hacklab-fi / itinfra

Document hacklab.fi common use infra

MIT License

3 stars 3 forks source link

Changes to tampere. dns records #8

Closed tswfi closed 5 years ago

tswfi commented 5 years ago

2 is still underway so this is "freeform" :)

New records (explicit MX and spf with trex mailman already added even if it is not yet used):

tampere     MX      193.28.89.206
tampere     TXT     "v=spf1 mx mx:mailman.trex.fi ~all"

Remove old deprecated records:

old.tampere           A            193.28.89.81
staging.tampere    A            193.28.89.206
*.staging.tampere  CNAME staging.tampere

tanelikaivola commented 5 years ago

Actions taken

Deprecated records have been removed.

Clarification required

Does the target MX have a host name?

MX records should not point to IP addresses but to A/AAAA records specified somewhere else.

Option 1

mail.tampere A 193.28.89.206
tampere MX mail.tampere
tampere TXT "v=spf1 mx mx:mailman.trex.fi ~all"

Option 2

tampere MX 193.28.89.206
tampere TXT "v=spf1 mx mx:mailman.trex.fi ~all"

Option 3

tampere MX somemailmx.somewhere.fi
tampere TXT "v=spf1 mx mx:mailman.trex.fi ~all"

Verification notes

Additionally as a minor note, SPF record specifies mx:mailman.trex.fi, but last priority MX of mailman.trex.fi points to mqueue2.axu.tm that doesn't have A record specified. You should contact trex.fi to fix this issue.

olmari commented 5 years ago

mqueue2.axu.tm has AAAA record, and only AAAA record, "by design" of axu.

dig +short AAAA mqueue2.axu.tm 2001:1430:a:6e:a00:3eff:fe66:14

So it isn't broken, while I have no clue why axu wanted it that way.

tswfi commented 5 years ago

Thanks!

Option 1 works fine. 193.28.89.206 is tampere.hacklab.fi server but for clarity I like to have it specified as its own. (a record will act as a mx record also, but I prefer having mx clearly specified).

Option 2 isn't this the same that was requested?

Option 3 no outside mx server right now

Lets use Option 1. I have to check with the mail server admins if they have AAAA working also (probably not). Will open a new issue about it if later if needed...

For the spf rule, I just copied what vaasa has for trex, didn't even check what it has :)

rostbach commented 5 years ago

I also vote for option 1, as that was what originally we wanted

tanelikaivola commented 5 years ago

Change completed, current active record set:

Record	Type	Data
tampere	A	193.28.89.206
tampere	AAAA	2001:1bc8:1001:401:904f:35ff:fe34:c527
mail.tampere	A	193.28.89.206
tampere	MX	10 mail.tampere
*.tampere	CNAME	tampere

Please wait a while (hour or so) for DNS records to propagate and check if everything works as it should. Reopen this issue if there are problems with this change.