Manage DNS records

SWPanel allows you to easily manage the DNS records associated with your service. To begin, access the dashboard of the service for which you need to manage DNS records. Enter the name of the service in the search field at the top and click:

Next, go to Service management > DNS management (left menu):

The records currently created in the DNS zone will be displayed. From this section you will be able to:

• Create DNS Records: Click the Create Record button. In the following sections we explain how to register each of the records.

• Modify or delete DNS Records: Go to the Manage menu (located on the right) and select the corresponding option.

• Automatically create advanced DNS records SPF - DKIM - DMARC: These records add confidence and security to your domain avoiding that, when sending mail, these do not go to Spam or are detected as malicious or phishing.

Records are usually generated automatically. If they are already created in your service, the record creation button will be blue and if they are not created, the button will be green.

info Note: DNS record modifications can take up to 48 hours to propagate globally.

We explain how to create each of the records. In the following examples, we will create them in the DNS zone of "swmanuales.com"

Create record A

Associates a domain with an IP address.

1. Click on Create Record (blue button on the right).

2. In the drop-down Registration Type select Registration A (Host):

   • Host Name: Enter the host name to assign. In this example we will indicate "store".
   • Host IP: IP address to associate the domain to. In this example we will indicate "1.2.3.4".

3. Click Create Record.

Result: The domain "store.domainsw.com" will resolve to IP "1.2.3.4".

Create CNAME record

Create an alias equivalent to another domain.

1. Click on Create Record (blue button on the right).

2. In the drop-down Record Type select CNAME Record (Alias):

   • Alias: Enter the alias name. In this example we will indicate "sw".
   • Target server: Domain to which the alias will resolve. In this example we will indicate "www.swhosting.com".

3. Click Create Record.

Result: The domain "sw.domainsw.com", will resolve to the same IP that resolves to the domain "www.swhosting.com".

Create NS record

An informative record, responsible for indicating which DNS servers contain the domain records. SWPanel is in charge of generating these records. Create and/or modify these records if it is really necessary and you know what you are doing.

1. Click on Create Record (blue button on the right).

2. In the Registry Type drop-down menu, select NS (DNS) Registry:

   • Subdomain:
   • Destination Server: DNS server address.
   • Host IP: DNS server IP.

3. Click Create Record.

Result: We are telling the world that the server "ns1.miservidordns.com" (with IP 1.2.3.4), is the one who has the valid DNS information for the domain or subdomain (it is the authoritative server).

Create MX record

Assign mail servers.

1. Click on Create Registry (blue button on the right).

2. In the drop-down Type of record select MX Record (Mail Exchanger):

   • Alias: The subdomain, if you want to receive mail on a subdomain. For the main domain it is not necessary to put anything.
   • Mail server: We indicate the address of the mail server. In this example we will indicate "mail.correosw.com".
   • Priority: Priority number. The lower it is, the more priority this mail server will have. If we create records with the same priority number, the load will be distributed randomly among them. In this example we will indicate "10".

3. Click Create Record.

info Important: The mail server field must be a name, it cannot be an IP. Also, the domain name that you put as mail server must be created as an "A" record, it cannot be a "CNAME" in the DNS server that resolves it. This is because the mail servers will make two DNS resolutions to send an email to a domain on another server, the first one to know the MX record and the second one to find out its IP.

Result: The e-mail addressed to the current domain ("domainsw.com"), will be received and managed by the mail server "mail.correosw.com".

Create SPF record

It indicates who can send an email from a given domain in order to protect against sender spoofing. It is common that in order to prevent fraud and spam, large email service providers (such as Google) require the presence of this record. Otherwise, e-mails addressed to them may be rejected or classified as SPAM.

