Difference between revisions of "CNMCyber.com DNS"

From CNM Wiki
Jump to: navigation, search
(DKIM)
(DKIM)
Line 74: Line 74:
 
# You can change the t tag to remove the y flag, which indicates that your DKIM record is in testing mode. This flag may cause some email receivers to ignore your DKIM signature. You can either delete the t=y tag or change it to t=s to indicate that your DKIM record is in strict mode.
 
# You can change the t tag to remove the y flag, which indicates that your DKIM record is in testing mode. This flag may cause some email receivers to ignore your DKIM signature. You can either delete the t=y tag or change it to t=s to indicate that your DKIM record is in strict mode.
 
# You can add the n tag to provide a note or comment for your DKIM record. This can be useful for administrative purposes or for debugging issues. For example, you can add n=This is my DKIM record for mail._domainkey to your record.
 
# You can add the n tag to provide a note or comment for your DKIM record. This can be useful for administrative purposes or for debugging issues. For example, you can add n=This is my DKIM record for mail._domainkey to your record.
 +
 +
A DKIM DNS record is valid if it contains the following elements:
 +
* The version, which is usually v=DKIM1
 +
* The encryption algorithm, which is always RSA (k=rsa)
 +
* The public key, which is a long string of characters (p=...)
 +
* Optionally, some other tags that specify the service types, the testing mode, or the notes for the record (s=..., t=..., n=...)
 +
These elements are stored as a TXT record in the domain’s DNS zone, and they are used to verify the digital signature of the emails sent from that domain. The digital signature ensures that the email has not been tampered with and that it comes from a legitimate sender.
  
 
===DMARC===
 
===DMARC===

Revision as of 17:03, 30 December 2023

CNMCyber.com DNS is the subset of Opplet DNS that is created and administered to handle DNS records for CNMCyber.com.


Non-mail DNS records

SOA and NS

soa @ Primärer Nameserver: ns63.domaincontrol.com. 1 Stunde ns @ ns63.domaincontrol.com.

ns @ ns64.domaincontrol.com.

A

a @ 207.244.231.53
a cert 207.244.231.53
a corp 188.34.147.106
a dash-status 188.34.147.107
a influxdb 188.34.147.107
a lab 207.244.231.53
a mail 188.34.147.106
a monitor 188.34.147.107
a next 5.9.40.148
a npm 188.34.147.107
a page 88.99.214.92
a pass 188.34.147.107
a portainer 188.34.147.107
a social 188.34.147.106
a status 188.34.147.107
a talk 188.34.147.106
a tube 207.244.231.53
a wiki 207.244.231.53

AAAA

CNAME

cname d6seqr27awll.mail.cnmcyber.com gv-xwlt4chigzes6a.dv.googlehosted.com. 1 Stunde cname www cnmcyber.com. 1 Stunde cname _domainconnect _domainconnect.gd.domaincontrol.com. 1 Stunde

Mail DNS records

MX

mx @ mail.cnmcyber.com.
mx next.cnmcyber.com mail.next.cnmcyber.com.

SPF

txt @ v=spf1 a mx ip4:188.34.147.106 ~all

DKIM

txt mail._domainkey (legacy) v=DKIM1; h=sha256; k=rsa; t=y; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYkGdTezRjLEjaicGQSfVyD30bp8P3Ezmv08cFwuDsOg+8zQCNNP8qXYZ0gYo6PQSU+E2yznlSBebwouMVhHjs4+4n+s3KxoJ3wr/fIL+hztwpJ5OArEx7U9CtJMn5GKkLRT1oCmaIk77yLQN2X4ibHs8YbwZIuCMw8qq6BAMzEMLcqMjh22CYgUO4psPOs+GegwT4AvbFgoJ9yYyB+LoSE9f1w0vSVB1qdSrEUyDevnzKgmzJB1fIn/XmxgAVT+Yoa4FhsLTExCzrNf8o52GpBK+tz4O0s3bBz+EJbO5PA3ik/0GpIPrj4mAz3Xoqv+z2WQRNimI9Wv/EyA9pIU1wIDAQAB;
txt mail._domainkey "v=DKIM1; h=sha256; k=rsa; t=y; " "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu88YzniPNK8Dolkeb5ZJ3m2ugbZu8BYt0S8iPzns1RlqoCzkUNebfMOI4BxfzHyvFu7zP89Zsqy3amNiBIX1i/w4j6uULmgNm9MAWt99Bxy9sZOORhSC6jz5T16tehmLjbXd3L4LwPVP4OE9CmMgFL/rSp5ytKRp2mXGAH+0hEZk8TVh5AeLcMSCka4IIxIaFDeMJs5mjmMMKy" "9mt6sTfH8yH09yFEuPepKSr/IO/ENGUVnjr4KOTTWI1BGnQDN1JVxRx88eY1btlzfs2gX5tCYSlhlZOwfFshobr9xb2RgW4b8Q/8SuqJ6XAt9CeuoJJjHxVL1B/C0fPCaFPJzUEQIDAQAB"

Your DKIM record seems to be valid, but there are some optional tags that you can add or modify to improve your email authentication. Here are some suggestions:

  1. You can add the s tag to specify the service types that your DKIM record applies to. For example, if you only use your domain for email, you can add s=email to your record.
  2. You can change the t tag to remove the y flag, which indicates that your DKIM record is in testing mode. This flag may cause some email receivers to ignore your DKIM signature. You can either delete the t=y tag or change it to t=s to indicate that your DKIM record is in strict mode.
  3. You can add the n tag to provide a note or comment for your DKIM record. This can be useful for administrative purposes or for debugging issues. For example, you can add n=This is my DKIM record for mail._domainkey to your record.

A DKIM DNS record is valid if it contains the following elements:

  • The version, which is usually v=DKIM1
  • The encryption algorithm, which is always RSA (k=rsa)
  • The public key, which is a long string of characters (p=...)
  • Optionally, some other tags that specify the service types, the testing mode, or the notes for the record (s=..., t=..., n=...)

These elements are stored as a TXT record in the domain’s DNS zone, and they are used to verify the digital signature of the emails sent from that domain. The digital signature ensures that the email has not been tampered with and that it comes from a legitimate sender.

DMARC

txt _dmarc v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:postmaster@cnmcyber.com

Other mail records

txt @ google-site-verification=NoAShLTQRVThCMTCbQtDGrBYB8JEacObhSg4DmbYwmA
txt _acme-challenge.corp QlxBC4Pv_oiA5XNoR3HtJZM8tO9ifiqTx2UucKW2xxU
txt _acme-challenge.social pr3Pw-RToXjuAs5Uebu5uDu208ZQYyAvmO3ztbAUQDY
txt _acme-challenge.talk N6-YE8SjvofQgWzVOgu1MAaJAFfoBQE1K3Ncb49fb2M

Web hosting

Location

BIND

SSL certificates

Web servers

Choice

Files

Administration

API

Choice of model