About IPv6, SPF, CAA, DNSSEC, etc?


Dear All

Previously I use WordPress hosting integrated with Cloudflare. So, I can activate SPF, CAA, DNSSEC, etc, easily. Now, I moved my website to Hugo integrated with Netlify. How to activate SPF, CAA, DNSSEC, etc, on Netlify? Also how to activate IPv6 DNS server (not only IPv6 web server) like on attachment above?

Regards

gp

Update:
I can activate CAA and SPF easily via DNS records. But I still curious how to activate IPv6 DNS server and DNSSEC on Netlify?

You can use Cloudflare with Netlify combined, it works for me, just don’t use Cloudflare’s proxy. You can still use some of the Cloudflare extras, I think. :slight_smile:

However.
Up until yesterday, I had perfect scores for both my zsoltsandor.me and my www.zsoltsandor.me at the internet.nl test. Today, www is not giving me a good score, apparently something had happened with NETLIFY’s DNSSEC, I can’t think of anything else.

The results for the zsoltsandor.me test:
https://en.internet.nl/site/zsoltsandor.me
The results for the www.zsoltsandor.me test:
https://en.internet.nl/site/www.zsoltsandor.me

Also some other tests:
https://dnssec-analyzer.verisignlabs.com/zsoltsandor.me
http://dnsviz.net/d/zsoltsandor.me/dnssec/
For the www:
https://dnssec-analyzer.verisignlabs.com/www.zsoltsandor.me
http://dnsviz.net/d/www.zsoltsandor.me/dnssec/

The problem seems to be on Netlify’s side:
https://dnssec-analyzer.verisignlabs.com/zsoltsandor.netlify.com
http://dnsviz.net/d/www.zsoltsandor.me/dnssec/
Results for Netlify itself:
https://dnssec-analyzer.verisignlabs.com/netlify.com
http://dnsviz.net/d/netlify.com/dnssec/

Could admins, service team, whomever look into this?
Thanks in advance! :slight_smile:

1 Like

Current I only use CAA, SPF, DMARC, etc. The score can be checked here ->

But I don’t know how to fix IPv6 DNS issue above?

My domain registrar is Gandi, my NS provider is Cloudflare.
I get the settings for DNSSEC from Gandi, and Cloudflare provides a convenient way of setting it up for the DNS file.

I even have my DANE settings in place for my domain. It needed some digging for the information, and the keys, but I was able to set it up correctly apparently, and it is as valid as it can be.
Tested by hardenize.com, it looks perfect:
https://www.hardenize.com/report/zsoltsandor.me/1568644262
(I will attend to the missing bits and pieces.)

2 Likes

https://intodns.com/zsoltsandor.me

You use Cloudflare for DNS and use Netlify for CDN and SSL, right? How you set SSL (crypto) on Cloudflare dashboard? Set it off or flexible?

https://ip6.nl/#!zsoltsandor.me

Also you get good score on the checker above. Is that from Cloudflare DNS too?