On 08/23/2017 01:28 PM, Tom Browder wrote:
Given such a configuration described in the first paragraph, does the following set of DNS records for a domain look look appropriate:# For each domain X.TLD: X.TLD. IN A 142.54.186.2. *.X.TLD. IN CNAME X.TLD. X.TLD. IN MX 10 142.54.186.2. X.TLD. IN TXT "v=spf1 mx -all"
I would encourage you to contemplate adding DNSSEC support. DNSSEC will enable multiple other options down the road.
Further, BIND makes it trivial to have it manage most of DNSSEC for you. Don't forget your obligatory SOA and NS records for the zones themselves.You may end up adding TXT records to authenticate your site for various Google services.
Depending on what you're doing for SSL certificates, you may be interested in CAA records to publish which CA is allowed to issue certificates for you. Possibly DNS based authentication for Let's Encrypt via TXT records at the _acme-challenge.example.com name.
You may end up creating various additional TXT records for things like DMARC / DKIM.
Finally, I personally like to use Tarbaby from Junk Email Filter as a high order MX (99) to help cut down on spam.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
