Cloudron Forum

I would be interested to know if someone does this outside of Cloudron for their existing business/personal use. Seems like a lot of work (and probably just easier to switch out your NS provider if they are flaky). We use route53 for cloudron.io and AFAIK it has never gone down.

@briankb-0 said in Root Domain Hosts Shopify Site Subs Are Cloundron: What happens if I add the domain to Cloundron so I can use it to setup sub-domains for NodeBB and Ghost? When you add a domain: To validate credentials, the code will add a cloudrontestdns A record and remove this immediately. To configure the server to send emails: If there is an existing SPF record, it is edited to have a:my.my.domain.com . The SPF record essentially whitelists which servers can send email on behalf of the domain. This is NOT destructive, your existing SPF record is only amended. A DKIM record is added under <random>._domainkey.domain.com. This is used to sign/verify emails by mail servers. Because of the 'random' part, it won't conflict with any of your existing DKIM keys If there is no existing DMARC record, we create one with the value "v=DMARC1; p=reject; pct=100". This essentially is a strict DMARC policy not allowing anyone outside the SPF record to send emails on behalf of the domain. Other than that, it is what @BrutalBirdie said. The bare/root domain is untouched. Cloudron only adds entries when you install apps. Also, if you had a root domain DNS entry already, it will warn you that it's in use, if you try to install an app on the root domain (it does this check for any subdomain).

@humptydumpty Err, I forgot that I already removed those last week as well - https://git.cloudron.io/cloudron/dashboard/-/commit/72ba61ad91d326c3f287a2f538809cc78afcfdc8 . So, this should be fixed in next release.

@nebulon really love you guys for never failing to provide a helpful response, you even have this "rare case" covered in the docs

@Mastadamus From the earlier screenshot you posted, the issue seems to be "Could not establish chain of trust". So, I would investigate that angle (which is DNSSEC related)

@nebulon Unfortunatelly not.

@RubenFixit leave all the question and solutions you find on the way here. This way the community can participate and learn with you. Also this might be useful for hands-on doc for further interest in development. Cheers, Elias

I figured it out. There was an issue in namecheap because after checking the ip adress in dnschecker it had two ip addresses: One was the server ip and the other from namecheap. Now there is only one available after chatting with them.

@jdaviescoates ah yes then this most likely was the issue with the unbound anchor file. See https://docs.cloudron.io/troubleshooting/#recovery-after-disk-full

@d1rk I have added the multi domain flag to the manifest. Let me know if it works OK.

@meeksfamily06 Cloudron uses unbound and does not use systemd-resolved. You won't see any issues unless when trying to use the mail server (or maybe some apps like nextcloud might act strange when going to the apps section).

FWIW, a great DNS tool for checking on DNS propagation progress is here: https://dnschecker.org

@scooke yes, you can mix between Cloudron's automation and manual DNS changes. In fact, that's the normal and only mode of operation. The automation is only adding and removing things that you would have to do normally outside Cloudron. For example, when you install an app, you have to setup A records. When you uninstall an app, you remove the A records. This is all the automation does. If you try to install an app in a location and there is already a DNS entry in your DNS provider, Cloudron will inform you of the same and let you 'overwrite' it or cancel the app installation. Same goes for email stuff. It sets up things like DKIM/SPF records automatically. These are updated carefully to not collide with existing entries. The MX record is only touch if you enable incoming Cloudron Email. Even in that case, there is a checkbox to not update DNS.

@khadanja Is your idea to forward all queries ? The example config you pasted will only forward DNS queries for cloudron.lan (sic). You need the config in https://forum.cloudron.io/topic/5756/custom-dns-server-in-local-network/2 to forward all queries to your router.

@SignalScout On the server, please try host -t NS example.com 127.0.0.1 . Does that work? Sometimes, it takes a bit for the NS of a new domain to propagate. One just has to wait it out.

@murgero I didn't say it wouldn't be accessible; it would, just through my proxies, that make sure to remove any information, that would help in disclosure. You also miss an option with Intranets.

@klfc556 let's follow up at https://forum.cloudron.io/topic/5715/domain-setup-shows-queryns-eservfail

@brutalbirdie ok, thank you - I've got the idea!