-1

This applies to my VPS that runs both the web server (nginx) and email server (dovecot + postfix) for several domains.

Hypothetically, suppose that I have domain company.com, and that I additionally purchased the .org, .net, .us and .uk variants of the same domain to deter any unfortunate incidents. The additional domains (every TLD not .com) will serve only to redirect to company.com.

Question: how do the DNS records for the primary domain and all the redirect domains differ?

Specifically:

  1. What DNS records do I need, at the bare minimum, for the redirect domains?
  2. For email subdomains such as autoconfig, imap, mail, pop, and smtp, do the redirect domains require the same?
  3. What should MX records look like? Is it just 1 mail.company.tld. across the board?
  4. Am I correct in assuming that need an SSL cert for every domain, even the redirecting ones?

Thank you in advance!

  • What you need to do with these domains depends on your goals. Why did you purchase these additional domains (and not the 1300 other endings)? – anx Jan 14 at 2:55
  • Because those are the most commonly encountered by the average user and therefore mistaken for legitimate (unlike, say, .jewelry or .surgery), and also because those are cheap in my particular instance. – SKNB Jan 14 at 14:09
  • As for why not the other 1300+ TLD extensions: because I don't have $300,000 per year to waste of course: shkspr.mobi/blog/2019/05/… (-: – SKNB Jan 14 at 14:09
1

how do the DNS records for the primary domain and all the redirect domains differ?

They don't, as the DNS has no knowledge about "redirects", but just helps to resolve a name, through an IP address, so for all cases, through direct A or AAAA records, or with CNAME intermediate records.

All names must resolve to an IP address where a webserver listens for HTTP calls and does "redirects" (or proxying) as needed.

Am I correct in assuming that need an SSL cert for every domain, even the redirecting ones?

Again, this has nothing to do with the DNS. If you do an HTTPS call to https://www.example.com/ the webserver has to reply with a valid certificate for www.example.com and only after that it can reply with an HTTP 301, 302, 307 or 308 to denote a redirect to another URL.

PS: and please do not say "SSL cert" this has no meaning for at least two reasons.

  • Now I am really interested if there is any (short) name for those, well, "CAB compliant X.509 certificates" that is bad for less than two reasons. (edit: found your earlier answer here) – anx Jan 14 at 3:21
  • 1
    Most of the time, in context of websites, I think "certificate" is enough to understand what it is about. – Patrick Mevzek Jan 14 at 3:51
  • Gotcha, so everything has to point to the web server, no change in DNS whatsoever. – SKNB Jan 14 at 14:14

Not the answer you're looking for? Browse other questions tagged or ask your own question.