====== DNS ======

===== certbot integration =====

  * https://wiki.archlinux.org/title/Certbot#Configure_BIND_for_rfc2136

generate tsig key
<code>
tsig-keygen -a HMAC-SHA512 galileo-tsig-key
</code>

enable rfc2136 updates on domain in /etc/bind/named.conf.local
<code>
zone "nawigare.it" {
    ......
            
    // this is for certbot
    check-names warn;
    update-policy {
        grant galileo-tsig-key name _acme-challenge.nawigare.it. txt;
        };
    };
</code>



===== galileo =====

  * https://apps.db.ripe.net

  * MNTNER name: MNT-CSGALILEO

===== prettier =====

<code bash>
named-checkzone -D csgalileo.org csgalileo.org.hosts
</code>

===== reverse =====

  * https://www.ripe.net/manage-ips-and-asns/db/support/configuring-reverse-dns

===== DMARC =====

Start with https://docs.iredmail.org/setup.dns.html