Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved can I remove `cloudron._domainkey`?

    Support
    mail dkim
    5
    13
    628
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • potemkin_ai
      potemkin_ai last edited by girish

      Can I remove cloudron._domainkey or change replace 'cloudron' with something else?

      Don't want to expose the system I'm using via DNS name.

      girish murgero 2 Replies Last reply Reply Quote 0
      • girish
        girish Staff @potemkin_ai last edited by

        @potemkin_ai the DNS entry is required for DKIM which is used to verify email signature when sending mails. If you don't need any of your apps sending email, you can delete the key. Otherwise, currently, it cannot be renamed but I guess you can raise a feature request to make it renameable.

        potemkin_ai 1 Reply Last reply Reply Quote 1
        • potemkin_ai
          potemkin_ai @girish last edited by

          @girish thank you. But why it has to have 'cloudron' prefix? It could be 'dkim._domainkey', isn't it?

          If so, where do I raise a feature request? And what are the chances it will be implemented anytime soon?

          nebulon 1 Reply Last reply Reply Quote 0
          • nebulon
            nebulon Staff @potemkin_ai last edited by

            @girish correct me if I'm wrong, but I guess the cloudron tag is there to avoid potential overlap with existing DNS records. Adding cloudron makes it very unlikely that such a record already exists, which we would overwrite.

            potemkin_ai girish 2 Replies Last reply Reply Quote 3
            • potemkin_ai
              potemkin_ai @nebulon last edited by

              @nebulon thank you for the explanation!
              If so, I guess it shall be indeed unique and to make sure it doesn't expose software running on the server - rename-able...

              1 Reply Last reply Reply Quote 0
              • girish
                girish Staff @nebulon last edited by

                @nebulon yes, pretty much. 'cloudron' is just a way to avoid conflicts with existing DNS keys.

                @potemkin_ai Can you raise a feature request here - https://forum.cloudron.io/category/97/feature-requests ? Also, see https://forum.cloudron.io/topic/4655/change-to-the-dkim-record-hostname-in-recent-version-caused-by-new-feature-or-from-using-no-ip-domain-provider for a previous related discussion.

                potemkin_ai 1 Reply Last reply Reply Quote 2
                • potemkin_ai
                  potemkin_ai @girish last edited by

                  @girish thank you! Done.

                  1 Reply Last reply Reply Quote 0
                  • murgero
                    murgero App Dev @potemkin_ai last edited by

                    @potemkin_ai There is no security risk by having the name "Cloudron" in a dns record - cloudron is pretty branded and emails, apps, etc all have cloudron somewhere on them. Not to mention the login screen which is accessible everywhere.

                    --
                    https://urgero.org
                    ~ Professional Nerd. Freelance Programmer. ~
                    Matrix: @murgero:urgero.org

                    scooke potemkin_ai 2 Replies Last reply Reply Quote 1
                    • scooke
                      scooke @murgero last edited by

                      @murgero It may not be for risk-aversion, but more that the person is providing a service without telling the customers that it is Cloudron (I'm not judging here, just postulating). So if customers could see that it was a Cloudron, and how simple it is, hey... they might skip the provider and use Cloudron themselves!

                      A life lived in fear is a life half-lived

                      potemkin_ai 1 Reply Last reply Reply Quote 2
                      • potemkin_ai
                        potemkin_ai @scooke last edited by

                        @scooke negative; customers knowing how to query DNS to see DKIM and understand that ‘cloudron’ is not some other tech voodoo is not my client; and those who won’t, won’t bother either.

                        1 Reply Last reply Reply Quote 1
                        • potemkin_ai
                          potemkin_ai @murgero last edited by

                          @murgero there is always a security risk; no software is safe from vulnerabilities, especially if security is not it’s primary focus (for example, like OpenBSD or qmail)

                          murgero 1 Reply Last reply Reply Quote 0
                          • murgero
                            murgero App Dev @potemkin_ai last edited by

                            @potemkin_ai I would recommend you re-read my response to you my friend. I did not say there was "no security risk in Cloudron".

                            --
                            https://urgero.org
                            ~ Professional Nerd. Freelance Programmer. ~
                            Matrix: @murgero:urgero.org

                            potemkin_ai 1 Reply Last reply Reply Quote 0
                            • potemkin_ai
                              potemkin_ai @murgero last edited by

                              @murgero re-read, my response remains the same, sorry.

                              You know the way security scanners (or script-kiddies) works, it's to scan the network (Internet), get hosts and they software; if there is zero-day on CloudRon or other not disclosed vulnerability, apply it across the hosts.
                              Having DNS records showing that there is CloudRon here means you don't even need to scan for the ports, which just simplify things.

                              Hope that helps to understand my response here.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Powered by NodeBB