# DNS Management ### OVH Setup (deprecated) [https://www.ovh.com/manager/#/web/domain/pknw1.co.uk/information](https://www.ovh.com/manager/#/web/domain/pknw1.co.uk/information)
DNS Zone TXT ``` Domain @ IN NS dns111.ovh.net. IN NS ns111.ovh.net. IN MX 30 mx0.mail.ovh.net. IN MX 40 mx0.mail.ovh.net. IN MX 10 mx1.improvmx.com. IN MX 20 mx2.improvmx.com. IN A 149.202.72.112 600 IN TXT v=spf1 include:mx.ovh.com include:spf.improvmx.com ~all 600 IN TXT 1|www.pknw1.co.uk 600 IN TXT MS=ms31479355 600 IN TXT forward-email=!alias 600 IN TXT abuseipdb-verification=CAo0nSQ1 * IN A 149.202.72.112 *.admin 120 IN CNAME admin.pknw1.co.uk. *.engineering IN CNAME engineering.pknw1.co.uk. *.uk IN CNAME uk.pknw1.co.uk. _atproto IN TXT did=did:plc:5oochc34c7qvyrddw26mwbmd admin IN A 100.100.69.2 auth IN TXT MS=ms58245970 blog 60 IN TXT 4|https://pknw1plex.wordpress.com/ eef19115._improvmx IN TXT eef1911513a940e5a13486087249bd22 email IN MX 10 mx01.mail.icloud.com. email IN MX 20 mx02.mail.icloud.com. email 600 IN TXT v=spf1 include:icloud.com ~all email 600 IN TXT apple-domain=suqZvNHnvPHp7DJ6 engineering IN CNAME pknw1.co.uk. features IN TXT bm90ZmxpeF93ZWJ1aT0xCm5vdGZsaXhfdnVlPTEK gitlab IN CNAME www-content.gitlab.io. id IN TXT ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 ks5 IN CNAME ns3024499.ip-149-202-72.eu. ovhmo2648680-selector1._domainkey IN CNAME ovhmo2648680-selector1._domainkey.2799341.is.dkim.mail.ovh.net. ovhmo2648680-selector2._domainkey IN CNAME ovhmo2648680-selector2._domainkey.2799340.is.dkim.mail.ovh.net. sig1._domainkey.email IN CNAME sig1.dkim.email.pknw1.co.uk.at.icloudmailadmin.com. subdomain IN MX 1 redirect.ovh.net. temp IN MX 1 mx4.mail.ovh.net. temp IN MX 10 mx3.mail.ovh.net. test.at.subdomain 600 IN TXT pkswansea@outlook.com uk IN A 130.185.249.97 uptime IN CNAME stats.uptimerobot.com. vps.tailscale IN A 100.100.69.10 www-old IN TXT google-site-verification=161vDOUG6W83MjVhkXJFSkLuUS5uTe4k00ada9BwiiI ```
DNS Zone Export Files [pknw1.co.uk DNS Zone.tsv](https://bookstack.pknw1.co.uk/attachments/1) [pknw1.co.uk DNS Zone.csv](https://bookstack.pknw1.co.uk/attachments/2)
As a default, all services under the domain pknw1.co.uk will be served from the primasry OVH server KS5.pknw1.co.uk - as such rather than using DNS to configure a name which points to a specifc location, all requests for any sub-domain of pknw1.co.uk can resolve to the same server
``` * IN A 149.202.72.112 ``` catchall to redirect any uncaught lookup to the server
``` *.admin.pknw1.co.uk IN CNAME admin.pknw1.co.uk admin.pknw1.co.uk IN A 100.100.69.2 ``` as admin sites should be restricted, we setup DNS to point to our internal tailscale IP on the server anyone without VPN access will not be able to access
