← 返回 Skills 市场

DNS

Name: DNS
Author: ivangdavila

作者 Iván · GitHub ↗ · v1.0.0

linuxdarwinwin32 ✓ 安全检测通过

1014

总下载

当前安装

版本数

在 OpenClaw 中安装

/install dns

功能描述

Configure DNS records correctly with proper TTLs, email authentication, and migration strategies.

使用说明 (SKILL.md)

Pre-Migration TTL

Lower TTL to 300s at least 48h before changing records—current TTL must expire first
Check current cached TTL before planning: dig +nocmd +noall +answer example.com
After migration stable 24h, raise TTL back to 3600-86400s
Test with multiple resolvers: Google (8.8.8.8), Cloudflare (1.1.1.1), local ISP—they cache independently

Email Authentication (All Three Required)

SPF alone insufficient—DKIM and DMARC both needed for deliverability
DMARC record: _dmarc.example.com TXT "v=DMARC1; p=quarantine; rua=mailto:[email protected]"
SPF must be single TXT record—multiple SPF records invalid; use include: for multiple sources
SPF ending: -all (reject) or ~all (soft fail)—never +all or ?all
Verify complete setup with mail-tester.com after configuration

CAA Records

Limits which Certificate Authorities can issue certs for domain—prevents unauthorized issuance
Basic: example.com. CAA 0 issue "letsencrypt.org"
Wildcard requires separate entry: CAA 0 issuewild "letsencrypt.org"
Incident reporting: CAA 0 iodef "mailto:[email protected]"
Without CAA, any CA can issue—set explicitly for security-conscious domains

www Handling

Configure both apex and www—or redirect one to other; leaving www unconfigured breaks links
Pick canonical form and stick to it: www → apex OR apex → www
HTTPS redirect requires cert for both variants before redirect works
Test both URLs explicitly after setup

Debugging Commands

dig +trace example.com—full resolution chain from root; reveals where problem occurs
dig @ns1.provider.com example.com—query authoritative nameserver directly, bypasses cache
Compare authoritative vs cached response—mismatch indicates propagation in progress
Check all relevant record types—A working doesn't mean AAAA, MX, or TXT are correct

Cloudflare Proxy Behavior

Orange cloud (proxied) hides origin IP—breaks SSH, mail, game servers; use grey cloud for non-HTTP
Proxied records ignore your TTL setting—Cloudflare controls caching
CNAME flattening at apex works in Cloudflare but causes confusion when migrating away
Universal SSL only on proxied records—DNS-only requires origin certificate

Wildcard Records

*.example.com does not match apex example.com—both need explicit records
Explicit subdomain record takes precedence over wildcard
Wildcard SSL certificates require separate issuance—use DNS challenge with Let's Encrypt

安全使用建议

This is a safe, instruction-only DNS checklist. Before using: (1) review any dig or DNS commands the agent plans to run — they perform public DNS queries and don’t access local secrets; (2) avoid pasting private keys, full zone files, or credentials into external testers (e.g., mail-tester.com); (3) when applying changes, follow your DNS provider’s UI/API and verify provider-specific behaviors (Cloudflare proxying, CNAME flattening); and (4) if you later want automated changes (API-based updates), expect the skill to require provider credentials — review those requests carefully before granting them.

功能分析

Type: OpenClaw Skill Name: dns Version: 1.0.0 The skill bundle provides documentation and diagnostic commands related to DNS configuration. The `SKILL.md` file contains instructions and examples for setting up DNS records, email authentication, and debugging using standard `dig` commands. There is no evidence of malicious intent, data exfiltration, persistence, or harmful prompt injection. The commands listed are entirely within the scope of a DNS skill and are used for informational and diagnostic purposes.

能力评估

✓ Purpose & Capability

Name and description claim DNS configuration guidance; the SKILL.md contains DNS TTL, DKIM/SPF/DMARC, CAA, Cloudflare, wildcard, and debugging guidance — all directly relevant. No unrelated binaries, env vars, or config paths are requested.

✓ Instruction Scope

Instructions stay within DNS administration: recommended dig commands, record examples, and testing guidance. Commands reference network DNS queries only (dig) and suggest external testing services (mail-tester.com); they do not instruct reading arbitrary local files, accessing unrelated credentials, or transmitting data to unexpected endpoints.

✓ Install Mechanism

No install spec and no code files — instruction-only skill. Nothing will be written to disk or downloaded by the skill itself.

✓ Credentials

No environment variables, credentials, or config paths requested. The guidance does not require secrets or provider keys; recommended actions are manual DNS edits and public DNS queries.

✓ Persistence & Privilege

Skill is not always-enabled and does not request persistent presence or modification of other skills or global agent settings. Autonomous invocation is allowed by platform default but this skill has no privileged access to exploit.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install dns
安装完成后，直接呼叫该 Skill 的名称或使用 /dns 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release

元数据

Slug dns

版本 1.0.0

许可证 —

累计安装 6

当前安装数 6

历史版本数 1

常见问题

DNS 是什么？

Configure DNS records correctly with proper TTLs, email authentication, and migration strategies. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1014 次。

如何安装 DNS？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install dns」即可一键安装，无需额外配置。

DNS 是免费的吗？

是的，DNS 完全免费（开源免费），可自由下载、安装和使用。

DNS 支持哪些平台？

DNS 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（linux, darwin, win32）。

谁开发了 DNS？

由 Iván（@ivangdavila）开发并维护，当前版本 v1.0.0。

DNS