Special DNS account (DNS). Posta: Setting up DNS records for Yandex.Poshta - Dovidkovy center Timeweb
For correct work The mail server is respectful and the DNS zone has been configured correctly. We have already discussed several aspects related to the DNS system, and today we will discuss this in more detail. The adjustment of the DNS zone should be carried out before the preparatory operations before the launch of the mail server, and the effectiveness of the e-mail system should be kept in mind.
Incorrect settings This will lead to the fact that the mail will be impossible to deliver to your mail server or the owner’s servers will handle your mail. Is it possible that your zone records do not interfere with information about the mail server where mail is sent? To the village of Didusevi? You can, of course, ask to configure the DNS zone of your provider, or better yet, do it yourself.
What do we need? Provide an IP address (for example, 11.22.33.44), which you are responsible for obtaining from your provider. A domain name (for example, example.com), which can be registered with any registrar or their partner. When registering with a partner, check that you have access to manage the DNS zone, otherwise you will end up spending extra hours, nerves and money transferring the domain to the registrar.
If you already have a domain and, first of all, on a new functioning website, check that it is possible to manage the DNS zone from the hosting provider's panel; otherwise, it is better to transfer the domain to the registrar, for which you will be supported by the provider.
Well, our domain is є. What records are in my DNS zone? First of all, the SOA record is the description of the zone. We will not analyze all the records in detail, but go beyond the scope of our statistics, otherwise it would be necessary to make secret statements about them. Also at fault are two NS records that point to name servers ( DNS servers) This domain will be served by a registrar server or a hosting provider.
The first entry that needs to be added will be an A entry or a name entry. You must indicate the IP address of your server if you want to serve all requests to your domain or the IP address of your hosting provider if you want to host your site on hosting. When hosting a site with a hoster, the domain must be delegated to your DNS server (valid NS records are registered) and a record will be created automatically when parking the domain.
This option is most often used, but if necessary, you can create a record yourself in the future. Denmark entry I can see
Example.com. IN A 22.11.33.44
Our application has 11.22.33.44 to the address of our hosting provider, who has a site that has been developed. Revert the respect to the dot at the end of the name, which indicates that the name is absolute, if the dot is present, the name is respected as relevant and the domain name is added to the SOA. You can verify the entry using the command nslookup.
To operate the mail server, you need to create an MX record, which is necessary to indicate to our mail server. For whom we make a note:
Example.com. IN MX 10 mail.example.com.
You can also simply write:
Example.com. IN MX 10 mail
This name (without a dot at the end) example.com will be added automatically. The number 10 indicates the priority of the server; the lower the priority, the higher the priority. Before speaking, the DNS zone can also contain an MX record like:
Example.com. IN MX 0 example.com.
Typically, this record is automatically created by the hosting provider when it is placed on the site and needs to be deleted.
Now we can create A record for mail.example.com
Mail.example.com. IN A 11.22.33.44
Now all mail for the example.com domain is sent directly to the mail host at the address 11.22.33.44, so that your mail server, at the same time, the example.com site will continue to process on the provider’s server at the address 22.11.33.44.
You can use the power supply, but why can’t you immediately enter the IP address of the mail server in the MX records? In principle, it is possible to do this anyway, but it does not comply with DNS specifications.
You can also create aliases for the mail server like pop.example.ruі smtp.example.ru. What is required? It is important to prevent clients from being blinded by the specifics of your infrastructure by specifying the settings once. Let’s assume that your company has grown and needs a mail server to serve external clients. mail1, All you need is to change two DNS records, clients and not mark who is working with the new server. To create aliases, records of the CNAME type are used:
Pop IN CNAME mail.example.com.
smtp IN CNAME mail.example.com.
At this point, the configuration of the direct DNS zone can be completed, and the one that is available - the gate zone - will be lost. The gate zone is managed by a provider, who has provided you with IP addresses and you cannot manage it yourself (unless you are in control of the IP address block). However, it is necessary to add at least one entry to the gate zone. As we wrote in the previous article, many mail servers check the PTR record (gate zone records) for the forwarding server and, if there is any discrepancy with the domain of the directory, such a sheet will be removed. So ask your provider to provide you with a record like:
44.33.22.11.in-addr.arpa. IN PTR mail.example.com.
It looks a little wonderful, isn’t it? Let's take a closer look at the PTR structure. For the reversal of vikory names, a special domain is created upper level in-addr.arpa. This is designed in order to use the same software mechanisms for direct and reverse transformation of names. On the right is that mnemonic names are written left to right, and IP addresses are written from right to left. So mail.example.com. means that host mail is in the example domain, which is in the top-level domain com., 11.22.33.44 means that host 44 is in subdivision 33, which is part of subdivision 22, which is in subdivision 11. To save In order of PTR record, I will replace the IP address "back to front" additions with the upper level domain in-addr.arpa.
