azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
415476e36ca9202f3f4e39fb16d5d892fc5dfa40
claudetools/clients/kittle/docs/network/dns.md
Mike Swanson 8419cf2738 docs(kittle): comprehensive DKIM/DMARC setup guide for kittlearizona.com 
Created detailed implementation guide for email authentication:
- Step-by-step DKIM enablement in M365
- DKIM CNAME DNS record creation (NSOne/Squarespace)
- DMARC policy configuration and testing
- Verification procedures and troubleshooting
- Post-implementation monitoring guide

Current status documented:
- SPF: PASS (configured correctly)
- DKIM: MISSING (not configured)
- DMARC: MISSING (not configured)
- MX: PASS (points to M365)

Impact: Missing DKIM/DMARC affects deliverability and domain security
Priority: HIGH
Estimated time: 30-45 min + 24-48h DNS propagation

Updated:
- clients/kittle/docs/email/dkim-dmarc-setup.md (NEW - full guide)
- clients/kittle/docs/network/dns.md (external DNS section, TODO items)

Machine: Mikes-MacBook-Air.local
Timestamp: 2026-04-24 09:28:23

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-24 09:28:34 -07:00

2.7 KiB
Raw Blame History

DNS Configuration

Windows DNS Server (AD-Integrated)

  • Server: SERVER (10.0.0.5)
  • Role: Primary DNS for kittle.lan domain
  • DNS Client: 127.0.0.1 (correct — DC points to itself)

DNS Forwarders

  • Forwarder 1: 10.0.0.1 (ISP router — for external resolution)

DNS Zones

Zone Type AD-Integrated Notes
kittle.lan Primary Yes Main AD zone
_msdcs.kittle.lan Primary Yes AD metadata zone (SRV records)

No reverse lookup zone exists for 10.0.0.x — PTR lookups will fail for all internal hosts.

DNS Architecture

  • Windows DNS (10.0.0.5): Authoritative for kittle.lan. Handles AD SRV records, Kerberos, LDAP lookups.
  • ISP Router (10.0.0.1): Acts as forwarder for external (internet) DNS resolution.
  • Workstations should use 10.0.0.5 as primary DNS (the DC) so AD name resolution works correctly.
  • If workstations are getting DNS from DHCP on the ISP router, they may be pointed at the ISP's DNS instead of the DC — needs verification.

External DNS

  • Registrar: Unknown
  • Primary Domain: kittlearizona.com
  • Nameservers: NSOne + Squarespace (hybrid setup)
    • dns1.p02.nsone.net
    • dns2.p02.nsone.net
    • dns3.p02.nsone.net
    • dns4.p02.nsone.net
    • ns01.squarespacedns.com
    • ns02.squarespacedns.com
    • ns03.squarespacedns.com
    • ns04.squarespacedns.com

Email DNS Records (as of 2026-04-23)

  • MX: 0 kittlearizona-com.mail.protection.outlook.com (Microsoft 365)
  • SPF: v=spf1 include:spf.protection.outlook.com -all [OK]
  • DKIM: NOT CONFIGURED [ACTION REQUIRED]
  • DMARC: NOT CONFIGURED [ACTION REQUIRED]

[HIGH PRIORITY] Missing DKIM/DMARC impacts email deliverability and security. Setup Guide: See docs/email/dkim-dmarc-setup.md for implementation steps.

Issues

  1. No reverse DNS zone — Create 0.0.10.in-addr.arpa for PTR lookups on 10.0.0.0/24
  2. DHCP DNS settings unknown — ISP router handles DHCP; unclear if it hands out 10.0.0.5 as DNS or the ISP's own DNS servers. If clients don't use the DC for DNS, AD name resolution and domain joins may have issues.
  3. Single forwarder — Only forwarding to 10.0.0.1. Consider adding a secondary forwarder (8.8.8.8 or 1.1.1.1) for redundancy if the ISP router's DNS fails.

TODO

  • Create reverse lookup zone: 0.0.10.in-addr.arpa
  • Verify what DNS server DHCP clients receive from the ISP router
  • Consider adding secondary DNS forwarder for redundancy
  • Enable DNS scavenging to prevent stale records
  • [HIGH PRIORITY] Configure DKIM for kittlearizona.com (see docs/email/dkim-dmarc-setup.md)
  • [HIGH PRIORITY] Add DMARC policy for kittlearizona.com (see docs/email/dkim-dmarc-setup.md)
  • Identify DNS registrar and management URL for kittlearizona.com
Reference in New Issue View Git Blame Copy Permalink