Is it possible to have a "parked" domain on Yunohost?

, ,

Hi, I have a question about DNS, which I don’t think has its place in Support, but might still be relevant to new Yunohost people.

Issue

I have a new domain (from namecheap) that I’ve added to my Yunohost’s domain list and has its DNS and SSL configured, without any apps installed on it. Currently, mydomain.com redirects to my default domain, with all my Yunohost apps.

However, I’m not yet ready to expose this new domain to the internet, so I’d like to park it somehow (show a blank page or an error at mydomain.com or *.mydomain.com) while also managing emails to and from admin/root@mydomain.com in my Yunohost Rainloop app.

Solutions tried

After reading this Yunohost discussion and experimenting for way too long, I managed to get the following DNS config working:

  • add both mydomain.com and mail.mydomain.com as domains on Yunohost
  • mail 3600 IN A [yunohost IPv4]
  • mail 3600 in AAAA [yunohost IPv6]
  • mail 3600 IN TXT "v=spf1 a mx -all"
  • mail._domainkey 3600 IN TXT "v=DKIM1; h=sha256; k=rsa; p=[...]"
  • _dmarc 3600 IN TXT "v=DMARC1; p=none"
  • @ 3600 IN MX 10 mail.mydomain.com.
  • mail 3600 IN CAA 128 issue "letsencrypt.org" (I don’t think this does anything)

mydomain.com is now showing an error and mails to admin@mydomain.com are delivered, which is what I wanted.

But I was wondering about the following:

  • mail.mydomain.com returns Did Not Connect: Potential Security Issue and a certificate signed by my default domain: is it possible to have it return just an error page without a certificate that points to my default domain?
  • will domains sent from @mydomain.com go to spam?
  • the diagnosis finds errors everywhere, as expected, should I assume that I won’t be able to have a letsencrypt SSL?
  • if I wanted to display “under construction” or similar on mydomain.com, could I do it through Yunohost?

I guess you are overthinking it. Setup this domain like any other domain, especially if you want to display a “Under construction page”.

  1. Make sure the DNS configuration is complete. (BTW the Let’s Encrypt bit is for the SSL certificates)
  2. Make sure such certificates are generated. If it fails, you should share your diagnosis results. But I guess some DNS propagation was needed. You can also try from the command line with the --no-checks flag.
  3. If DNS is set up correctly, mails should not go to spam. You can use mail-checker website to see what’s wrong. To receive them make sure your admin user has all email addresses you want listed in its profile.
  4. An “Under construction” can be made with a Custom Webapp. Upload your custom HTML file there.

But again, if something fails, we need logs. :innocent:

3 Likes

I am most definitely overthinking it, and your last point is the solution I needed! I searched for something like that in the app directory before starting my unnecessarily complicated experiments, but obviously was not looking for the right keywords.

At least I learned quite a lot about DNS yesterday.

Thanks @tituspijean :slight_smile:!

2 Likes