15 Dub
2026
15 Dub
'26
15:01
On Wed, Apr 15, 2026, at 08:08, Daniel Salzman wrote:
Hi Bron,
Welcome aboard!
Hi Daniel, thank you!
First of all, I have to say that the ALIAS record type
(and similar alternatives) is rather a workaround until
HTTPS/SVCB alias mode is widely supported. We added this type primarily for use with our
Redis backend
and we aren't philosophically ready to add processing of it to the server itself.
However, I believe we can find
a solution for your needs.
I think that your use case, where the target ALIAS zone is locally available, is not
common. Usually, a full DNS resolver
is necessary, which is the biggest issue. Our server is focused on high performance, so
performing the resolution
while responding to queries is not optimal. In your case it is not even necessary.
Yes, absolutely -we're not keen to make our server more expensive. We switched to
Knot in the first place because our old backend was being hammered by DDoS attacks, even
behind Cloudflare caching frontends.
Possible options:
- Using our Redis backend in combination with
https://gitlab.nic.cz/knot/knot-dns/-/blob/master/scripts/redis_unalias.py
Sorry for the lack of documentation.
- If the dynamic records are uniform across the zones, cannot you use something like
(ignore the random zone names)?:
knotc> zone-begin --
OK
knotc> zone-set -- test A 192.168.1.1
OK
knotc> zone-diff --
[.] +test. 3600 A 192.168.1.1
[e92bd5f.4738fa5efafc1ebdc3.] +test.e92bd5f.4738fa5efafc1ebdc3. 3600 A 192.168.1.1
[63da60e39bb6cd76fa.] +test.63da60e39bb6cd76fa. 3600 A 192.168.1.1
[96e07.] +test.96e07. 3600 A 192.168.1.1
[aa.] +test.aa. 3600 A 192.168.1.1
[center.] +test.center. 3600 A 192.168.1.1
[collector.] +test.collector. 3600 A 192.168.1.1
[e6a69.] +test.e6a69. 3600 A 192.168.1.1
[ecbecfc1abcc.] +test.ecbecfc1abcc. 6536 A 192.168.1.1
[hawking.] +test.hawking. 16183 A 192.168.1.1
[noc3598.] +test.noc3598. 3600 A 192.168.1.1
[records.] +test.records. 3600 A 192.168.1.1
knotc> zone-commit --
OK
It's sadly not 100% uniform across all zones. We have default records, which can be
overridden by individual customers.
- If you insist on the dynamic ALIAS resolution, a
new query module could be implemented.
I do think that the ALIAS resolution the way I did it is an exact match for what we want,
it's a layer of indirection for the records which are "a service provided by
us" - the kind of thing you'd just use a CNAME for if it wasn't for how
CNAMEs and MX records behave so unfortunately.
What do you think? Maybe more details about your
deployment would help. Feel free to send
me relevant zone snippets.
Our goal is to be able to switch all the records with IPs starting 103.168 to IPs in a
separate datacenter when transitioning traffic to the other site (either deliberately, or
for disaster recovery)
Here is a zone which is absolutely vanilla, no special records. It's one of my
family's domains:
lorinna.net. 3600 IN SOA ( ns1.messagingengine.com.
postmaster.messagingengine.com.
2026041300 ;serial
86343 ;refresh
600 ;retry
1209600 ;expire
3600 ;minimum
)
lorinna.net. 3600 IN NS ns1.messagingengine.com.
lorinna.net. 3600 IN NS ns2.messagingengine.com.
lorinna.net. 3600 IN MX 10 in1-smtp.messagingengine.com.
lorinna.net. 3600 IN MX 20 in2-smtp.messagingengine.com.
lorinna.net. 3600 IN A 103.168.172.37
lorinna.net. 3600 IN A 103.168.172.52
lorinna.net. 3600 IN TXT "v=spf1 include:spf.messagingengine.com
?all"
*.lorinna.net. 3600 IN MX 10 in1-smtp.messagingengine.com.
*.lorinna.net. 3600 IN MX 20 in2-smtp.messagingengine.com.
*.lorinna.net. 3600 IN A 103.168.172.37
*.lorinna.net. 3600 IN A 103.168.172.52
_dmarc.lorinna.net. 3600 IN TXT "v=DMARC1; p=none;"
fm1._domainkey.lorinna.net. 3600 IN CNAME (
fm1.lorinna.net.dkim.fmhosted.com.