This is a rule that each user must generate independently according to their needs.

info You can use the following services to generate SPF rules: https://www.spfwizard.net/index.php/?lang=en and https://mxtoolbox.com/spf.aspx

1. Click on Create Record (blue button on the right).

2. In the drop-down Registry type select SPF Registry (TXT Registry):

   • Alias: The subdomain, if you receive mail on a subdomain. For the main domain, you do not need to put anything.
   • TXT Content: Enter the content of your SPF rule. In this example, we have generated the following rule: "v=spf1 mx to ~all". Here is what each parameter means.

3. Click Create Record.

Parameters

SPF rules are evaluated sequentially from left to right according to the parameters included:

• v=spf1 - Indicates the start of the rule and which version of SPF is to be used.
• mx - Authorizes the servers listed in the MX records to send mail on behalf of "dominiosw.com".
• a - Authorizes the IP appearing in record A to send mail on behalf of "dominiosw.com".
• ptr - Authorizes any host ending in " dominiosw.com" to send mail.
• ip4:1.2.3.4 Authorizes IP "1.2.3.4" to send mail on behalf of "dominiosw.com".
• all - Depending on the prefix, it indicates how to deal with cases where there is no match with any previous parameter. It is included at the end of the SPF rule.

Prefixes

The following prefixes can be used with each of the parameters (with the exception of the first one):

• + Authorized sender. If no prefix is specified, the default prefix is assumed.
• - Unauthorized sender is rejected.
• ~ Unauthorized sender, will be marked with a special header, but will not be rejected.
• ? Neutral, neither authorized nor unauthorized is marked.

Examples

In this case, we have created the following SPF rule: v=spf1 mx a ~all

• mx: The MX record servers are authorized (since no prefix is included, it is assumed that +).
• a: The IP of record A is authorized.
• ~all: Those that do not match the above rules are not authorized, but will not be rejected, they will be marked with a special header.

v=spf1 mx -all

• mx: The MX record servers are authorized (since no prefix is included, it is assumed that +).
• -all: Those that do not match the above rules are not authorized and will be rejected.

v=spf1 -mx a ?ip4:1.2.3.4 ~all

• -mx: MX record servers are not authorized, they will be rejected.
• a: The IP of registry A is authorized.
• ?ip4:1.2.3.4: The IP "1.2.3.4" will be marked as neutral.
• ~all: Those that do not match the above rules are not authorized, but will not be rejected, they will be marked with a special header.

Create DKIM record

This type of record includes a key that allows the recipient of an email to verify that the sender is really who he claims to be. Like SPF and DMARC records, its purpose is to prevent fraud and spam.

As an example, let's create a DKIM record with the following selector and key:

DKIM selector: domainsw
Clave  DKIM: v=DKIM1; g=*; k=rsa; p=MIGfMA0GCGGGGGb3DQEBAQUAA4G000BiQKBgQD0000VKvGjmSb4FkI70000e1KqV01eQ70n0000D5bpRfo8ZGcab0000+3+O0mPI7wYblklU0000T0A3LVJk+QTwX00007VA7EiL0utBMW0000iZLJ8Exyzoajql0000RRJmyhngY/0000t0yq21pdlYLrJa0000CfaniL/8gKQGQID0000

1. Click on Create Record (blue button on the right).

2. In the drop-down Registry type select TXT Registry:

   • Aliases: Selector+'._domainkey'.
     • Example: domainsw._domainkey
   • TXT Content: DKIM key.
     • Example: v=DKIM1; g=*; k=rsa; p=MIGfMA0GCGGGGGGGb3DQEB(...)

3. Click Create Record.

   

Result: An appropriate TXT record query will respond with the content entered. The recipient of an email will get this key to verify, unequivocally, that the sender is who he claims to be.

info Remember that the use of the DKIM system requires the generation of the key and additional settings in the Cloud.

