-
Notifications
You must be signed in to change notification settings - Fork 21
DNS Configuration
Springcomp edited this page Feb 8, 2026
·
2 revisions
Please note that DNS changes could take up to 24 hours to propagate. In practice, it's a lot faster though (~1 minute or so in our test). In DNS setup, we usually use domain with a trailing dot (
.) at the end to to force using absolute domain.
You will need to setup the following DNS records:
- A: Maps your domain to your server's IPv4 address.
- AAAA: Maps your domain to your server's IPv6 address.
- MX: Directs incoming emails to your mail server (Supports wildcard subdomains).
- PTR: Maps your server's IP address back to your domain name.
Set up mandatory security policies:
- DKIM: Digitally signs outgoing emails to verify authenticity.
- DMARC: Defines how email receivers should handle messages failing authentication.
- SPF: Authorizes specific mail servers to send emails from your domain.
Additional steps:
- CAA: Specifies which certificate authorities are allowed to issue SSL certificates for your domain.
- MTA-STS: Enforces secure, encrypted connections between mail servers.
- TLS-RPT: Reports TLS connection failures to improve email delivery security.
Warning: setting up a CAA record will restrict which certificate authority can successfully issue SSL certificates for your domain. This will prevent certificate issuance from Let’s Encrypt staging servers. You may want to differ this DNS record until after SSL certificates are successfully issued for your domain.