I rely on cloudflare to provide application firewall, rate throttling, filtering by country, Brotli compression and HTTP/2 among several other features. Here is a listing of my DNS entries for ekvastra.in. I also manage ekvastra.org and kandhamal.org for which I have implemented DNSSEC as well.

A Records

  • ekvastra.in. 1 IN A

CAA Records

  • ekvastra.in. 1 IN CAA 0 iodef "admin [snail] ekvastra [period] in"
  • ekvastra.in. 1 IN CAA 0 issue "sectigo.com"
  • ekvastra.in. 1 IN CAA 0 issue "letsencrypt.org"
  • ekvastra.in. 1 IN CAA 0 issue "digicert.com"

CNAME Records

  • aps2unicode.ekvastra.in. 1 IN CNAME ekvastra.in.
  • finance.ekvastra.in. 1 IN CNAME ekvastra.in.
  • hindispell.ekvastra.in. 1 IN CNAME ekvastra.in.
  • mta-sts.ekvastra.in. 1 IN CNAME ekvastra.in.
  • notes.ekvastra.in. 1 IN CNAME ekvastra.in.
  • omega.ekvastra.in. 1 IN CNAME ekvastra.in.
  • podcast.ekvastra.in. 1 IN CNAME ekvastra.in.
  • quiz.ekvastra.in. 1 IN CNAME ekvastra.in.
  • sanscript.ekvastra.in. 1 IN CNAME ekvastra.in.
  • uptime.ekvastra.in. 1 IN CNAME 6scy.status.updown.io.
  • webmail.ekvastra.in. 1 IN CNAME ekvastra.in.
  • wiki.ekvastra.in. 1 IN CNAME ekvastra.in.
  • www.ekvastra.in. 1 IN CNAME ekvastra.in.
  • zb15697302.ekvastra.in. 1 IN CNAME zmverify.zoho.in.

MX Records

  • ekvastra.in. 1 IN MX 10 server50.hostingraja.org.
  • ekvastra.in. 1 IN MX 20 mx.zoho.in.

TXT Records

  • _cpanel-dcv-test-record.ekvastra.in. 1 IN TXT "_cpanel-dcv-test-record=ABCD"
  • default._domainkey.ekvastra.in. 1 IN TXT "v=DKIM1; k=rsa; s=email;p=ABCD;"
  • _dmarc.ekvastra.in. 1 IN TXT "v=DMARC1; p=reject; rua=dmarc [snail] ekvastra [period] uriports [period] com; ruf=dmarc [snail] ekvastra [period] uriports [period] com; sp=reject; adkim=s; aspf=s"
  • ekvastra.in. 1 IN TXT "v=spf1 mx include:zoho.in -all"
  • ekvastra.in. 1 IN TXT "google-site-verification=ABCD"
  • _mta-sts.ekvastra.in. 1 IN TXT "v=STSv1; id=CmfrEWOM1gYlS;"
  • _smtp._tls.ekvastra.in. 1 IN TXT "v=TLSRPTv1; rua=tlsrpt [snail] ekvastra [period] uriports [period] com"
  • zoho._domainkey.ekvastra.in. 1 IN TXT "v=DKIM1; k=rsa; p=ABCD"

ftp subdomain does not exist on my webserver. It is not supposed to work over https. I update dns record to bypass my proxy only before usage. I use webmail as my primary mail.

The A records will resolve to the address of my firewall, the actual server address is protected.