Create DMARC record

The DMARC record is a complement to the previous methods (SPF and DKIM) aimed at preventing fraud and spam. It allows to establish:

• Action policy for suspicious mails that have not passed both SPF and DKIM validation systems.
• Generation of aggregated reports with statistics on SPF and DKIM validation failures, among others.
• Generation of forensic reports with details on emails that fail validation processes.

info You can use the following services to generate DMARC rules: https://dmarcian.com/dmarc-record-wizard/ and https://mxtoolbox.com/DMARCRecordGenerator.aspx

1. Click on Create Record (blue button on the right).

2. In the drop-down Registry type select TXT Registry:

   • Alias: Enter "_dmarc" (without quotes).
   • TXT Content: Enter the content of your DMARC rule. In this example, we have generated the following rule: "v=DMARC1; p=none;". Here is what each parameter means.

3. Click Create Registry.

   info Important: Before creating a DMARC record, you must have SPF and DKIM records created and running.

Parameters

The DMARC rule parameters allow you to configure its behavior, these are the most basic ones:

• v=DMARC1; - Indicates the beginning of the rule.
• p=none; - Monitoring and reporting policy. The email will be delivered as normal, but the receiving servers will monitor the behavior and generate reports. It is used to verify performance and check if an attempt is being made to impersonate your domain as an email sender.
• p=quarantine; - The receiver will mark as SPAM or quarantine emails that do not pass both validation systems (DKIM/SPF).
• p=reject; - The receiver will reject emails that do not pass both validation systems (DKIM/SPF).
• sp=none;/sp=quarantine;/sp=reject; - [Optional] Different policy for subdomains. If this parameter is not present, the previous parameter ("p=none;/quarantine;/reject;") will take effect on the domain and subdomains.
• rua=mailto: [email protected]; - [Optional] E-mail address to which to send aggregated reports.
• ruf=mailto: [email protected]; - [Optional] E-mail address to which to send forensic reports.
• aspf=s; - [Optional] Strict SPF validation. The domain must be identical to the one appearing in the SPF rule, subdomains of the same domain are not accepted.
• adkim=s; - [Optional] Strict DKIM validation. The domain must be identical to the one that appears in the SPF rule, subdomains are not accepted.

Examples

In this case, we have created the following DMARC rule: v=DMARC1; p=none;

• p=none; - Monitoring and reporting policy. The rule does not include an email address for receiving reports, so they will not be generated. The e-mail will be delivered as normal, nothing is done for e-mails that do not pass the validation systems.

v=DMARC1; p=none; sp=reject; rua=mailto:[email protected];

• p=none; - Monitoring and reporting policy. Email will be delivered as normal, nothing is done for emails that do not pass the validation systems.
• sp=reject; - Mails coming from subdomains (e.g.: "correo.dominiosw.com") will be rejected if they do not pass both validation systems (DKIM/SPF).
• rua=mailto:[email protected]; - Aggregate reports will be sent to the indicated e-mail address.

Create TXT record

Allows you to publish arbitrary content in your DNS zone, you can enter the data you see fit.

1. Click on Create Record (blue button on the right).

2. In the drop-down Record Type select TXT Record:

   • Alias: Enter the data you consider.
   • TXT Content: Enter the data you consider.

3. Click Create Record.

Result: An appropriate TXT record query will respond with the entered content.

Create SRV record

Reports the services that are available under your domain. It is generally used in telephony services (SIP), messaging (XMPP) or Office365 among others.

As an example, let's create a record with the following data:

Service: _sip.  
Protocol: _tls  
Port: 443  
Weight: 1  
Priority: 100  
Name: @  
Destination: sipdir.online.dominiosw.com  
TTL: 3600

1. Click on Create Record (blue button on the right).

2. In the Registration Type drop-down menu, select SRV Registration:

   • Alias: Service+Protocol.
     • Example: _sip._tls
   • TXT Content: Priority Weight Destination Port+'Endpoint'.
     • Example: 100 1 443 sipdir.online.domainsw.com.

3. Click Create Record.

info Important: For this type of registration, it is mandatory to include a period at the end of the TXT content, otherwise your domain name will be automatically added at the end, generating errors and confusion.