DNS
certbot integration
generate tsig key
tsig-keygen -a HMAC-SHA512 galileo-tsig-key
enable rfc2136 updates on domain in /etc/bind/named.conf.local
zone "nawigare.it" {
    ......
            
    // this is for certbot
    check-names warn;
    update-policy {
        grant galileo-tsig-key name _acme-challenge.nawigare.it. txt;
        };
    };
galileo
- MNTNER name: MNT-CSGALILEO
prettier
named-checkzone -D csgalileo.org csgalileo.org.hosts
reverse
DMARC
Start with https://docs.iredmail.org/setup.dns.html