)
fm2._domainkey.lorinna.net. 3600 IN CNAME (
fm2.lorinna.net.dkim.fmhosted.com.
)
fm3._domainkey.lorinna.net. 3600 IN CNAME (
fm3.lorinna.net.dkim.fmhosted.com.
)
mesmtp._domainkey.lorinna.net. 3600 IN CNAME (
mesmtp.lorinna.net.dkim.fmhosted.com. )
_autodiscover._tcp.lorinna.net. 3600 IN SRV ( 0 1 443
autodiscover.fastmail.com. )
_caldav._tcp.lorinna.net. 3600 IN SRV 0 0 0 .
_caldavs._tcp.lorinna.net. 3600 IN SRV 0 1 443
d27457.caldav.fastmail.com.
_carddav._tcp.lorinna.net. 3600 IN SRV 0 0 0 .
_carddavs._tcp.lorinna.net. 3600 IN SRV ( 0 1 443
d27457.carddav.fastmail.com.
)
_imap._tcp.lorinna.net. 3600 IN SRV 0 0 0 .
_imaps._tcp.lorinna.net. 3600 IN SRV 0 1 993 imap.fastmail.com.
_jmap._tcp.lorinna.net. 3600 IN SRV 0 1 443 api.fastmail.com.
_pop3._tcp.lorinna.net. 3600 IN SRV 0 0 0 .
_pop3s._tcp.lorinna.net. 3600 IN SRV 10 1 995 pop.fastmail.com.
_submission._tcp.lorinna.net. 3600 IN SRV 0 0 0 .
_submissions._tcp.lorinna.net. 3600 IN SRV 0 1 465 smtp.fastmail.com.
mail.lorinna.net. 3600 IN MX 10 in1-smtp.messagingengine.com.
mail.lorinna.net. 3600 IN MX 20 in2-smtp.messagingengine.com.
mail.lorinna.net. 3600 IN A 103.168.172.65
And here's one where the apex A record and www A record are pointed to an external
system, but the rest is managed at Fastmail.
miv.org.au. 3600 IN SOA ( ns1.messagingengine.com.
postmaster.messagingengine.com.
2026041300 ;serial
86223 ;refresh
600 ;retry
1209600 ;expire
3600 ;minimum
)
miv.org.au. 3600 IN NS ns1.messagingengine.com.
miv.org.au. 3600 IN NS ns2.messagingengine.com.
miv.org.au. 3600 IN MX 10 in1-smtp.messagingengine.com.
miv.org.au. 3600 IN MX 20 in2-smtp.messagingengine.com.
miv.org.au. 3600 IN A 178.62.49.34
miv.org.au. 3600 IN TXT (
google-site-verification=3xg8-ieU1iufBCuguKrrUSGTEnrDYy7aSnPLvN66XHk )
miv.org.au. 3600 IN TXT "v=spf1 include:spf.messagingengine.com
?all"
*.miv.org.au. 3600 IN MX 10 in1-smtp.messagingengine.com.
*.miv.org.au. 3600 IN MX 20 in2-smtp.messagingengine.com.
*.miv.org.au. 3600 IN A 103.168.172.37
*.miv.org.au. 3600 IN A 103.168.172.52
_dmarc.miv.org.au. 3600 IN TXT "v=DMARC1; p=none;"
fm1._domainkey.miv.org.au. 3600 IN CNAME fm1.miv.org.au.dkim.fmhosted.com.
fm2._domainkey.miv.org.au. 3600 IN CNAME fm2.miv.org.au.dkim.fmhosted.com.
fm3._domainkey.miv.org.au. 3600 IN CNAME fm3.miv.org.au.dkim.fmhosted.com.
mesmtp._domainkey.miv.org.au. 3600 IN CNAME (
mesmtp.miv.org.au.dkim.fmhosted.com. )
_autodiscover._tcp.miv.org.au. 3600 IN SRV ( 0 1 443
autodiscover.fastmail.com.
)
_caldav._tcp.miv.org.au. 3600 IN SRV 0 0 0 .
_caldavs._tcp.miv.org.au. 3600 IN SRV 0 1 443
d442465.caldav.fastmail.com.
