DNS Configuration Reference

From Sympl Wiki
Jump to navigation Jump to search


Sympl automatically generates (but does not currently upload) DNS files for domains, based on a template. Generated files can be found in /srv/example.com/config/dns/example.com.txt and are in TinyDNS format.

Automatic DNS updating is planned for Sympl 9.1 and Sympl 10.1, however DNS records must be updated manually at present with your DNS host.

Reading DNS Records

TinyDNS format is mainly a machine editable DNS format, which can also be partially read by users. Full explanation for the format is available in the TinyDNS documentation, however there are a number of extensions for other record types available.

Each record type is identified by the first character in the line which details what kind of record the rest of the line defines, followed by the Fully Qualified Domain Name (FQDN) for the record, and the rest of the data is separated by colons (:). In the examples below, the default Sympl TTL of 300 is used.

ID Type Example Used for
# n/a # This is a comment Used only for comments, these lines are ignored by TinyDNS.
. NS .example.com::ns1.examplehost.com:300 An NS record for example.com, pointing to ns1.examplehost.com.
& NS &delegated.example.com::ns1.otherhost.com:300 An NS delegation record for a subdomain, pointing to ns1.otherhost.com.
+ A +example.com:172.17.18.19:300 An A record for example.com to 172.17.18.19.
= A + PTR -example.com:172.17.18.19:300 An A record for example.com to 172.17.18.19. Along with matching PTR record.
3 AAAA 3example.com:20010db885a3000000008a2e03707334:300 An AAAA record for 2001:0db8:85a3::8a2e:0370:7334. Note that IPv6 records are in full format with no separators, and must be the full 16 characters long.
6 AAAA

+ PTR

6example.com:20010db885a3000000008a2e03707334:300 An AAAA record for 2001:0db8:85a3::8a2e:0370:7334, along with matching PTR record.
@ MX @example.com::mail.example.com:10:300 An MX record pointing to mail.example.com with priority 10.
' TXT 'example.com:This is an example of a TXT record:300 A TXT record of "This is an example of a TXT record". Depending on the DNS server this may be limited in length. Colons in the record must be escaped as \072.
C CNAME Cwww.example.com:example.com:300 A CNAME of www.example.com pointing to example.com.
S SRV S_sip_tcp.example.com::sip.example.com:10:20:300 An SRV record for _sip_tcp.example.com, pointing to sip.example.com, with priority 10 and weight 20.
: custom :server._domainkey.example.com:16:\037v=DKIM1;\040k=rsa;\040p=key-goes-here:300 A generic record for server._domainkey.example.com, with type 16 (TXT), \037 characters long (octal) containing the text v=DKIM1; k=rsa; p=key-goes-here. Spaces and other characters must be escaped. Needed with some hosts depending on TXT record length limits.

Example DNS File

#
#  Nameserver records.
#
.sympl.host::ns1.mythic-beasts.com:300
.sympl.host::ns2.mythic-beasts.com:300
.sympl.host::ns3.mythic-beasts.com:300

#
#  The domain name itself
#
=sympl.host:46.235.231.141:300

#
#  Useful aliases.
#
+ftp.sympl.host:46.235.231.141:300
+www.sympl.host:46.235.231.141:300
+mail.sympl.host:46.235.231.141:300

#
# A record for MX
#
+mx.sympl.host:46.235.231.141:300

#
#  The domain name itself -- AAAA record and reverse.
#
6sympl.host:2a001098008800000000000000030001:300

#
#  Useful aliases -- AAAA records only
#
3ftp.sympl.host:2a001098008800000000000000030001:300
3www.sympl.host:2a001098008800000000000000030001:300
3mail.sympl.host:2a001098008800000000000000030001:300

#
# AAAA record for MX
#
3mx.sympl.host:2a001098008800000000000000030001:300

#
# MX record -- no IP defined, as this is done separately above.
#
@sympl.host::mx.sympl.host:15:300

#
# SPF records
#
'sympl.host:v=spf1 +a +mx -all:300

#
# DKIM records
#
'default._domainkey.sympl.host:v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5d846+Kwm/+Wo5k8Y1SyV2uFHZaGETpPLeFcTV5vu9cVoP2OFnOFVVtAPQ1J8MLSVpH0mJX27sw2RGGImFWvlIVFmhX4bhk3rIwEUBuL4+jwEmk5LjIpwdZtzUVxJzJfCsE/rEdXTPohmOJI6DxDaVciVPF1UBTGFbFsUJV9tJ3FCsbbi+lGmZBtMJn9NNlfcM2uPHY2urwUKiKNi/UrrBP0fHwOlVjLGOyG1ugxbC1jsS37cpRQ8kxLoIVxJ/un4cZo3tWDqkytLDXM11DSrF/TWbS3ENCsuxHvOMuuin+AJFN3P1KIiGrGynH3f6tOEgTcS3MQ0CNPP/HuJuP+QIDAQAB:300

#
# DMARC records
#
'_dmarc.sympl.host:v=DMARC1; p=quarantine; sp=none:300

Adjusting the Time To Live

Time To Live (TTL) is a part of each record which specifies how long the record should be kept for before checking for an updated/changed copy.

The TTL for Sympl defaults to a rather low value of 300 seconds or 5 minutes, which allows you to make fairly quick changes before you increase the value once you don't need to make any changes any more. Note that not all DNS servers will respect this value, and may instead default it to a much higher value.

To change the TTL for all the records on a domain, create the file /srv/example.com/config/ttl and add the value in seconds records should be kept for.

Mail Deliverability Records

Sympl supports all three of the major mail deliverability records in DNS.

SPF

Sender Policy Framework (SPF) identifies which servers should be sending mail for a domain and takes the form of a TXT record at the root of the domain. To enable automatic SPF record generation, with a default safe value of v=spf1 +a +mx ?all create the file /srv/example.com/config/spf. If you wish to make changes to the SPF record, you can use the MXToolBox SPF Record Generator to generate or update it, and add the desired record value to the config/spf file.

DKIM

DomainKeys Identified Mail (DKIM) signs outgoing mail to prove it was sent by your server, using a public key which is held in publicly visible TXT records, and uses a 'selector' to allow multiple servers to send signed mail from the same domain. To enable DKIM in Sympl, you should create both the file /srv/example.com/config/dkim as well as the matching public key. The selector defaults to the short hostname of your server, but this can be changed by placing the relevant value in the config/dkim file.

DMARC

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an extension for SPF and DKIM which informs a receiving server what should happen to any mail which fails authentication and again takes the form of a TXT record. To enable this, create the file /srv/example.com/config/dmarc. The default record is the permissive v=DMARC1; p=quarantine; sp=none:300, but can be changed by updating the config/dmarc file. As with SPF you can use the MXToolBox DMARC Record Generator to adjust the configuration.

Configuration Reference

File or Directory Used For More
.../config/dns/ Contains generated DNS files. More...
.../config/dns/example.com.txt Automatically generated DNS file for example.com. More...
.../config/ttl Sets the 'Time To Live' for generated DNS entries in seconds. Defaults to 300 (5 min). More...
.../config/spf Enables generation of an SPF record for the domain. Defaults to v=spf1 +a +mx ?all. More...
.../config/dkim Sets the DKIM 'selector'. Defaults to the short hostname of the server. See also DKIM to enable signing of email. More...
.../config/dmarc Enables generation of a DMARC record for the domain. Defaults to v=DMARC1; p=quarantine; sp=none:300. More...

See also Configuration Reference for other configuration files.