Maddy: Difference between revisions
imported>Onny mNo edit summary |
imported>Onny Add info about configuring rDNS |
||
| Line 76: | Line 76: | ||
Now that your server also runs a DNS daemon besides the mail server, you have to configure it as the external nameserver of your domain <code>example.org</code>. Please consult your domain provider on how to do that. | Now that your server also runs a DNS daemon besides the mail server, you have to configure it as the external nameserver of your domain <code>example.org</code>. Please consult your domain provider on how to do that. | ||
=== rDNS === | |||
It is important that the public facing IP of your mail server resolves to the MX domain name. This is something you would normally configure on your server provider site. You can check if it's resolving correctly by running this command | |||
<syntaxhighlight lang="console"> | |||
# nix shell nixpkgs#bind --command dig -x 1.2.3.4 | |||
</syntaxhighlight> | |||
Replace the IP <code>1.2.3.4</code> with the IP of your mail server. | |||
=== MTA-STS & DANE === | === MTA-STS & DANE === | ||
| Line 106: | Line 115: | ||
Using a TLSA (DANE) record is recommended to bind TLS-certificates to a server. You can generate the key using following command | Using a TLSA (DANE) record is recommended to bind TLS-certificates to a server. You can generate the key using following command | ||
<syntaxhighlight lang="console"> | <syntaxhighlight lang="console"> | ||
nix shell nixpkgs#hash-slinger --command tlsa --create example.org | # nix shell nixpkgs#hash-slinger --command tlsa --create example.org | ||
</syntaxhighlight> | </syntaxhighlight> | ||