Hope someone can help...
I have two websites, on two different Droplets (with different IP addresses) hosted on Digital Ocean.
Both websites use the same domain, the first website is mysite.com and second website is example.mysite.com
I need to edit my SPF record so it can allow both IP Addresses to to use the domain mysite.com
When I use the correct IP Address the SPF record below works (for one of the websites).
v=spf1 ip4:167.XX.XXX.40 include:spf.protection.outlook.com -all
Let's say one droplet IP address is: 167.XX.XXX.40 and the other IP address is 167.XX.XXX.247
How would I add both to the same SPF record?
You would just include it after your first IP address. So
ip4:167.XX.XXX.40 ip4:167.XX.XXX.247
in that line you show
Note: I looked at mine and I have the letter 'a' before those and I don't recall what the "a" is for.
Related
I signed up to Cloudflare, and got nameservers assigned, but within my registrar's DNS settings, I need to enter an IP address along with each NS. I tried using random addresses from this page, but my registrar won't take subnet masks (/<number> after the IP). The site this is for is hosted with WP Engine.
What IP addresses should I use along with each Cloudflare NS on my registrar's DNS settings. TIA.
When moving to Cloudflare you can't merely set an NS DNS record, you actually need to move your Authoritative Name Server to Cloudflare.
An NS record is used to delegate a subdomain to a set of name servers, but in order to use Cloudflare you need to actually delegate the Name Servers of your domain to Cloudflare.
There are tutorials on how you can do this on the Cloudflare Help Centre: How do I change my domain nameservers?
One workaround I've found was to use https://www.whatsmydns.net or ping the NS, then I entered the IP addresses I had found.
On Cloudflare DNS setting page it state that An A, AAAA, CNAME, or MX record is pointed to your origin server exposing your origin IP address.
I have an MX record on my domain pointing to mail.mydomain.com. I believe it is something needed for the mail to work. How can I prevent it from exposing my origin IP address?
CloudFlare forwards your traffic through their network by replacing the IP in DNS records with CloudFlare's IP. This process works well in all situation except mail servers. CloudFlare does not offer any service for forwarding mail and as such when you take a MX record and point it to a CloudFlare forwarded domain, CloudFlare will give away server's real IP.
Instead a better practice is to use a third party mail service (such as Zoho, or Google Apps, etc.), or have your mail server running on a different IP. You can then point the MX record to the new record or mail server not located on your machine, and keep the real IP hidden safely.
Good luck
1 of 2 solutions:
Delete the MX record that CloudFlare uses. (Since they don't use it anyway.)
Replace your MX domain text (mail.example.com) with its domain IP numbers (44.123.12.44). Then CloudFlare WILL replace it correctly.
I'm not sure why mail-servers IP addresses should be kept top-secret. It's pretty easy to guess that example.com often will use mail.example.com. And email NEEDS to know the address anyway... otherwise it won't function.
I always thought a domain was a collection of machines related in some way. When I ping a domain name, like google.com, how come just one IP address is returned? What is this IP referring to?
To quote centos.org BIND documentation:
Zone File Resource Records
...
A — Address record, which specifies an IP address to assign to a name.
<host> IN A <IP-address>
Figure 14-7. Sample A record configuration
If the <host> value is omitted, then an A record points to a default IP address for the top of the namespace. This system will be the target of all non-FQDN requests.
Consider the following A record examples for the domain.com zone file:
IN A 10.0.1.3
server1 IN A 10.0.1.5
In the above, 10.0.1.3 is the IP of the domain. E.g. if the above was the zone file for domain example.com, ping example.com would ping 10.0.1.3. Each domain has this "default" IP address and, as is the case with server1 above, other IPs.
As a side note, you can have multiple IPs pointed by the same DNS name - this is used for load balancing (see e.g. this or this). To see this, doo nslookup google.com.
A domain name is simply a human-friendly pointer to an IP address.
The IP address is referring to the address of the machine that particular domain name points to. This is determined by using DNS.
Some larger domains, like google.com, do indeed have many IP addresses associated with them, for redundancy reasons. Because these additional IP addresses are assumed to return the same content, most programs, including ping, just return an arbitrary one. If you wanted to see all these IP address, you can use the dig program.
For example, let's say I have domain.com. Can I configure http://subdomain1.domain.com to be hosted on http://www.squarespace.com and http://subdomain2.domain.com to be hosted on http://www.discountasp.net/?
Yes. Set the A record of subdomain1 to point to the IP of your site at squarespace.com and the A record for subdomain2 to point to the IP being hosted at discountasp.net.
Yes - either use a CNAME record and point it to each of those domains, or an A record for the full domain (subdomain1.domain.com) pointed at the IP address you need.
Lets say that I purchased a new domain (somedomain.com) from a domain registar and I wanted to setup my own nameserver on a server that has two IP addresses.
First I buy the domain.
I get the server.
install BIND9.
I login to the server and prepare the DNS records for NS1.SOMEDOMAIN.COM and NS2.SOMEDOMAIN.COM.
Where do I set these up in BIND and how should I do it?
Next Step:
Go back to the domain registar and set the DNS to point to NS1.SOMEDOMAIN.COM and NS2.SOMEDOMAIN.COM.
Is it a bad thing if the domain that I am forwarding is pointed to its OWN nameserver domain? Should I change this? How does it know where NS1 and NS2 go when both subdomains are apart of the domain that is being forwarded to them?
Should I just use the DNS provided by my registar and make two CNAME record entries for NS1 and NS2 to point to the server ips of the newly created DNS server? Would this work?
Can anyone explain this process to me? Thanks.
Do add the following step which is crucial to using your name servers in the WHOIS record:
Step 5: Go back to your registrar (wherever you bought the domain in step 1) and create the special NameServer records in their administrative control panel; for example, on godaddy.com, you need to go to advanced > hosts and there you can set up ns1 to point to the IP address of your server (step 2).
You will need to do the same for ns2.
This will vary from registrar to registrar, consult their documentation or contact customer support.
Step 6: Update the WHOIS record to reflect your new nameservers.
Where do I set these up in BIND and how should I do it?
You would set these up in the domain's zone record, not unlike this:
yourdomain.com. IN SOA ns1.yourdomain.com. you.yourdomain.com. (
1032789388
10800
3600
604800
300 )
yourdomain.com. IN NS ns1.yourdomain.com.
yourdomain.com. IN NS ns2.yourdomain.com.
ns1.yourdomain.com. IN A xxx.xxx.xxx.xxx
ns2.yourdomain.com. IN A yyy.yyy.yyy.yyy
Is it a bad thing if the domain that I am forwarding is pointed to its OWN nameserver domain? Should I change this?
Running DNS from the same domain is fine.
How does it know where NS1 and NS2 go when both sub-domains are apart of the domain that is being forwarded to them?
See Step 5 above - your registrar handles this bit, registering your name servers and allowing them to participate in the 'net.
Should I just use the DNS provided by my registar and make two CNAME record entries for NS1 and NS2 to point to the server ips of the newly created DNS server? Would this work?
This would not work as you would still need to do Step 5; to be honest, I'm not sure what would happen if you did not serve the DNS for ns1 off of the same host.
Additional note:
While you CAN run one DNS server for both ns1 and ns2, it is not recommended.
Usually you want your secondary (slave) DNS server to be as far away as possible from your primary (master) DNS server... located in a different country is usually the best.
But, there is nothing technically preventing you from using two different IPs on the same physical hardware.