Manual DNS setup

If for some reason you have decided to not enable_nsd and want to do it manually, I have outlined the necessary steps for creating records at your DNS provider.

Assumptions

  • Your domain name: pdomain.abc (for primary domain)
  • You have configured an A record for excision.pdomain.abc, so that it points to the current server.
  • Your host server has reverse DNS resolving to excision.pdomain.abc.
  • You are configuring dns for a secondary domain sdomain.xyz.
    (It does not need to be secondary, sdomain.xyz could be the same as pdomain.abc)

TTL is the default ttl you would like to put, in Excision it is set to 10800.

CNAME records for sdomain.xyz

autoconfig.sdomain.xyz.          TTL IN CNAME excision.pdomain.abc.
autodiscover.sdomain.xyz.        TTL IN CNAME excision.pdomain.abc.
openpgpkey.sdomain.xyz.          TTL IN CNAME excision.pdomain.abc.
wkd.sdomain.xyz.                 TTL IN CNAME excision.pdomain.abc.
mta-sts.sdomain.xyz.             TTL IN CNAME excision.pdomain.abc.
imap.sdomain.xyz.                TTL IN CNAME excision.pdomain.abc.
pop3.sdomain.xyz.                TTL IN CNAME excision.pdomain.abc.
smtp.sdomain.xyz.                TTL IN CNAME excision.pdomain.abc.
webmail.sdomain.xyz.                TTL IN CNAME excision.pdomain.abc.
calendar.sdomain.xyz.                TTL IN CNAME excision.pdomain.abc.
contacts.sdomain.xyz.                TTL IN CNAME excision.pdomain.abc.

MX records for sdomain.xyz

@                                TTL IN MX 0 excision.pdomain.abc.

This tells the world that the mail for sdomain.xyz is handled by excision.pdomain.abc

TXT records for sdomain.xyz

sdomain.xyz.                     TTL IN TXT "v=spf1 mx:pdomain.abc -all"
_dmarc.sdomain.xyz.              TTL IN TXT "v=DMARC1;p=reject;pct=100;rua=mailto:dmarcreports@pdomain.abc"
_smtp._tls.sdomain.xyz.          TTL IN TXT "v=TLSRPTv1;rua=mailto:tlsreports@pdomain.abc;"
excision._domainkey.sdomain.xyz. TTL IN TXT "v=DKIM1;k=rsa;p={EXCISIONKEY}"

where {EXCISIONKEY} is the key stored in /etc/excision/dkim/excision.pdomain.abc.pub and /etc/excision/dkim/excision.pdomain.abc.txt.

NOTE: Depending on your DNS provider the key generated by Excision is going to be too large to fit in one record. You will have to contact your DNS provider to see how to fit a large key into a TXT record. The work around this is to store more than one string in a DNS record (yes, this is possible to do, but the implementation depends on your hosting providers UI).
Excision breaks down the record into correct sizes and stores it in the text files above.

( "v=DKIM1;k=rsa;p=OQWcn812jW..." "....UnsdU;" )

SRV records for sdomain.xyz

Needed for setting up older client software (and also Microsoft/iOS)

_submissions._tcp.sdomain.xyz.   TTL IN SRV 0 1 465 smtp.sdomain.xyz.
_submission._tcp.sdomain.xyz.    TTL IN SRV 0 1 587 smtp.sdomain.xyz.
_imaps._tcp.sdomain.xyz.         TTL IN SRV 0 1 993 imap.sdomain.xyz.
_pop3s._tcp.sdomain.xyz.         TTL IN SRV 0 1 995 pop3.sdomain.xyz.
_imap._tcp.sdomain.xyz.          TTL IN SRV 0 0 0   .                   (OPTIONAL, depending on DNS provider compatibility)
_pop3._tcp.sdomain.xyz.          TTL IN SRV 0 0 0   .                   (OPTIONAL, depending on DNS provider compatibility)

Extra SRV records for setting up openpgpkey using GnuPG

_openpgpkey._tcp.sdomain.xyz.    TTL IN SRV 0 0 443 wkd.sdomain.xyz.

SRV records for autodiscover in Microsoft

_autodiscover._tcp.sdomain.xyz.  TTL IN SRV 0 0 443 autodiscover.sdomain.xyz.