``` *.pknw1.co.uk IN CNAME pknw1.co.uk pknw1.co.uk IN A 149.202.72.112 ``` all normal traffic comes in to the server and at that point, the hostname is used to direct the request. to avoid host name spoofing of admin urls routing via the public IP address, we take the following precations 1. proxy-hosts listenong on the public IP only accept host headers without 'admin' in 2. we verify the request source IP range to ensure it is across Tailscale
### CloudFlare Tiunnels + OVH DNS While the original DNS records stay with OVH, we use Cloudflare Tunnels which require the use of Cloudflare's DNS Servers Cloudfllare Config : [https://dash.cloudflare.com/526d50e9916746095990891c0108be7f/pknw1.co.uk](https://dash.cloudflare.com/526d50e9916746095990891c0108be7f/pknw1.co.uk) Cloudflare routes the user via their service and then proxies the request to the backend
Cloudflare DNS Records (sample) ``` pknw1.co.uk 3600 IN SOA aaden.ns.cloudflare.com. dns.cloudflare.com. 2050237509 10000 2400 604800 3600 ;; NS Records pknw1.co.uk. 86400 IN NS aaden.ns.cloudflare.com. pknw1.co.uk. 86400 IN NS kinsley.ns.cloudflare.com. ;; A Records admin.pknw1.co.uk. 3600 IN A 100.100.69.2 ; cf_tags=cf-proxied:false notflix.pknw1.co.uk.300 IN A 149.202.72.112 ; cf_tags=cf-proxied:false *.pknw1.co.uk. 1 IN A 149.202.72.112 ; cf_tags=cf-proxied:true pknw1.co.uk. 1 IN A 149.202.72.112 ; cf_tags=cf-proxied:true www.pknw1.co.uk. 1 IN A 87.98.255.50 ; cf_tags=cf-proxied:true ;; CNAME Records *.admin.pknw1.co.uk.1 IN CNAME admin.pknw1.co.uk. ; cf_tags=cf-proxied:false gitlab.pknw1.co.uk. 1 IN CNAME www-content.gitlab.io. ; cf_tags=cf-proxied:false ks5.pknw1.co.uk. 1 IN CNAME ns3024499.ip-149-202-72.eu. ; cf_tags=cf-proxied:false uptime.pknw1.co.uk. 1 IN CNAME stats.uptimerobot.com. ; cf_tags=cf-proxied:false ;; MX Records email.pknw1.co.uk. 3600 IN MX 20 mx02.mail.icloud.com. email.pknw1.co.uk. 3600 IN MX 10 mx01.mail.icloud.com. pknw1.co.uk. 3600 IN MX 40 mx0.mail.ovh.net. pknw1.co.uk. 3600 IN MX 30 mx0.mail.ovh.net. pknw1.co.uk. 3600 IN MX 10 mx1.improvmx.com. pknw1.co.uk. 3600 IN MX 20 mx2.improvmx.com. temp.pknw1.co.uk. 3600 IN MX 1 mx4.mail.ovh.net. temp.pknw1.co.uk. 3600 IN MX 10 mx3.mail.ovh.net. ;; NS Records pknw1.co.uk. 3600 IN NS ns111.ovh.net. pknw1.co.uk. 3600 IN NS dns111.ovh.net. ;; TXT Records auth.pknw1.co.uk. 3600 IN TXT "MS=ms58245970" blog.pknw1.co.uk. 60 IN TXT "4|https://pknw1plex.wordpress.com/" email.pknw1.co.uk. 600 IN TXT "v=spf1 include:icloud.com ~all" email.pknw1.co.uk. 600 IN TXT "apple-domain=suqZvNHnvPHp7DJ6" pknw1.co.uk. 600 IN TXT "MS=ms31479355" pknw1.co.uk. 600 IN TXT "v=spf1 include:mx.ovh.com include:spf.improvmx.com ~all" pknw1.co.uk. 600 IN TXT "1|www.pknw1.co.uk" pknw1.co.uk. 600 IN TXT "abuseipdb-verification=CAo0nSQ1" pknw1.co.uk. 600 IN TXT "forward-email=!alias" ```