_carddav._tcp.miv.org.au. 3600 IN SRV 0 0 0 .
_carddavs._tcp.miv.org.au. 3600 IN SRV ( 0 1 443
d442465.carddav.fastmail.com.
)
_imap._tcp.miv.org.au. 3600 IN SRV 0 0 0 .
_imaps._tcp.miv.org.au. 3600 IN SRV 0 1 993 imap.fastmail.com.
_jmap._tcp.miv.org.au. 3600 IN SRV 0 1 443 api.fastmail.com.
_pop3._tcp.miv.org.au. 3600 IN SRV 0 0 0 .
_pop3s._tcp.miv.org.au. 3600 IN SRV 10 1 995 pop.fastmail.com.
_submission._tcp.miv.org.au. 3600 IN SRV 0 0 0 .
_submissions._tcp.miv.org.au. 3600 IN SRV 0 1 465 smtp.fastmail.com.
mail.miv.org.au. 3600 IN MX 10 in1-smtp.messagingengine.com.
mail.miv.org.au. 3600 IN MX 20 in2-smtp.messagingengine.com.
mail.miv.org.au. 3600 IN A 103.168.172.65
www.miv.org.au. 3600 IN A 178.62.49.34
And here's one that runs entirely separately, just using Fastmail for DNS:
dkim2.com. 3600 IN SOA ( ns1.messagingengine.com.
postmaster.messagingengine.com.
2026040300 ;serial
86265 ;refresh
600 ;retry
1209600 ;expire
3600 ;minimum
)
dkim2.com. 3600 IN NS ns1.messagingengine.com.
dkim2.com. 3600 IN NS ns2.messagingengine.com.
dkim2.com. 3600 IN MX 10 mail.dkim2.com.
dkim2.com. 3600 IN A 134.209.211.166
dkim2.com. 3600 IN TXT "v=spf1 a mx -all"
*.dkim2.com. 3600 IN MX 10 mail.dkim2.com.
_dmarc.dkim2.com. 3600 IN TXT ( "v=DMARC1; p=none;
rua=mailto:dmarc@dkim2.com"
)
ed25519._domainkey.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=ed25519; p=H4AK/+/8XXxmn/bnyOHaqPpyJtrqBf80sgZpnepMPUQ=" )
fm1._domainkey.dkim2.com. 3600 IN CNAME fm1.dkim2.com.dkim.fmhosted.com.
fm2._domainkey.dkim2.com. 3600 IN CNAME fm2.dkim2.com.dkim.fmhosted.com.
fm3._domainkey.dkim2.com. 3600 IN CNAME fm3.dkim2.com.dkim.fmhosted.com.
mesmtp._domainkey.dkim2.com. 3600 IN CNAME (
mesmtp.dkim2.com.dkim.fmhosted.com. )
sel1._domainkey.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwtNJpRLYM99Ya2Vm5Th/BUxw7MazipAvYMHJA80TD9P1F5gx6eHMT8kErqOG5w7ngZPAoEvH0Dq2rfyGC7gqp93RR7xCD/YNm72/uq9NC+zv1gQ3IqeHbKJEd8MQMj4CL+0fhRyAPpMWEPirYGSgVDxKjJHwa0XLlt00iI6DV1m/IhbH2hzcd6WfBBdiFLV+ovTS8InQDedl12aJtRJv/gKLA+6+Nd4DlTb3mBT2JvT0WoIbJ43pZpBR8ItXHOGT75mxMILEcWI2EhtPq/GaJHWbn7RxgyV0I44bTUiKut+8udflCjSpiOBXlFNp20bUQTjNxKNcCiLGFzc8cYFIwIDAQAB"
)
dev.dkim2.com. 3600 IN A 134.209.211.166
mail.dkim2.com. 3600 IN A 134.209.211.166
mailman.dkim2.com. 3600 IN MX 10 mail.dkim2.com.
mailman.dkim2.com. 3600 IN A 134.209.211.166
mailman.dkim2.com. 3600 IN A 134.209.211.166
mailman.dkim2.com. 3600 IN TXT "v=spf1 a mx -all"
_dmarc.mailman.dkim2.com. 3600 IN TXT "v=DMARC1; p=none"
sympa.dkim2.com. 3600 IN MX 10 mail.dkim2.com.
