I rely on cloudflare to provide application firewall, rate throttling, filtering by country, Brotli compression and HTTP/2 among several other features. Here is a listing of my DNS entries for ekvastra.in. I also manage ekvastra.org and kandhamal.org for which I have implemented DNSSEC as well.

A Records

  • ekvastra.in. 1 IN A 192.168.1.1
  • monitor.ekvastra.in. 1 IN A 192.168.1.1

AAAA Records

  • maintenance.ekvastra.in. 1 IN AAAA 100::
  • mta-sts.ekvastra.in. 1 IN AAAA 100::
  • uptimerobot.ekvastra.in. 1 IN AAAA 100::
  • webmail.ekvastra.in. 1 IN AAAA 100::
  • www.ekvastra.in. 1 IN AAAA 100::
  • zohomail.ekvastra.in. 1 IN AAAA 100::

CAA Records

  • ekvastra.in. 1 IN CAA 0 iodef "admin [snail] ekvastra [period] in"
  • ekvastra.in. 1 IN CAA 0 issue "sectigo.com"
  • ekvastra.in. 1 IN CAA 0 issue "letsencrypt.org"
  • ekvastra.in. 1 IN CAA 0 issue "digicert.com"

CNAME Records

  • aps2unicode.ekvastra.in. 1 IN CNAME aps2unicode.pages.dev.
  • finance.ekvastra.in. 1 IN CNAME ekvastra.in.
  • hindispell.ekvastra.in. 1 IN CNAME hindispell.pages.dev.
  • notes.ekvastra.in. 1 IN CNAME ekvastra.in.
  • omega.ekvastra.in. 1 IN CNAME ekvastra.in.
  • podcast.ekvastra.in. 1 IN CNAME ekvastra.in.
  • quiz.ekvastra.in. 1 IN CNAME ekvastra.in.
  • sanscript.ekvastra.in. 1 IN CNAME sanscript.pages.dev.
  • updown.ekvastra.in. 1 IN CNAME page.updown.io.
  • wiki.ekvastra.in. 1 IN CNAME ekvastra.in.
  • zb15697302.ekvastra.in. 1 IN CNAME zmverify.zoho.in.

MX Records

  • ekvastra.in. 1 IN MX 20 mx2.zoho.in.
  • ekvastra.in. 1 IN MX 10 mx.zoho.in.

TXT Records

  • default._domainkey.ekvastra.in. 1 IN TXT "v=DKIM1; k=rsa; s=email;p=...;"
  • _dmarc.ekvastra.in. 1 IN TXT "v=DMARC1; p=reject; rua=ekvastra-d [snail] dmarc [period] report-uri [period] com; ruf=ekvastra-d [snail] dmarc [period] report-uri [period] com; sp=reject; adkim=s; aspf=s"
  • ekvastra.in. 1 IN TXT "v=spf1 +mx +ip4:192.168.1.1 +include:zoho.in -all"
  • ekvastra.in. 1 IN TXT "google-site-verification=CElRab3RPaR1gI-asQGZbCcWdIPY_qA5OW7z2npiYt0"
  • _mta-sts.ekvastra.in. 1 IN TXT "v=STSv1; id=2022April07aMpYgHgJuPGk;"
  • _smtp._tls.ekvastra.in. 1 IN TXT "v=TLSRPTv1; rua=ekvastra-d [snail] tlsrpt [period] report-uri [period] com"
  • _updown.updown.ekvastra.in. 1 IN TXT "updown-page=6scy"
  • zoho._domainkey.ekvastra.in. 1 IN TXT "v=DKIM1; k=rsa; p=..."

The A records will resolve to the address of my firewall, the actual server address is protected.