So you want to start a company? (part 4)

You’re setting up a company (or a new division or maybe even a new brand) and you’d like to use email to communicate with your customers. In this series of posts I’m going to touch on some of the things you can do today to make email life easier for you in the future. Today’s final post is on DNS hosting and setup.

5. DNS hosting

DNS is what lets you actually use the domain you’ve registered. It lets people find your website, find your mailserver and everything else you do online. Because of that, it’s a critical service, as if your DNS is down, all your online presence down.
It’s not too difficult to run DNS yourself on your own server – we run part of our DNS infrastructure on a virtual server we rent from chunkhost for a few dollars a month – but it works just as well to use a third-party service for it. There are dedicated DNS providers, such as zoneedit, ultradns, dyndns and many others, but it’s also a service that many of your existing service providers probably offer too. Your web host, your ISP and your domain registrar probably offer DNS hosting bundled for free with your other services – and that’s good enough if you’re just starting out.
There are some things the DNS provider you choose must be able to offer:

  1. They must be prepared to host your domain. That sounds obvious, but some providers will only serve DNS for domains registered through them, or for websites they host.
  2. They must provide a way for you to see and edit your DNS yourself, typically via a web interface – some providers will happily host your DNS, but only let their staff modify it. If you’re trying to diagnose a problem in an emergency trying to do that via opening support tickets is going to be painful.
  3. They must offer MX records, with the ability to point to hosts outside the domain (allowing you to outsource your corporate mail service easily, if needed)
  4. They must offer TXT records, not just “support SPF”. This is needed to set up SPF records and some implementations of DKIM, needed for email and brand authentication (amongst other things) and is useful to prove you own the domain for things like Google webmaster tools.
  5. They must offer NS records, allowing you to delegate parts of your domain to someone else. This is needed to set up some implementations of DKIM, needed for email and brand authentication.

6. Set up your DNS

The details will vary but to give you some idea of how a DNS zone can look here’s a sample dns zone for a fairly minimal setup for the domain tupid.org, with DNS hosted by hover, a webserver at 184.105.179.153 and a mailserver (for both inbound and outbound mail) at 66.172.33.225, using SPF but no other authentication. The magic number 86400 is the number of seconds in a day – it means that we’ll ask the internet to cache these results for one day.

; The two nameservers for the domain - these must match the domain registration
tupid.org          86400 NS  ns1.hover.com
tupid.org          86400 NS  ns2.hover.com
; The webserver, both with and without it's www.
www.tupid.org      86400 A   184.105.179.153
tupid.org          86400 A   184.105.179.153
; The mailserver
tupid.org          86400 MX  10 mail.tupid.org
mail.tupid.org     86400 A   66.172.33.225
; SPF records for the mail we send
tupid.org          86400 TXT "v=spf1 ip4:66.172.33.225 ~all"

And here’s how that might evolve, if we keep using our own mailserver, but also send some bulk mail through ExactTarget and we set up a “corporate” mail subdomain – corp.tupid.org – as we discussed in part one. To make things interesting, we’ll host our corporate email via Google Apps, and we’ll set up some DKIM for our customer facing mail (using the DKIMCore approach).

; The two nameservers, just as before
tupid.org          86400 NS  ns1.hover.com
tupid.org          86400 NS  ns2.hover.com
; The webserver, just as before
www.tupid.org      86400 A   184.105.179.153
tupid.org          86400 A   184.105.179.153
; Our main mailserver
tupid.org          86400 MX  10 mail.tupid.org
mail.tupid.org     86400 A   66.172.33.225
; Our SPF record for our customer facing domain
tupid.org          86400 TXT "v=spf1 ip4:66.172.33.225 include:cust-spf.exacttarget.com ~all"
; DKIM for mail sent through us
1330146224.tupid._domainkey.tupid.org. 86400 TXT (
 "v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyR8fIJ5EVHkAap+qPnh/hHYQx"
 "Cw4cMDY8RoHG2C1EfNCl0Kj6sZm5D8I42aB71nSxOyv6SwwlOa7VZx5vFe7VXkXp"
 "YKHQNR+ulpFCdrT2qp/K6G7wKRgdkzGNhQCvxUaAelOgviWIl+NkfnwvvMMiN5Gy"
 "yD2oIFhQXB0h1tlf4wIDAQAB")
; DKIM for mail sent through ExactTarget
exacttarget._domainkey.tupid.org 86400 NS dkim1.exacttarget.com
exacttarget._domainkey.tupid.org 86400 NS dkim2.exacttarget.com
email.tupid.org                  86400 MX 10 reply.exacttarget.com
; Our corporate email, via google
corp.tupid.org     86400 MX  1 aspmx.l.google.com
corp.tupid.org     86400 MX  5 alt1.aspmx.l.google.com
; SPF for our corporate domain
corp.tupid.org     86400 TXT "v=spf1 ip4:66.172.33.225 include:_spf.google.com ~all"

And that’s it – the basics of setting up DNS for an email-friendly company.

Related Posts

The view from a blacklist operator

We run top-level DNS servers for several blacklists including the CBL, the blacklist of infected machines that the SpamHaus XBL is based on. We don’t run the CBL blacklist itself (so we aren’t the right people to contact about a CBL listing) we just run some of the DNS servers – but that means that we do get to see how many different ways people mess up their spam filter configurations.
This is what a valid CBL query looks like:

Read More

So you want to start a company? (part 1)

You’re setting up a company (or a new division or maybe even a new brand) and you’d like to use email to communicate with your customers. In this series of posts I’m going to touch on some of the things you can do today to make email life easier for you in the future, starting with the naming of companies.

Read More

So you want to start a company? (part 2)

You’re setting up a company (or a new division or maybe even a new brand) and you’d like to use email to communicate with your customers. In this series of posts I’m going to touch on some of the things you can do today to make email life easier for you in the future. Today, choosing a domain name.

Read More