sympa.dkim2.com. 3600 IN A 134.209.211.166
sympa.dkim2.com. 3600 IN A 134.209.211.166
sympa.dkim2.com. 3600 IN TXT "v=spf1 a mx -all"
_dmarc.sympa.dkim2.com. 3600 IN TXT "v=DMARC1; p=none"
test1.dkim2.com. 3600 IN MX 10 mail.dkim2.com.
test1.dkim2.com. 3600 IN TXT "v=spf1 a mx -all"
_dmarc.test1.dkim2.com. 3600 IN TXT "v=DMARC1; p=none"
ed25519._domainkey.test1.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=ed25519; p=hwjviTXyzUXSCWayBqE17s/4NSynQKxw58jayHudRAI=" )
rsa1024._domainkey.test1.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIubB7x1q3rNGDWgObuKSOyYVtVKmcJpIvtWdRzg71iGRGqMdEE18GAOk+6j+GAcHTppkh4qR1d9vOl4S1L8ClAvSFUz0azi31fLQcMpZbagyseSq9FnF4nHL/7MAA2brAXkVCQ1rZLKNHMwkXGggkA9kg+LloNfSML+utkhN3gQIDAQAB"
)
sel1._domainkey.test1.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRtvI17L4pHwF58KhyjiN7d74ZHDZia1IOzuXA6hygEuxt0+0Ey9PJvrDpKp/JsJIiJ0Ji8hrQfeMbAX5wHpz8GAkRlWOdorPuZiMZegTU9oD9nWRO/GcAu7Ub4V1pF6AwwfykCmzKbomX7jWa1y0oNgMHMUeZAi1XveQ6cfebJOwtgqWMOTSenY8+p8hU97YFxwKXO0FsAQYvNMMSZAXPM00V/ZaxiZ1UZUCMM/uesVkU7pIOzItGEjoWUrPkIos1GGf+2nBncqNgmivPkJPFeaJXOIL1iHqKJrSzZuTxCWPTQ+JVPyeAgDk0xyGK3RbiyItPjVZhBs7sZekNGVCwIDAQAB"
)
sel2._domainkey.test1.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiTwabnGlrGDoPlSHpfiWjsbwucsezwm/iU9bjloGqothOM7XNIrS1ub2f5BNz9yQjOhWGJ+fo8DOnF9YdUKXkBxuUdt49eyClLDaUG4Q35hJBWFF1MsmihtJpo6PzXGZYP/c4mPc2vXTPd3hbAqkftMgUCOCUIUyUEXhMl/R6/XkXATcyDId3TsSyQUJk3U+2r/wQJGz5JkOxyDX1NEawfh3GDuppCUFZFWnsrEvolBGDqZk8RG2FNmRysglRau4z9GG8jieXG4NjIT/yOh3pjbYGq4tgrMVZ7AcrIpCRbEJTUCExgrh3iQRXReVPy2qhcgY6BQLF2ahiTBUm2wAwIDAQAB"
)
sel3._domainkey.test1.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8xHmZoXE3P12DNh5jhFAJjtI9kosn3bISKWYNyn2PAn8E+Ik70iScLj8bFUNcjlLRtBDo5KZ323gdoYS3AUBSJlbkLJKCnQnH6pY+rawmt5kCNJm15DTFlOyZhaMWUilFyVzzGDqXf3d/VzFiX+13GnDdwR1QOnbOTMKx9Y0+nEhlnqRwv3YFjAO1aQOdFzguxMi5wiZQIFtmwwY8GgFIVrEqFq4UCU/hc/E2YcYjHv5zg2KR/zJivfXdLOceHqzJTYdOca/IDqfat2IgOooVVsfHZCCScOutZe9JwWYt98EOiFfvmLs3pvJnBLyGM2BOZUpJnkXSDCnTKxboRnqQIDAQAB"
)
test2.dkim2.com. 3600 IN MX 10 mail.dkim2.com.
