Skip to main content

DNS Management

OVH Setup (deprecated)

https://www.ovh.com/manager/#/web/domain/pknw1.co.uk/information

DNS Zone TXT 
Domain					
@					
		IN	NS	dns111.ovh.net.	
		IN	NS	ns111.ovh.net.	
		IN	MX	30	mx0.mail.ovh.net.
		IN	MX	40	mx0.mail.ovh.net.
		IN	MX	10	mx1.improvmx.com.
		IN	MX	20	mx2.improvmx.com.
		IN	A	149.202.72.112	
	600	IN	TXT	v=spf1 include:mx.ovh.com include:spf.improvmx.com ~all	
	600	IN	TXT	1|www.pknw1.co.uk	
	600	IN	TXT	MS=ms31479355	
	600	IN	TXT	forward-email=!alias	
	600	IN	TXT	abuseipdb-verification=CAo0nSQ1	
*		IN	A	149.202.72.112	
*.admin	120	IN	CNAME	admin.pknw1.co.uk.	
*.engineering		IN	CNAME	engineering.pknw1.co.uk.	
*.uk		IN	CNAME	uk.pknw1.co.uk.	
_atproto		IN	TXT	did=did:plc:5oochc34c7qvyrddw26mwbmd	
admin		IN	A	100.100.69.2	
auth		IN	TXT	MS=ms58245970	
blog	60	IN	TXT	4|https://pknw1plex.wordpress.com/	
eef19115._improvmx		IN	TXT	eef1911513a940e5a13486087249bd22	
email		IN	MX	10	mx01.mail.icloud.com.
email		IN	MX	20	mx02.mail.icloud.com.
email	600	IN	TXT	v=spf1 include:icloud.com ~all	
email	600	IN	TXT	apple-domain=suqZvNHnvPHp7DJ6	
engineering		IN	CNAME	pknw1.co.uk.	
features		IN	TXT	bm90ZmxpeF93ZWJ1aT0xCm5vdGZsaXhfdnVlPTEK	
gitlab		IN	CNAME	www-content.gitlab.io.	
id		IN	TXT	ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789	
ks5		IN	CNAME	ns3024499.ip-149-202-72.eu.	
ovhmo2648680-selector1._domainkey		IN	CNAME	ovhmo2648680-selector1._domainkey.2799341.is.dkim.mail.ovh.net.	
ovhmo2648680-selector2._domainkey		IN	CNAME	ovhmo2648680-selector2._domainkey.2799340.is.dkim.mail.ovh.net.	
sig1._domainkey.email		IN	CNAME	sig1.dkim.email.pknw1.co.uk.at.icloudmailadmin.com.	
subdomain		IN	MX	1	redirect.ovh.net.
temp		IN	MX	1	mx4.mail.ovh.net.
temp		IN	MX	10	mx3.mail.ovh.net.
test.at.subdomain	600	IN	TXT	pkswansea@outlook.com	
uk		IN	A	130.185.249.97	
uptime		IN	CNAME	stats.uptimerobot.com.	
vps.tailscale		IN	A	100.100.69.10	
www-old		IN	TXT	google-site-verification=161vDOUG6W83MjVhkXJFSkLuUS5uTe4k00ada9BwiiI

 

DNS Zone Export Files

pknw1.co.uk DNS Zone.tsv

pknw1.co.uk DNS Zone.csv

As a default, all services under the domain pknw1.co.uk will be served from the primasry OVH server KS5.pknw1.co.uk - as such rather than using DNS to configure a name which points to a specifc location, all requests for any sub-domain of pknw1.co.uk can resolve to the same server

* IN A 149.202.72.112
 catchall to redirect any uncaught lookup to the server 
*.admin.pknw1.co.uk   IN CNAME admin.pknw1.co.uk
admin.pknw1.co.uk     IN A     100.100.69.2

as admin sites should be restricted, we setup DNS to point to our internal tailscale IP on the server

anyone without VPN access will not be able to access

 
*.pknw1.co.uk IN CNAME pknw1.co.uk
pknw1.co.uk   IN A     149.202.72.112

all normal traffic comes in to the server and at that point, the hostname is used to direct the request.

