I rely on cloudflare to provide application firewall, rate throttling, filtering by country, Brotli compression and HTTP/2 among several other features. Here is a listing of my DNS entries for ekvastra.in. I also manage ekvastra.org and kandhamal.org for which I have implemented DNSSEC as well.

;; A Records

  • ekvastra.in. 1 IN A 192.168.1.1

;; CAA Records

  • ekvastra.in. 1 IN CAA 0 iodef "admin@ekvastra.in"
  • ekvastra.in. 1 IN CAA 0 issue "sectigo.com"
  • ekvastra.in. 1 IN CAA 0 issue "letsencrypt.org"
  • ekvastra.in. 1 IN CAA 0 issue "digicert.com"

;; CNAME Records

  • aps2unicode.ekvastra.in. 1 IN CNAME ekvastra.in.
  • bb.ekvastra.in. 1 IN CNAME ekvastra.in.
  • cal.ekvastra.in. 1 IN CNAME ekvastra.in.
  • ftp.ekvastra.in. 1 IN CNAME ekvastra.in.
  • hindispell.ekvastra.in. 1 IN CNAME ekvastra.in.
  • kanboard.ekvastra.in. 1 IN CNAME ekvastra.in.
  • kandhamal.ekvastra.in. 1 IN CNAME ekvastra.in.
  • mta-sts.ekvastra.in. 1 IN CNAME ekvastra.in.
  • notepad.ekvastra.in. 1 IN CNAME ekvastra.in.
  • notes.ekvastra.in. 1 IN CNAME ekvastra.in.
  • ojs.ekvastra.in. 1 IN CNAME ekvastra.in.
  • omega.ekvastra.in. 1 IN CNAME ekvastra.in.
  • podcast.ekvastra.in. 1 IN CNAME ekvastra.in.
  • sanscript.ekvastra.in. 1 IN CNAME ekvastra.in.
  • status.ekvastra.in. 1 IN CNAME stats.uptimerobot.com.
  • uptime.ekvastra.in. 1 IN CNAME 6scy.status.updown.io.
  • uptime.notes.ekvastra.in. 1 IN CNAME yavp.status.updown.io.
  • uptime.wiki.ekvastra.in. 1 IN CNAME whcf.status.updown.io.
  • wiki.ekvastra.in. 1 IN CNAME ekvastra.in.

;; MX Records

  • ekvastra.in. 1 IN MX 0 server39.hostingraja.org.

;; TXT Records

  • _acme-challenge.ekvastra.in. 1 IN TXT "RkwYdfC1SpQ9RKFCQR6LdIcnAKxCSuiKNEnktd-CloA"
  • _cpanel-dcv-test-record.ekvastra.in. 1 IN TXT "_cpanel-dcv-test-record=PFvFXe56dSpEOKOG2dxkZEh5793jeu5ATQVcfUBOCqI6ef9NMttXlz2gR0qg5EBx"
  • default._domainkey.ekvastra.in. 1 IN TXT "v=DKIM1; k=rsa; s=email; q=dns; p=MIIBIjANB...;"
  • _dmarc.ekvastra.in. 1 IN TXT "v=DMARC1; p=reject; rua=ekvastra-d@dmarc.report-uri.com; ruf=ekvastra-d@dmarc.report-uri.com; sp=reject; adkim=s; aspf=s"
  • ekvastra.in. 1 IN TXT "v=spf1 +a +mx +ip4:192.168.1.4 +ip4:192.168.1.5 ~all"
  • ekvastra.in. 1 IN TXT "google-site-verification=CElRab3RPaR1gI-asQGZbCcWdIPY_qA5OW7z2npiYt0"
  • knjw2vnbakfdatkwwnkteob6.ekvastra.in. 1 IN TXT "ns91.hostingraja.in"
  • _mta-sts.ekvastra.in. 1 IN TXT "v=STSv1; id=eQNSZ1g0;"
  • _smtp._tls.ekvastra.in. 1 IN TXT "v=TLSRPTv1; rua=tlsrpt@ekvastra.uriports.com"

ftp subdomain does not exist on my webserver. It is not supposed to work over https. I update dns record to bypass my proxy only before usage.

The A records will resolve to the address of my firewall, the actual server address is protected.