test2.dkim2.com. 3600 IN TXT "v=spf1 a mx -all"
_dmarc.test2.dkim2.com. 3600 IN TXT "v=DMARC1; p=none"
rsa1024._domainkey.test2.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcSzEVS5IaMQZWJaqmA7dnD1fHuks1mqzY9RfQn9skWCYJZxHx0d45oSSrMt8lSKZiN4FLgbBl0jiLWXq+oPP3rUEhQrqElzyzo1Swn1Phsq45ij655pXFgZpfXvS95nP2GGDrQLcZhi5VNDg9ACoitB1CtxTipRXm8anlzLtg2QIDAQAB"
)
sel1._domainkey.test2.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolQDA1kFcPW13OQNJv7zEGhf18S+PU8oGUOSScVYRJELDUxZzv0i1OsyNW5T2hZlmTDFRszoxstj1o8JBn9nYm6zfdvr4w8JS5SrAEx8MzI4N/SghA334hbXtXQZ3br179XVgTMGJL0OMWw2Qp0c9HQAtQNF3ckeMiPncWp8e58in5YCjvHhezl8/VGrBx+CsDKxT8JFs/0QluC6AFQuM9ZIsm3RPwf4BsPE0/ADpuA5GUUdYUzhNt2Uq9Wr82BJLt8cy1a9FVEGKxdMhgJ7Gx4hx8GpM/oaiQYMO9VmNZVz8n87BkNOnjlpYFCtfb9FH8/mYPwqaSa0DmcahfeHVQIDAQAB"
)
sel2._domainkey.test2.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3i4wXkWpIYib21p0CZx1dobNCYababIxIZAJO5SEGiK++C7jLgnpqg+lvTKS7eR5q1MO3ZCY19Bgm/PcigLvuLtMzap4yY+h9hnsQYzrdcAamzrpB3cjiNoCNhT0Zp7kRI6Rx0t2Uc91e0CvaFf8zAJIF4VUyQNXx9Gn/SEtNr0iQCNsPptGA1PUGUwDQUGze7fkXtnBOrgvNjILfnUC7MA6W+2+mCYtHzOkRB+t6SMutR2cDSXabjYBL5/1bweL6ABDouGgBnIj9LrY6RcbzrBpLuUAuXi71dLEHs0KW0UdImyUpE1i+thKqhNGaYnaL8KrTlDUC8g62T2kQNuHJQIDAQAB"
)
sel3._domainkey.test2.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDOUuL/rLDi7fohdOw/sk31eGe5CtX9UEw5pSQv/EyYwW9lxZqi9SwU8Of+z7uHLMFJi+YbYV25CYDUrDIE71WLKou3FL0WyH0U4DrZoR7CBnMjRz92Lqh+VV1PJz0t5mU8YD0O+JJ80jScKIIcC8r1qysQI9Y7EdIAWFZlYS97c6WhKVg94xeOAaRDnpbr80H29g9pqGs4Yk4Hc1r5OXptj12sBMO7JCz/4dQ2Di0JsPOwEjWNbV9ysz8EcSW/+RoFG5Iomf4/q/aW7T6tUGqdj8M0eQ0TO0xW0lc4jqKUHH85LbdZFhcDIBUg8ML6mRgSVy779MxMP7+uw3iVLQQIDAQAB"
)
test3.dkim2.com. 3600 IN MX 10 mail.dkim2.com.