You can also check the MX and PTR records using the command nslookup vicoristuchi additional parameter -type=MX or else -type = PTR
Well, it’s really important to forget that any changes in DNS zones are made not by Mitto, but over the course of many years or by making the necessary changes to make more changes to the light DNS system. This means that regardless of the fact that your mail server is no longer operational 2 years after making changes, your partner’s mail may not work for you for more than three hours.
DNS is a chain of stores of digital and consumer equipment, which is widely represented in Russia. The stores have a wide selection of goods. On the official DNS website you can select and add any product in the comfort of your own home. You can pick up your purchase at a designated store (the purchase will be prepared by the store manager before the appointed hour) or arrange delivery. To maximize the resource's capabilities, there is a handy “special account” service. There is a customer support service, which can be contacted through a special form to request a call back.
Possibilities of the special office of the DNS
To gain access to a special account, you must register on the site. For this you will need to enter your email address and create a password. It is important to indicate a valid box, as confirmation of the designated address is required to complete the registration process in the obligatory order. After completing this request, you must indicate your mobile number (this item is not obligatory). Notifications about the change in the status of the in-line order will be sent to the confirmation number. Once the registration process is completed, you can enter a special office and explore all your possibilities.The service operates in batch mode. Vіn allows you to draw up orders for goods presented on the site, and confirm them. also in special office You can activate your card to become a member bonus program. To pick up a card you need to enter a number mobile phone to the spіvrobitnik in any store in the border (you can see it without cats, about 5 rocks). At any time in your account you can see the number of bonus points and the history of their registration. Also, members of special offices can access all shares and other prominent offers and new products of the company. Current information can be sent to your phone or email, Which are linked to the account.
For additional services, you can ask the nutrition service technical support chat online. The history of transactions and payments is saved. On this platform, the company’s professional accountant forms compelling individual proposals for registering clients
IN present moment Vikorostana mail on a domain in Yandex as part of the Yandex.Connect service.
4. Find the domain for which you plan to make changes, click on the gear icon and select “Adjust DNS”.
5. Click on “Add DNS record”, select “TXT” and enter the record found in Yandex.Connect. 
As a rule, it takes 10-15 minutes for the changes to take effect.
7. After the changes are saved, click “Start verification” in Yandex.Connect. Check for confirmation of the domain (as a rule, it takes a lot of effort).
8. Set up DNS records for the domain following the instructions below.
MX record
SPF entry
2. Find the domain for which you plan to make changes, click on the gear icon and select “Adjust DNS”.
3. Delete existing TXT records (copy the values of the SPF record first if you plan to send mail from the servers assigned to it).
V = spf1 ip4: IP1 ip4: IP2 ip4: IP3 include: _spf.yandex.net ~ all
de IP1, IP2, IP3 - IP addresses of additional servers.
6. Save changes using the “Add” button.
DKIM signature
1. Retrieve a TXT record with a public key in Yandex.Connect:
- Open the Post Administration page.
- Go to the "DKIM signature" tab.
- Copy the DKIM signature for the required domain.
2. Find the domain for which you plan to make changes, click on the gear icon and select “Adjust DNS”.
3. View existing MX records.
4. Click on “Add DNS record”, select “MX” and in the window, select the “Yandex.Mail” item:
5. Save changes using the “Add” button.
6. Check until the change in DNS takes effect. This process can take up to 72 years.
SPF entry
2. Find the domain for which you plan to make changes, click on the gear icon and select “Adjust DNS”.
3. Delete existing TXT records (copy the values of the spf record first if you plan to send mail from the servers assigned to it).
4. Click on “Add DNS record”, select “TXT” and in the window, place the following values:
V = spf1 redirect = _spf.yandex.net
5. If you want to send sheets from more than just Yandex servers, specify additional servers in this format:
V = spf1 ip4: IP-1 ip4: IP-2 ip4: IP-3 include: _spf.yandex.net ~ all
de IP-1, IP-2, IP-3 - IP addresses of additional servers.
6. Save changes using the “Add” button.
7. Check until the change in DNS takes effect. This process can take up to 72 years.
DKIM signature
2. Find the domain for which you plan to make changes, click on the gear icon and select “Adjust DNS”.
3. Click on “Add DNS record” and select “TXT”.
4. In the setup window, enter “mail._domainkey” in the “Host” field and enter the DKIM parameters with the public key captured in Mail for the domain in the “Values” field. For example, "v = DKIM1; k = rsa; t = s; p = MIGfMA0GCSEBtaCOteH4EBqJlKpe ..."
