GSuite DNS Records

GSuite is the latest term Google is using for what used to be called Google Apps for Domains. Google Cloud is now a provider of GSuite (along with many other services). GSuite is akin to similar offerings by Microsoft, Yandex, and more anemically, Amazon Workmail/Workdocs, and Apple.

CNAME Records

calendar = drive = mail =

MX Records [1] [5] [5]


SPF Record

GSuite SPF record is

v=spf1 ~all

If there is a need to add additional IP addresses for the domain, then as follows:

"v=spf1 ip4: ip4: ~all"

  • Change and to appropriate IP addresses, as needed

DKIM Record

For GSuite, a given domain's DKIM record can be generated. Then the record added to DNS. And then, enable DKIM on the domain in the GSuite admin.

DKIM looks like:

google._domainkey = "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQCAAzcVQ93IuUdrFWizejuaC4b+zTeKj48R A7y+PzdRZgHb0abfUUvZW8KR7oADkmxeGp/B W6ZhJz8ytlZ2JJ+ubBB7o4Lb5QQIIIpR00Tt fZa3WORctXRhU4wyIR7CqdbaPKK7+xSJK8BQ /mzzJ22a59FVEgjzVdIquFN+N515fwIDAQAB"

Note some DNS does not take 2048 bit keys so have to go with 1024 bit.

DMARC Record

DMARC basically sets a policy based on verification of SPF and DKIM records (or their failure). They look something like:

_dmarc = "v=DMARC1; p=none;; adkim=r; aspf=r"

Note the p means policy and none basically means reporting only (work out the bugs first). adkim and aspf are set to r for relaxed so subdomains will pass without explicitly declaring them.

Powered by WordPress. Designed by WooThemes