test3.dkim2.com. 3600 IN TXT "v=spf1 a mx -all"
_dmarc.test3.dkim2.com. 3600 IN TXT "v=DMARC1; p=none"
ed25519._domainkey.test3.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=ed25519; p=reUWo3pXLWHk5dILIK4NoCR3F2iACFdQ/FlhvVvMtxc=" )
sel1._domainkey.test3.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAju2t0p4xwgCT4UCRgfNZ27U6nhQ5sHSV23hR2TBngda8yAChPInsdVyjJv+cSeZf7tG7yKrzKTM9KaKK8BzBguYrJ9DRJqg7MPPsXlZJ53Ydku3GKLcuiBmDrwUxyBGAMFxndVs+uNJkF2qi+RK0Dgd45wMZiJJF1K3bPjkkQub4Ex4MXvbIqqThthlYiKUGHFBPKg7DALkdoIlegrAP4xZ43Cszd5u9AvNdjvAr31ajjaGrGuQH+gW5kXdwZpDiQgvi0Obnr7AZeVSyr4I5CTNLoj4ed4I0AOJ3TsoZM1fFzHr/rqhL+oEKW3tA7UYGaRoXFDei0qLXhRGTJjzscQIDAQAB"
)
sel2._domainkey.test3.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynXlN4POdoj82RpdpD7iG8RR/RF1TjQxy65Fu/12cV0YYX1mZLOHcvSUkxkxMKSxdZnv/7UKuQcbdQXC7jBah/JQNYzLVDUe3bKbrjsypczRPYKajxnEYCsjvoKDR9g2XtlppGrchst77wcj3SWplz2MGBk5E2SGVo1TuvuRt2S0iiye8+Z2KBaVUE3t55YxRHhjIfudboyq4Vqt6o1/6gl7eieZjqfqIBcU8k1xgEG5EG5GYCV12cUzvFU4Q5jPIzDWydppSN+jsIdSRbA8E0GweeRYumuNHryfDexZ04GafvjDwC+b9PCD5r8xiyt7N8gPNG052smGeK39N9Y/TQIDAQAB"
)
sel3._domainkey.test3.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJR1PxhxeO2eZlHPZfikAOyn/95rjszoGWRZti+0VyitapUVvla9noM3w0rbFEbVwW4Y3ILqY7j1C1jiM02okbYNYwE0CC1WSTGUrSoyRV7nGFJ5n6vcLCLqE9EFJwFnUCCXDTz+90D4aiXgasm/MAJJMkBQzdrrpQTwnLGVfWYGenqUWJ1+yn8kXmDq/wub0oE5G3DEE7noCgxpzkEd6tqCIJ3Z1wcA9qnUsTBjmDLPEZAwc4ajwZ/cfXceDXnprUKlFvq9tfMReKfObT2g6/iBsesBLCsuYgHKRydNqT1+YU0GmkSQkXutgyH5o4WzkUsPim2saIiTkVPTCtbWBwIDAQA"
)
test4.dkim2.com. 3600 IN MX 10 mail.dkim2.com.
test4.dkim2.com. 3600 IN TXT "v=spf1 a mx -all"
_dmarc.test4.dkim2.com. 3600 IN TXT "v=DMARC1; p=none"
ed25519._domainkey.test4.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=ed25519; p=fJAwKEPblCYdjrEIPeyOFy6AeXZUBALBdGQRjSPe97c=" )
sel1._domainkey.test4.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxfEjz2MPZ7ZiE/uQkgPOC7mn0CweB5MZgHMqgGPQodj2DpbILnxBivC64VV5/JItBaNCtEL3UFY1YzlJOKzqjJacF66u9en4m6L6uC31vrHmVME6+rx7B5nMBlkwPheamx8Dyf+wNo3/9UCKxSdFdtiJLpLGC7Tg2ry7tpxST4Joaf9fIggc3Zmaraidk0S0uJKQq6ZKoZtjJkt0Bd+LGEnGC6C9/lrjHarnImc1bcELpJrzmneOmJO1/b4C8TXawu7luKn6dTWhujAOam+sO4vXxwpCDEa2saSrB6ru2Ef4ittBVn8fYDCwCjqbniU3B/g7BcBYnnMLUvQecZEqwIDAQAB"
)
sel2._domainkey.test4.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApolcHH25pnffLSu90xCKJINg7wItlff/H1x529bcRoYDl171r7rqnXA4dBaVSQoIK+vHsoizucMNw1dvdlxgdjOjBxJQOzF5gT4rvFjXn6gJG41MJcAolxA12FAM3XAlYmy2tE5jIU9TXenLgnXzLuf+YYLWsU2XHFO7yQkOwakgLFVQ7hljB1lCA6gWdERj1pa/v0njvBCK2k4+n70cS0CVE4n1zeKUSM/WHhqrW1ty2N4DW47JpBlbmJLepMuR3wPnkE7vL4OR+2HmZ+x6DzdZbzo0FFvh7jdfjlX/BB84ixaXIsJfEzWZMRc6DF+7oQIJ7WkyAETX2CXp/GpQwwIDAQAB"
)
sel3._domainkey.test4.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiy1mVSb6jt4Y4m0V2M3/e/azZBQUGjahidiAgIE/4ZrJn65azagf3byfJwSvyxbnUSNvvJRf4aEiktKVOWKm9HbFMB8bS972Uj6IhviNrbrI7fdos/wv7SB7lCEVETKHC8lot7mw3xD86RLzhBFlBpgKreQrN0bXGC7vkMLE5Noxxj1BdVOEL7RQf96NGgi08ksgvlOMAcEVsVrGYJbrqAW85QJYe/0oQTb9BB86gRqweaZprFPDKB0/UUlRMNNR3+Zwrp7ibb8c0QXaDJ4V+5k2ABw8Cp99uXHeK8K50nfakQnY5EUlQ8lpCIG2JHLHTF7s4TbnXJST7Jy5RSmNywIDAQAB"
)
test5.dkim2.com. 3600 IN MX 10 mail.dkim2.com.
