tO9ifiqTx2UucKW2xxU |
txt | _acme-challenge.social | pr3Pw-RToXjuAs5Uebu5uDu208ZQYyAvmO3ztbAUQDY |
txt | _acme-challenge.talk | N6-YE8SjvofQgWzVOgu1MAaJAFfoBQE1K3Ncb49fb2M |