to avoid host name spoofing of admin urls routing via the public IP address, we take the  following precations

 

  1. proxy-hosts listenong on the public IP only accept host headers without 'admin' in
  2. we verify the request source IP range to ensure it is across Tailscale

CloudFlare Tiunnels + OVH DNS 

While the original DNS records stay with OVH, we use Cloudflare Tunnels which require the use of Cloudflare's DNS Servers

Cloudfllare Config : https://dash.cloudflare.com/526d50e9916746095990891c0108be7f/pknw1.co.uk

Cloudflare routes the user via their service and then proxies the request to the backend

 

Cloudflare DNS Records (sample) 
pknw1.co.uk 		3600	IN	SOA	aaden.ns.cloudflare.com. dns.cloudflare.com. 2050237509 10000 2400 604800 3600

;; NS Records
pknw1.co.uk.		86400	IN	NS	aaden.ns.cloudflare.com.
pknw1.co.uk.		86400	IN	NS	kinsley.ns.cloudflare.com.

;; A Records
admin.pknw1.co.uk.	3600	IN	A	100.100.69.2 ; cf_tags=cf-proxied:false
notflix.pknw1.co.uk.300	IN	A	149.202.72.112 ; cf_tags=cf-proxied:false
*.pknw1.co.uk.		1	IN	A	149.202.72.112 ; cf_tags=cf-proxied:true
pknw1.co.uk.		1	IN	A	149.202.72.112 ; cf_tags=cf-proxied:true
www.pknw1.co.uk.	1	IN	A	87.98.255.50 ; cf_tags=cf-proxied:true

;; CNAME Records
*.admin.pknw1.co.uk.1	IN	CNAME	admin.pknw1.co.uk. ; cf_tags=cf-proxied:false
gitlab.pknw1.co.uk.	1	IN	CNAME	www-content.gitlab.io. ; cf_tags=cf-proxied:false
ks5.pknw1.co.uk.	1	IN	CNAME	ns3024499.ip-149-202-72.eu. ; cf_tags=cf-proxied:false
uptime.pknw1.co.uk.	1	IN	CNAME	stats.uptimerobot.com. ; cf_tags=cf-proxied:false

;; MX Records
email.pknw1.co.uk.	3600	IN	MX	20 mx02.mail.icloud.com.
email.pknw1.co.uk.	3600	IN	MX	10 mx01.mail.icloud.com.
pknw1.co.uk.		3600	IN	MX	40 mx0.mail.ovh.net.
pknw1.co.uk.		3600	IN	MX	30 mx0.mail.ovh.net.
pknw1.co.uk.		3600	IN	MX	10 mx1.improvmx.com.
pknw1.co.uk.		3600	IN	MX	20 mx2.improvmx.com.
temp.pknw1.co.uk.	3600	IN	MX	1 mx4.mail.ovh.net.
temp.pknw1.co.uk.	3600	IN	MX	10 mx3.mail.ovh.net.

;; NS Records
pknw1.co.uk.		3600	IN	NS	ns111.ovh.net.
pknw1.co.uk.		3600	IN	NS	dns111.ovh.net.

;; TXT Records
auth.pknw1.co.uk.	3600	IN	TXT	"MS=ms58245970"
blog.pknw1.co.uk.	60	IN	TXT	"4|https://pknw1plex.wordpress.com/"
email.pknw1.co.uk.	600	IN	TXT	"v=spf1 include:icloud.com ~all"
email.pknw1.co.uk.	600	IN	TXT	"apple-domain=suqZvNHnvPHp7DJ6"
pknw1.co.uk.		600	IN	TXT	"MS=ms31479355"
pknw1.co.uk.		600	IN	TXT	"v=spf1 include:mx.ovh.com include:spf.improvmx.com ~all"
pknw1.co.uk.		600	IN	TXT	"1|www.pknw1.co.uk"
pknw1.co.uk.		600	IN	TXT	"abuseipdb-verification=CAo0nSQ1"
pknw1.co.uk.		600	IN	TXT	"forward-email=!alias"

 

Back to top