Ergberg's  Jotter
🔍
×

Drop me a note



If you wish, you may send your message anonymously.
However, if you would like me to be able to reach you, please include your e-mail address.
(I do not use social networks.)



    



As of
Est. 

Configure Your DNS Server

🌐 DNS Setting up a DNS server.

Your default DNS server is with your domain registrar, in my case Freenom. Freenom not only registered my free domain, they also provided the DNS servers that could map ergberg.tk to the static IP of my GCP box.

Moving to Cloudflare DNS

You do not need to change your DNS server. I changed it for the following reason:

Since I was worried about the cost of network traffic, I thought it would be a good idea to route traffic through a CDN that would cache files for me, taking the load off the GCP box. I knew Cloudflare from before. They offer a free plan and advertised their DDoS protection, which also sounded good to me.

Where is the connection between CDN and DNS?
To use Cloudflare as a caching CDN, you simply use Cloudflare's DNS servers instead of your original servers. Instead of pointing ergberg.tk to my IP address, Cloudflare points to its own servers. These can serve my content from their caches. Only when they need to prime the cache for the first time, they go to my original server. Each DNS query for ergberg.tk is answered with Cloudflare's servers, not with mine. The rest of the CDN functionality is then largely automatic. This diagram can help to understand how Cloudflare CDN intercepts the routes.

To switch is simple: Freenom provides a user interface where you can enter the primary DNS servers for your domain, and so I replaced theirs with Cloudflare's. Switching to Cloudflare is not a requirement for managing DNS records. Had I stayed with Freenom's DNS servers, the following entries would be similar, but without the CDN redirection.

Host Name Entries

DNS is a public service. Everyone can read the records entered for a domain as long as they know what to look for. Most important are the A records for the servers. They map from symbolic domain names like server.ergberg.tk to the physical IP address. My GCP box has the (external) IP w.x.y.z. Thus the according DNS entry is

txt
A     server         w.x.y.z
A     server         w.x.y.z

Since this is part of the records for ergberg.tk, the domain part is implicit. The record mentions server, so it is for server.ergberg.tk. When you query the IP address for server.ergberg.tk, you won't see w.x.y.z. Digged from my GCP box it looks like this:

bash
dig -t A server.ergberg.tk

; <<>> DiG 9.16.1-Ubuntu <<>> -t A server.ergberg.tk
;; global options: +cmd
;; Got answer:
;; ->>:HEADER<<- opcode: QUERY, status: NOERROR, id: 52298
;; flags: qr rd ra; :QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;server.ergberg.tk.             IN      A

;; ANSWER SECTION::
server.ergberg.tk.      300     IN      A       104.21.68.115
server.ergberg.tk.      300     IN      A       172.67.195.7

;; Query time: 44 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue May 10 22:28:04 UTC 2022
;; MSG SIZE  rcvd: 78
dig -t A server.ergberg.tk

; <<>> DiG 9.16.1-Ubuntu <<>> -t A server.ergberg.tk
;; global options: +cmd
;; Got answer:
;; ->>:HEADER<<- opcode: QUERY, status: NOERROR, id: 52298
;; flags: qr rd ra; :QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;server.ergberg.tk.             IN      A

;; ANSWER SECTION::
server.ergberg.tk.      300     IN      A       104.21.68.115
server.ergberg.tk.      300     IN      A       172.67.195.7

;; Query time: 44 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue May 10 22:28:04 UTC 2022
;; MSG SIZE  rcvd: 78

Server.ergberg.tk is reachable via two IP addresses. This is a redundancy for availability. I do not know any of these addresses. They are not located at GCP, but belong to servers of the Cloudflare network. Cloudflare interposes itself in between. They answer all IP queries for ergberg.tk with Cloudflare servers. All traffic goes to them, and only Cloudflare knows the GCP IP and calls back to my GCP box as needed.

For www.ergberg.tk and blog.ergberg.tk I use Cloudflare Pages. All requests for www.ergberg.tk are directly terminated at Cloudflare, where all content is hosted. There is no need to call the server on my GCP box. DNS does not map www.ergberg.tk to an IP address but to another symbolic hostname. The ....pages.dev names are provided by Cloudflare Pages. That's why www.ergberg.tk doesn't actually have an A, but a CNAME record:

txt
CNAME www         entry-aj8.pages.dev
CNAME blog        blog-5su.pages.dev
CNAME www         entry-aj8.pages.dev
CNAME blog        blog-5su.pages.dev

E-mail Entries

There is a second group of DNS records, all of which have to do with e-mail. The first information is used to tell the world which server to connect to when they want to send mail to …@ergberg.tk. This information is represented in MX records.

txt
MX   ergberg.tk     mail.ergberg.tk
MX   ergberg.tk     mail.ergberg.tk

Of course, mail.ergberg.tk must be prepared to handle incoming mails. Initially, I set up postfix on my GCP box to handle incoming (& outgoing) e-mail. Later, I decided to delegate the e-mails to another cloud service. Its name is ImprovMX. It is a catch-all for any …@ergberg.tk address and forwards the mails to a single e-mail destination. Thus, I changed the MX record for ergberg.tk to:

txt
MX   ergberg.tk     mx1.improvmx.com
MX   ergberg.tk     mx2.improvmx.com
MX   ergberg.tk     mx1.improvmx.com
MX   ergberg.tk     mx2.improvmx.com

Again, for fail-safety: two servers in case one is down.

Recently, I switched from ImprovMX to Cloudflare mail forwarding to reduce the number of service providers I use. The current settings are as follows:

txt
MX   ergberg.tk     amir.mx.cloudflare.net
MX   ergberg.tk     linda.mx.cloudflare.net
MX   ergberg.tk     isaac.mx.cloudflare.net
MX   ergberg.tk     amir.mx.cloudflare.net
MX   ergberg.tk     linda.mx.cloudflare.net
MX   ergberg.tk     isaac.mx.cloudflare.net

Ergberg.tk also has two TXT records in DNS that are e-mail related:

txt
TXT  ergberg.tk     v=spf1 include:sendgrid.net include:_spf.mx.cloudflare.net ~all
TXT  _dmarc         v=DMARC1; p=reject; ruf=mailto:postmaster@ergberg.tk; rua=mailto:postmaster@ergberg.tk
TXT  ergberg.tk     v=spf1 include:sendgrid.net include:_spf.mx.cloudflare.net ~all
TXT  _dmarc         v=DMARC1; p=reject; ruf=mailto:postmaster@ergberg.tk; rua=mailto:postmaster@ergberg.tk

The SPF entry states that mail from ergberg.tk can originate only from sendgrid.net (which is the provider that enables me to send e-mail from inside GCP) and from Cloudflare. The DMARC entry says that SPF violations should cause the email to be rejected.