I would be interested to know if someone does this outside of Cloudron for their existing business/personal use. Seems like a lot of work (and probably just easier to switch out your NS provider if they are flaky). We use route53 for cloudron.io and AFAIK it has never gone down.
What happens if I add the domain to Cloundron so I can use it to setup sub-domains for NodeBB and Ghost?
When you add a domain:
To validate credentials, the code will add a cloudrontestdns A record and remove this immediately.
To configure the server to send emails:
If there is an existing SPF record, it is edited to have a:my.my.domain.com . The SPF record essentially whitelists which servers can send email on behalf of the domain. This is NOT destructive, your existing SPF record is only amended.
A DKIM record is added under <random>._domainkey.domain.com. This is used to sign/verify emails by mail servers. Because of the 'random' part, it won't conflict with any of your existing DKIM keys
If there is no existing DMARC record, we create one with the value "v=DMARC1; p=reject; pct=100". This essentially is a strict DMARC policy not allowing anyone outside the SPF record to send emails on behalf of the domain.
Other than that, it is what @BrutalBirdie said. The bare/root domain is untouched. Cloudron only adds entries when you install apps. Also, if you had a root domain DNS entry already, it will warn you that it's in use, if you try to install an app on the root domain (it does this check for any subdomain).
I figured it out. There was an issue in namecheap because after checking the ip adress in dnschecker it had two ip addresses: One was the server ip and the other from namecheap. Now there is only one available after chatting with them.
Many (most?) apps can only handle being configured with a single domain. There is usually an APP_ORIGIN or equivalent setting that can only be set to one domain and is not an array. It is used by the app to set up CORS headers, generate static links, email links etc.
@meeksfamily06 Cloudron uses unbound and does not use systemd-resolved. You won't see any issues unless when trying to use the mail server (or maybe some apps like nextcloud might act strange when going to the apps section).
@scooke yes, you can mix between Cloudron's automation and manual DNS changes. In fact, that's the normal and only mode of operation.
The automation is only adding and removing things that you would have to do normally outside Cloudron. For example, when you install an app, you have to setup A records. When you uninstall an app, you remove the A records. This is all the automation does. If you try to install an app in a location and there is already a DNS entry in your DNS provider, Cloudron will inform you of the same and let you 'overwrite' it or cancel the app installation.
Same goes for email stuff. It sets up things like DKIM/SPF records automatically. These are updated carefully to not collide with existing entries. The MX record is only touch if you enable incoming Cloudron Email. Even in that case, there is a checkbox to not update DNS.