5. Save changes using the “Add” button.
6. Check until the change in DNS takes effect. This process can take up to 72 years.
CNAME record
2. Find or create a mail.your_domain subdomain and click on the gear icon.
3. Click on “Add DNS record” and select “CNAME”.
4. In the window, enter the value "domain.mail.yandex.net":
5. Save changes using the “Add” button.
6. Check until the change in DNS takes effect. This process can take up to 72 years.
- no marks
3. View existing MX records.
4. Click on “Add DNS record”, select “MX” and in the window, select the item Mail.ru:
5. Save changes using the “Add” button.
6. Check until the change in DNS takes effect. This process can take up to 72 years.
SPF entry
2. Find the required domain, click on the gear icon and select “DNS settings”.
3. Delete existing TXT records that begin with v = spf1 (copy the values of the spf record first if you plan to send mail from the servers assigned to it).
4. Click on “Add DNS record”, select “TXT” and in the window, place the following values:
V = spf1 redirect = _spf.mail.ru
5. If you want to send lists from more than just Mail.ru servers, specify additional servers in this format:
V = spf1 ip4: IP1 ip4: IP2 ip4: IP3 include: _spf.mail.ru ~ all
de IP-1, IP-2, IP-3 - IP addresses of additional servers.
6. Save changes using the “Add” button.
7. Check until the change in DNS takes effect. This process can take up to 72 years.
DKIM signature
2. Find the required domain, click on the gear icon and select “DNS settings”.
3. Click on “Add DNS record” and select “TXT”.
4. Vіkna has set up:
- enter in the "Host" field mailru._domainkey
- In the "Values" field, enter the DKIM parameters obtained in the special account https://biz.mail.ru/ in the "" section.
It’s a mystery to me why the primitive configuration of the mail server for the rich system administrators This is a serious problem. Tim is not a mensch, that's all. I would never have dreamed of writing about this whole article, but judging by the incredible quantity of food, it is still necessary to earn money. The most difficult ones are the basic DNS records for the mail server, so we’ll talk about them.
If you like the topic of mail servers, I recommend that you go to relevant tags on my blog - i.
The article examines basic records that are either necessary or essential for the normal functioning of the mail server.
Well, now it’s time to figure out what needs to be done before creating records.
Purchasing a domain name
You need to start by purchasing a domain name. It’s not as difficult as it is to build and not as expensive. A new domain in the.ru-zone can cost no more than 100-200 rubles.
As soon as you purchase a domain, you can start creating records. All registrars have different admin panels, but knowing the theory, the specifics of adding records are as simple as shelling pears.
Note: If you specify an A-record, which requires a CNAME when it is created, some registrars may need to enter the A-record completely with a dot (for example, record.bissquit.com.), and some may be able to enter just a part of the domain (just record without anything, as if in the first place).
I would like to immediately inform you that the extensive creation of records takes nearly an hour, which amounts to 15 minutes or up to several years (or in theory it will be possible, but it never happened).
A
First of all, we need to create the main A-record, which will be indicated on the external address of your mail server. Any options are acceptable, but you should choose something similar to mail.domain.tld or else mx1.domain.tld. If you are using a powerful bind DNS server, the A-record in the middle of the zone might look like this:
Shell
mail IN A 1.2.3.4
mail IN A 1.2.3.4 |
This entry will be marked with MX.
MX
Tsya entry is translated as mail-exchanger And, most importantly, it is the main one for mail servers. Such recordings can be made and the skin from them must be given priority - the smaller the number, the higher the priority. Why do you become a vikorist? The main rank for the identification of blackness is up to MX-records, as they are their records.
It often happens that a number of MX records for the same domain have the same priority. In this case input traffic will be evenly balanced between servers.
Note: Strictly speaking, finding an associated MX record for your server is not that difficult. You can send mail without problems and the servers of the target domain will reject it. Of course, when servers accept mail, it will be classified as spam, since domains sent without MX are immediately labeled as suspicious. Problems can also arise with the delivery of mail, although in theory the delivery of the message to the MX record must be linked to the main A-record of the domain (see RFC 5321).
If you look into the architecture of mail solutions, then often the MX record points to a mail-relay or antispam server (spamassasin, for example, or Exchange Server Edge), and not to the end mail server, which saves input / output sheets. This is a completely reasonable approach if one server acts as a backend to the border gateway, and the other, with critically important data for business, acts as a backend. I will say more - this is best practice.
