• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question DNS Zone Template best practice - our domain or customers?

E

experience

New Pleskian
Hello fellow pleskians,

We are just starting out with plex onyx on linux, running a beta. As soon as obsidian is released we will do a reinstall and relaunch with a few customers.

The question we have is, what is the best practice for the dns zone template for our/customers? And should we
host our own domain on our own plesk?

We have a domain, let call it hostingprovider.com.
Our plesk server will be located at plesk.hostingprovider.com
Our name servers (two seperate servers with Bind) will be ns1.hostingprovider.com and ns2.hostingprovider.com. We push out the zone files with the extension "Slave DNS Manager".

1) Is it a bad idea to host our domain hostingprovider.com in plesk? I understand that if I delete the zone then our name servers are toast (in a way), but as far as I can tell it should be fine. We also have a few extra domain names and we could easily just use one domain dedicated to the plesk server and dns servers.

2) The question is, what should I use for webmail, mx and SPF-records for our customers customer1.com and customer2.com?
Should I use plesk.hostingprovider.com as MX, https://webmail.hostingprovider.com/ for customers to access their webmail, and what not?

With Obsidian I understand that SNI for mail servers are coming, so in theory encryption and certificates should all work fine for SMTP, but as I have experienced it's better to have the mailserver ip resolve to the same hostname as it announces it self as, so 1.2.3.4 should have a PTR to plesk.hostingprovider.com. From what I have read in the forums someone did try to have multiple PTR-records, one for each customerdomain, and that didn't work as well because there were too many. So I'm leaning towards just using plesk.hostingprovider.com for everything to simplify mail sending for our customers.

Webmail I assume work well with webmail.customer1.com and webmail.customer2.com. I get it that it might be better if - in the future - we get more plesk servers and would move a customer to a different server.

What are your thoughts on all of this, you with more experience actually running plesk with real customers?

Also, looking forward to (if I read correctly) accessing the plesk server without using port 8443. I think our customers are too :)
 
It should be fine to host your own "hostingprovider.com" domain in Plesk. It is often done and should cause no issues, quite contrary, it might help overcoming some issues people seem to have.

It is my advice to use customers domains for webmail, so each customer has their own webmail address ("webmail.customer1.com", "webmail.customer2.com", etc.). Plesk supports this and enables you to create an individual SSL certificate for each.

Same goes for MX records, I recommend using "mail.customer1.com", "mail.customer2.com", etc., this is fully supported in Plesk.

PTR should point to your server's hostname, so to "plesk.hostingprovider.com". It perfectly fine to use "mail.customer1.com", "mail.customer2.com" as customer's respective MX, separate PTR records for each MX are not required.

MX record and the mail server name that a customer use to access SMTP, IMAP or POP3 can be different. In other words, each customer can have an individual MX and than use a different mail server address in a mail client. This is quite common.

At the moment, with Plesk Onyx, customers can use their own mail server names in mail clients, but the mail server certificate does not match the individual name, so the hostname of the server is often used instead.

So, you have a situation where each customer has their own MX, "mail.customer.com", but uses the server hostname for the incoming and outgoing mail server in a mail client. This works without any issues, the only downside is that mail clients need to be reconfigured if the hostname changes.

You're correct when you mention that Plesk Obsidian will support SNI for mail servers (on linux, beginning with Postfix and Dovecot), so each customer could use their own mail server name in mail clients without having certificate issues. I'm not sure how versatile will the mail server SNI support be when Obsidian comes out, though, we'll see.
 
With regards to outgoing mail, I assume it would be best to use plesk.hostingprovider.com and also have that included in the SPF-record in the template? So forward and reverse dns on outgoing mail matches.
 
You must log in or register to reply here.

Similar threads

J
Question DNS for subdomains not working on a private domain
Replies
0
Views
257
jjohnsonmvdexpress
J
E
Question Best Practice to leave DNS Template alone?
Replies
0
Views
402
EmperorFPI
E
A
Issue rdns
Replies
3
Views
574
Peter Debik
P
Fabian H
Question Best practice email setup
Replies
4
Views
465
Kaspar
K
skibidi
Forwarded to devs DNS template placeholder aren't replaced with right IP address when using specific muli IP setup
Replies
11
Views
2K
Peter Debik
P
Back
Top