Would like to leave the CF and so exploring possibilities.
Because do not need all the proxy/tunnel/cache services they offer.
Using only the DNS, wildcards domain and TLS for them, MX, TXT, CNAME for email and this should be all.
Now after usual steps - disabling DNSSEC, adding deSEC NS and enabling back the DNSSEC on my domain registrar - did proceed for putting all the records 1:1 from CF to the deSEC.
And here I have some questions:
In CF the column Name is mandatory and seems to me here the Subname is of the same purpose?
The TXT and MX giving me error: Another RRset with the same subdomain and type exists for this domain. (Try modifying it.)
That is if the Subname filed have same values - so just changed them but now itâs not 1:1 comparing to the CF.
Here is actual state (deSEC) - itâs one domain only:
(Canât post more than one picture as new user.)
Shouldnât this be rather 1x txt/mx entry? And using â+ add another valueâ in case there is multiple entries of same extension.
If adding some entry for the Subname there is always this âThis is only the part in front of your domain. Example: "www"â and I do not know how does this relate to mx/txt entries?
Like this time Subname should be empty maybe?
Because âexample. comâ is my domain and mails are not send to some subdomain (www or whatever.example. com).
Docs are not help at all if Iâm not the API user.
Donât know Cloudflareâs UI, but probably yes. On deSEC, the âsubnameâ is the part of the DNS name that is âbelowâ your registered domain (or more precisely, the domain you added to your deSEC account).
Yes, use â+ add another valueâ.
Well, the correct value for subname depends on the exact MX and TXT records you want to set up.
If you want the receive emails for example.com (and not a subdomain), then, yes, youâll need a MX record with an empty subname. If you (also) want to receive emails for sub.example.com, the youâll need to put sub into the subname field.
For TXT records, it depends on the exact type of TXT record.
For your SPF record, empty is correct (unless you send mail from a subdomain, that is). DMARC needs the _dmarc subname, as you have it in the screenshot.
I have no clue about the Protonmail verification, but I guess they expect it at the domain you use for email, i.e. empty subname again.
True, they have it almost the same - but filling the name with example[.]com every time as placeholder maybe.
So that is not that clear because here it resolve in the RRset err.
Should be empty (for MX and TXT, except dmarc).