How much MX is required for happiness
An astute reader may come up with a very interesting thought: “What’s better - two MX records or one MX record, or is it applied to two A-records?” Visually the axis looks like this:
At times b. it turns out to be a kind of Round Robin. Ale, just to highlight the nuances, option a. similar! However, the new priority of MX records will provide the same function.
Prote, and in this situation the rich people have doubts. The main idea is that in time b. If the server sends the first attempt to send a message to a non-working server, then it will try the next time, after a timeout. This is fundamentally incorrect - it will try to send to another server using the RR type. This demonstrates a basic experiment.
If the request indicates that the servers in option b are offended, then the next entry in the smtp session will occur when you try to send a list to them ( Queued mail for delivery- sheet accepted before delivery):
Shell
Feb 14 13:57:37 mail postfix/smtp: ACF0D140073: to = |
For whatever reason, one of the servers connected and the side that connected lost the first try to the new one, and then immediately tried to send mail to another server in the same way (after Connection timed out The first time I went away I tried a friend):
Shell
Feb 14 14:02:16 mail postfix / smtp: connect to mail.domain.tld: 25: Connection timed out Feb 14 14:02:17 mail postfix / smtp: 35E8F140073: to =
Feb 14 14:02:16 mail postfix / smtp: connect to mail.domain.tld: 25: Connection timed out Feb 14 14:02:17 mail postfix/smtp: 35E8F140073: to = |
Note: If anyone has a problem choosing the “correct” MX hierarchy, you can go to the DNS - MX, A, TLL and mail server topic on the Technet forums. The example with the dispatch logs was taken by the author herself, and I am also the author.
And now let’s turn from theory to practice and wonder how to go about checking with great public figures postal services:
Shell
# Dig -t MX mail.ru + short 10 mxs.mail.ru. # Dig -t A mxs.mail.ru + short 94.100.180.104 94.100.180.31 # # # dig -t MX yandex.ru + short 10 mx.yandex.ru. # Dig -t A mx.yandex.ru + short 213.180.204.89 77.88.21.89 213.180.193.89 87.250.250.89 93.158.134.89
# Dig -t MX mail.ru + short # Dig -t A mxs.mail.ru + short # Dig -t MX yandex.ru + short 10 mx.yandex.ru. # Dig -t A mx.yandex.ru + short |
Mail and Yandex use the same option for their services with RR for A-records, and the Google axis is silent:
Shell
# Dig -t MX gmail.com + short 5 gmail-smtp-in.l.google.com. 20 alt2.gmail-smtp-in.l.google.com. 30 alt3.gmail-smtp-in.l.google.com. 40 alt4.gmail-smtp-in.l.google.com. 10 alt1.gmail-smtp-in.l.google.com.
# Dig -t MX gmail.com + short 5 gmail-smtp-in.l.google.com. 20 alt2.gmail-smtp-in.l.google.com. 30 alt3.gmail-smtp-in.l.google.com. 40 alt4.gmail-smtp-in.l.google.com. 10 alt1.gmail-smtp-in.l.google.com. |
So it’s up to you to choose which option to choose.
PTR
With PTR there is not as much room for creativity as with MX, which is only easier. The PTR record must be placed in the gateway zone and you can set the IP addresses to the DNS names (that is, the addresses must appear in the names).
The most ideal fit may result in a “circular” number of records. What is this, it is easy to understand in the application: from MX we take the A-record, from the A-record we take the IP-addresses, from which we take the PTR-record, which ideally should be entered into the A-record, which is what the MX indicated. And so according to stake:
But in reality this is clearly excessive perfectionism. Before that, how will you work if your server will serve a number of domains at the same time (although this is an even more common situation)?
Note: Hypothetically, you can create a PTR ring for one IP address, even though the RFC does not directly prohibit it. Prote, the software on the client side is not able to correctly handle such a situation and simply fails to write a record from the view. This entry may not turn out to be what you need. Moreover, most providers simply encourage you to create a PTR account. Therefore, create one entry for one address and ask about those so that the mail server in the private HELO shows the name, which allows the server address, that’s all.
For fun, let's check the same public providers:
Shell
# Dig -t MX mail.ru + short 10 mxs.mail.ru. # Dig -t A mxs.mail.ru + short 94.100.180.104 94.100.180.31 # dig -x 94.100.180.104 + short mxs.mail.ru.
Well, obviously, their addresses and PTR are absolutely not connected with them, for example, bk.ru. Thus, in essence, the rigidity is not obligatory and you can use PTR with whatever is yours domain names. It is important that the record is created, and even more servers check the presence of PTR and, as there is none, will sharply increase the spam rating of your messages.