test5.dkim2.com. 3600 IN TXT "v=spf1 a mx -all"
_dmarc.test5.dkim2.com. 3600 IN TXT "v=DMARC1; p=none"
ed25519._domainkey.test5.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=ed25519; p=IAG1F5P3LD1Q8Y67PeW7YJLuvrM19wpaof+dzdC679I=" )
sel1._domainkey.test5.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YUNs4TOful7xAtEh/PcKbVRvxBOOC52crCwqRCeVUnsvyOPx/qtY0oA2qPZVzDFU/h3fyz54eqYMiOIbxJavt3+nDNf8VfyHxQfc6+JdHdcHAJDpM1EMgN5awMxvc76csMVN6hnYFeOuSZECQy8Kr2C8QPCTcoMeNmR0udfKBo17Gjx4Wg9QDlc0CrzdenXscs0+D/3Y47lN1KllQeBAR7wvTVFoFKvSZ2CvwW264Syx76viMd0+JaK0YdhAcphMuHeNWzCKA+pMVD45gtikpkOQo+MBQIV96lNXa3fEw20S1IZfCMZHMSBbLmsiDY4luCe6kA08khNaE/zBi1GbQIDAQAB"
)
sel2._domainkey.test5.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSkJ+kfygUujU2u3tquvkjpPV/Gluz9k7rNnDfQwSddbZLOtDSQRt5pA04fjUcS+PraUAg2arKuGv05Nuw/X0ts7bh3N0b2Iwbg1IEGGa6gXMmJ6Lj5T0O716rk0GOvdWqLz/466MzCH8viwPwSLY25EBDD3r1Y9o58xy6VhiUuMsqttjzsk743A0wKQHr5FEYim0qnfY0ePfAr0s36XItgQaXH9pkr2CPmqSXlIwKN99h2TJVcf86dMDqxuqUnI2OilwKcGtMk2/oMxC3A5gGgFkivxUIdoKs0Y/JruR6mvnoFREbC5GToWNGCgciYbxMfaQIRO9tJwyPGl8gPpiQIDAQAB"
)
sel3._domainkey.test5.dkim2.com. 3600 IN TXT (
"v=DKIM1; k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsU7LuV9aZv8jiNflYQBEpGjGjzKF+PBBFSezLBkRsYQ8IKcmCa0v/BI2hC0h0DGqtOb4dz640F3oZFRyUcX5PsKinm6SChl1qOog4+3oNFs7bhe3NJm7MRgTCSKomEWKXJei303wy/iDKtm+KUL8mSFNlAr3FnVTxXq2LY+rUG786Ha7xvK7NeLN4+R22061QVf+rqWhMgZB0fEGzIAVx2C7P2dCMT1sZoPPXHajXmw36LbOUDp151tfH7LQ9qdPL+08FYjM4xoJdLy3kgHATb0bnebq0Mfxym2x14nI6YoOzqE+fcL4xJXqfVISC1Uyvx0ndNO6jajsBIbr2ihKewIDAQAB"
)
... so basically my idea is to replace every current 103.168.172.x IP in our generated
zones with an indirection to the actual service name, and then be able to update just that
one zone file in order to change the IPs which are served for that service.
I'd be happy to re-implement that as a separate plugin, or as variables or some other
way to do that indirection - I just want it to keep the DNS service fast, and allow me to
switch all those records all at once.
Thanks,
Bron.
--
Bron Gondwana, CEO, Fastmail Pty Ltd / Fastmail US LLC
brong(a)fastmailteam.com