← Back to Skills Marketplace
ivangdavila

DNS

by Iván · GitHub ↗ · v1.0.0
linuxdarwinwin32 ✓ Security Clean
1014
Downloads
2
Stars
6
Active Installs
1
Versions
Install in OpenClaw
/install dns
Description
Configure DNS records correctly with proper TTLs, email authentication, and migration strategies.
README (SKILL.md)

Pre-Migration TTL

  • Lower TTL to 300s at least 48h before changing records—current TTL must expire first
  • Check current cached TTL before planning: dig +nocmd +noall +answer example.com
  • After migration stable 24h, raise TTL back to 3600-86400s
  • Test with multiple resolvers: Google (8.8.8.8), Cloudflare (1.1.1.1), local ISP—they cache independently

Email Authentication (All Three Required)

  • SPF alone insufficient—DKIM and DMARC both needed for deliverability
  • DMARC record: _dmarc.example.com TXT "v=DMARC1; p=quarantine; rua=mailto:[email protected]"
  • SPF must be single TXT record—multiple SPF records invalid; use include: for multiple sources
  • SPF ending: -all (reject) or ~all (soft fail)—never +all or ?all
  • Verify complete setup with mail-tester.com after configuration

CAA Records

  • Limits which Certificate Authorities can issue certs for domain—prevents unauthorized issuance
  • Basic: example.com. CAA 0 issue "letsencrypt.org"
  • Wildcard requires separate entry: CAA 0 issuewild "letsencrypt.org"
  • Incident reporting: CAA 0 iodef "mailto:[email protected]"
  • Without CAA, any CA can issue—set explicitly for security-conscious domains

www Handling

  • Configure both apex and www—or redirect one to other; leaving www unconfigured breaks links
  • Pick canonical form and stick to it: www → apex OR apex → www
  • HTTPS redirect requires cert for both variants before redirect works
  • Test both URLs explicitly after setup

Debugging Commands

  • dig +trace example.com—full resolution chain from root; reveals where problem occurs
  • dig @ns1.provider.com example.com—query authoritative nameserver directly, bypasses cache
  • Compare authoritative vs cached response—mismatch indicates propagation in progress
  • Check all relevant record types—A working doesn't mean AAAA, MX, or TXT are correct

Cloudflare Proxy Behavior

  • Orange cloud (proxied) hides origin IP—breaks SSH, mail, game servers; use grey cloud for non-HTTP
  • Proxied records ignore your TTL setting—Cloudflare controls caching
  • CNAME flattening at apex works in Cloudflare but causes confusion when migrating away
  • Universal SSL only on proxied records—DNS-only requires origin certificate

Wildcard Records

  • *.example.com does not match apex example.com—both need explicit records
  • Explicit subdomain record takes precedence over wildcard
  • Wildcard SSL certificates require separate issuance—use DNS challenge with Let's Encrypt
Usage Guidance
This is a safe, instruction-only DNS checklist. Before using: (1) review any dig or DNS commands the agent plans to run — they perform public DNS queries and don’t access local secrets; (2) avoid pasting private keys, full zone files, or credentials into external testers (e.g., mail-tester.com); (3) when applying changes, follow your DNS provider’s UI/API and verify provider-specific behaviors (Cloudflare proxying, CNAME flattening); and (4) if you later want automated changes (API-based updates), expect the skill to require provider credentials — review those requests carefully before granting them.
Capability Analysis
Type: OpenClaw Skill Name: dns Version: 1.0.0 The skill bundle provides documentation and diagnostic commands related to DNS configuration. The `SKILL.md` file contains instructions and examples for setting up DNS records, email authentication, and debugging using standard `dig` commands. There is no evidence of malicious intent, data exfiltration, persistence, or harmful prompt injection. The commands listed are entirely within the scope of a DNS skill and are used for informational and diagnostic purposes.
Capability Assessment
Purpose & Capability
Name and description claim DNS configuration guidance; the SKILL.md contains DNS TTL, DKIM/SPF/DMARC, CAA, Cloudflare, wildcard, and debugging guidance — all directly relevant. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Instructions stay within DNS administration: recommended dig commands, record examples, and testing guidance. Commands reference network DNS queries only (dig) and suggest external testing services (mail-tester.com); they do not instruct reading arbitrary local files, accessing unrelated credentials, or transmitting data to unexpected endpoints.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing will be written to disk or downloaded by the skill itself.
Credentials
No environment variables, credentials, or config paths requested. The guidance does not require secrets or provider keys; recommended actions are manual DNS edits and public DNS queries.
Persistence & Privilege
Skill is not always-enabled and does not request persistent presence or modification of other skills or global agent settings. Autonomous invocation is allowed by platform default but this skill has no privileged access to exploit.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install dns
  3. After installation, invoke the skill by name or use /dns
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Slug dns
Version 1.0.0
License
All-time Installs 6
Active Installs 6
Total Versions 1
Frequently Asked Questions

What is DNS?

Configure DNS records correctly with proper TTLs, email authentication, and migration strategies. It is an AI Agent Skill for Claude Code / OpenClaw, with 1014 downloads so far.

How do I install DNS?

Run "/install dns" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is DNS free?

Yes, DNS is completely free (open-source). You can download, install and use it at no cost.

Which platforms does DNS support?

DNS is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created DNS?

It is built and maintained by Iván (@ivangdavila); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments