DNS

Configure DNS records correctly with proper TTLs, email authentication, and migration strategies.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "DNS" with this command: npx skills add ivangdavila/dns

Pre-Migration TTL

  • Lower TTL to 300s at least 48h before changing records—current TTL must expire first
  • Check current cached TTL before planning: dig +nocmd +noall +answer example.com
  • After migration stable 24h, raise TTL back to 3600-86400s
  • Test with multiple resolvers: Google (8.8.8.8), Cloudflare (1.1.1.1), local ISP—they cache independently

Email Authentication (All Three Required)

  • SPF alone insufficient—DKIM and DMARC both needed for deliverability
  • DMARC record: _dmarc.example.com TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"
  • SPF must be single TXT record—multiple SPF records invalid; use include: for multiple sources
  • SPF ending: -all (reject) or ~all (soft fail)—never +all or ?all
  • Verify complete setup with mail-tester.com after configuration

CAA Records

  • Limits which Certificate Authorities can issue certs for domain—prevents unauthorized issuance
  • Basic: example.com. CAA 0 issue "letsencrypt.org"
  • Wildcard requires separate entry: CAA 0 issuewild "letsencrypt.org"
  • Incident reporting: CAA 0 iodef "mailto:security@example.com"
  • Without CAA, any CA can issue—set explicitly for security-conscious domains

www Handling

  • Configure both apex and www—or redirect one to other; leaving www unconfigured breaks links
  • Pick canonical form and stick to it: www → apex OR apex → www
  • HTTPS redirect requires cert for both variants before redirect works
  • Test both URLs explicitly after setup

Debugging Commands

  • dig +trace example.com—full resolution chain from root; reveals where problem occurs
  • dig @ns1.provider.com example.com—query authoritative nameserver directly, bypasses cache
  • Compare authoritative vs cached response—mismatch indicates propagation in progress
  • Check all relevant record types—A working doesn't mean AAAA, MX, or TXT are correct

Cloudflare Proxy Behavior

  • Orange cloud (proxied) hides origin IP—breaks SSH, mail, game servers; use grey cloud for non-HTTP
  • Proxied records ignore your TTL setting—Cloudflare controls caching
  • CNAME flattening at apex works in Cloudflare but causes confusion when migrating away
  • Universal SSL only on proxied records—DNS-only requires origin certificate

Wildcard Records

  • *.example.com does not match apex example.com—both need explicit records
  • Explicit subdomain record takes precedence over wildcard
  • Wildcard SSL certificates require separate issuance—use DNS challenge with Let's Encrypt

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

Fitbit Tracker

Personal Fitbit integration for daily health tracking with adaptive sleep and activity reporting

Registry SourceRecently Updated
1922crabsticksalad
General

Ollama Load Balancer

Ollama load balancer for Llama, Qwen, DeepSeek, and Mistral inference across multiple machines. Load balancing with auto-discovery via mDNS, health checks, q...

Registry SourceRecently Updated
2570twinsgeeks
General

Google Merchant Center

Google Merchant Center integration. Manage Accounts. Use when the user wants to interact with Google Merchant Center data.

Registry SourceRecently Updated
1960membranedev
General

Twitter/X All-in-One — Search, Monitor & Publish Text & Media Posts

Searches and reads X (Twitter): profiles, timelines, mentions, followers, tweet search, trends, lists, communities, and Spaces. Publishes posts, likes/unlike...

Registry SourceRecently Updated
2401aisadocs