doc/pages/01.administrate/03.afterinstall/03.dns/dns_config.md

114 lines
4.9 KiB
Markdown
Raw Normal View History

2020-11-11 11:47:10 +01:00
---
title: DNS zone configuration
template: docs
taxonomy:
category: docs
---
2014-06-17 22:11:38 +02:00
DNS (domain name system) is a system that converts human-readable addresses
(domain names) into machine-understandable addresses (IP). For your server to be
easily accessible by human beings, and for some services like mail to work
properly, DNS must be configured.
2014-06-17 22:11:38 +02:00
If you're using an [automatic domain](/dns_nohost_me) provided by the YunoHost Project, the configuration should be
performed automatically. If you're using your own domain name (e.g. bought via
a registrar), you should manually configure your domain on your registrar's
interface.
2017-01-24 23:05:43 +01:00
## Recommended DNS configuration
NB: Examples here use the placeholder `your.domain.tld`, you have to replace it with your real domain, such as `www.yunohost.org`.
2017-01-24 23:05:43 +01:00
YunoHost provides a recommended DNS configuration, available via:
- the webadmin, in Domain > your.domain.tld > DNS configuration;
- or the command line, `yunohost domain dns-conf your.domain.tld`
2016-02-15 18:54:04 +01:00
For specific needs or specific setups, and if you know what you're doing, you
might want or have to tweak these, or add additional ones (e.g. to handle
subdomains).
2014-06-17 22:22:15 +02:00
The recommended configuration typically looks like this:
2014-06-17 22:22:15 +02:00
2016-02-15 18:54:04 +01:00
```bash
#
# Basic ipv4/ipv6 records
#
@ 3600 IN A 111.222.33.44
* 3600 IN A 111.222.33.44
2016-02-16 12:16:24 +01:00
# (If your server is IPv6 capable, there are some AAAA records)
@ 3600 IN AAAA 2222:444:8888:3333:bbbb:5555:3333:1111
* 3600 IN AAAA 2222:444:8888:3333:bbbb:5555:3333:1111
2014-06-17 22:22:15 +02:00
#
# XMPP
#
_xmpp-client._tcp 3600 IN SRV 0 5 5222 your.domain.tld.
_xmpp-server._tcp 3600 IN SRV 0 5 5269 your.domain.tld.
muc 3600 IN CNAME @
pubsub 3600 IN CNAME @
vjud 3600 IN CNAME @
xmpp-upload 3600 IN CNAME @
2014-06-17 22:29:24 +02:00
#
# Mail (MX, SPF, DKIM and DMARC)
#
@ 3600 IN MX 10 your.domain.tld.
@ 3600 IN TXT "v=spf1 a mx ip4:111.222.33.44 -all"
mail._domainkey 3600 IN TXT "v=DKIM1; k=rsa; p=someHuuuuuuugeKey"
_dmarc 3600 IN TXT "v=DMARC1; p=none"
```
2017-01-24 23:05:43 +01:00
Though it might be easier to understand it if displayed like this:
2016-02-16 12:29:50 +01:00
| Type | Name | Value |
| :-----: | :--------------------: | :--------------------------------------------------: |
| **A** | **@** | `111.222.333.444` (your IPv4) |
| A | * | `111.222.333.444` (your IPv4) |
| AAAA | @ | `2222:444:8888:3333:bbbb:5555:3333:1111` (your IPv6) |
| AAAA | * | `2222:444:8888:3333:bbbb:5555:3333:1111` (your IPv6) |
| **SRV** | **_xmpp-client._tcp** | `0 5 5222 your.domain.tld.` |
| **SRV** | **_xmpp-server._tcp** | `0 5 5269 your.domain.tld.` |
| CNAME | muc | `@` |
| CNAME | pubsub | `@` |
| CNAME | vjud | `@` |
| CNAME | xmpp-upload | `@` |
| **MX** | **@** | `your.domain.tld.` (and priority: 10) |
| TXT | @ | `"v=spf1 a mx ip4:111.222.33.44 -all"` |
| TXT | mail._domainkey | `"v=DKIM1; k=rsa; p=someHuuuuuuugeKey"` |
| TXT | _dmarc | `"v=DMARC1; p=none"` |
2014-11-28 20:29:08 +01:00
#### A few notes about this table
2016-02-16 12:16:24 +01:00
- Not all these lines are absolutely necessary. For a minimal setup, you only need the records in bold.
- The dot at the end of `your.domain.tld.` is important ;);
- `@` corresponds to `your.domain.tld`, and e.g. `muc` corresponds to `muc.your.domain.tld`;
- These are example values ! See your generated conf for the actual values you should use;
- We recommend a [TTL](https://en.wikipedia.org/wiki/Time_to_live#DNS_records) of 3600 (1 hour). But you can use something else if you know what you're doing;
- Don't put an IPv6 record if you're not sure IPv6 really works on your server! You might have issues with Let's Encrypt if it doesn't.
2020-06-23 07:17:12 +02:00
### Reverse DNS
If your ISP or VPS provider let you define a [Reverse DNS
lookup](https://en.wikipedia.org/wiki/Reverse_DNS_lookup) for your public IPv4
and/or IPv6 addresses, you must configure it. It will prevent you to be marked as
spam by anti-spam filters.
2020-06-27 15:22:31 +02:00
**N.B. : the reverse DNS configuration happens on your Internet Service Provider or VPS provider. It is *not* handled by your domain's registrar.**
If your public IPv4 address is `111.222.333.444` and your DNS
2020-06-23 07:17:12 +02:00
domain is `domain.tld`, you should get following answer when using `nslookup`
command tool:
```shell
$ nslookup 111.222.333.444
444.333.222.111.in-addr.arpa name = domain.tld.
```
2020-06-27 15:22:31 +02:00
The diagnosis system available in the webadmin performs this checks automatically (in section Email).
2020-06-23 07:17:12 +02:00
### Dynamic IP
If your global IP address is constantly changing, follow this [tutorial](/dns_dynamicip).