Chapter 10

Capstone: Plan DNS for Workshop Co.

Full zone design for a Canadian business.

Capstone objectives

  • Design a complete DNS zone for a Canadian small business
  • Combine website, staging, email, and SaaS subdomains
  • Document TTL and cutover strategy

The brief

Workshop Co. — go-live checklist

Domain
workshopco.ca (registered, NS pointed to your DNS host)
Website
Swift Host VPS at 203.0.113.10 — canonical host www
Staging
staging.workshopco.ca203.0.113.99
Email
Google Workspace (use Google’s standard MX set)
Booking
book.workshopco.ca CNAME → calendly.com
Marketing
Mailchimp sending — include in SPF
Security
SPF, DKIM (Google selector), DMARC p=none with reports to dmarc@workshopco.ca

Your task — write the full zone

On paper or in a text file, list every record Workshop Co. needs. Include type, name, value, and suggested TTL.

Minimum record types: NS, A, CNAME, MX, TXT (SPF + DMARC). DKIM: note placeholder for Google’s selector.

Model solution 
; NS (at registrar + in zone)
@           86400  NS   ns1.swifthost.ca.
@           86400  NS   ns2.swifthost.ca.

; Website
@           3600   A    203.0.113.10
www         3600   CNAME  workshopco.ca.

; Staging
staging     300    A    203.0.113.99

; Booking SaaS
book        3600   CNAME  calendly.com.

; Mail — Google Workspace MX
@           3600   MX   1  aspmx.l.google.com.
@           3600   MX   5  alt1.aspmx.l.google.com.
@           3600   MX   5  alt2.aspmx.l.google.com.
@           3600   MX   10 alt3.aspmx.l.google.com.
@           3600   MX   10 alt4.aspmx.l.google.com.

; SPF — Google + Mailchimp
@           3600   TXT  "v=spf1 include:_spf.google.com include:servers.mcsv.net ~all"

; DMARC
_dmarc      3600   TXT  "v=DMARC1; p=none; rua=mailto:dmarc@workshopco.ca"

; DKIM — from Google Admin (example name only)
google._domainkey  3600  TXT  "(paste key from Google Workspace admin)"

Part 2 — cutover plan

Workshop Co. moves from an old host (IP 198.51.100.5) to 203.0.113.10. Write a 5-step plan including TTL changes and verification commands.

Sample plan
  1. Export old zone; confirm MX/TXT copied
  2. Lower A/CNAME TTL to 300; wait 3600+ minutes
  3. Deploy site on new IP; test via hosts file
  4. Update A to 203.0.113.10; verify dig @ns1.swifthost.ca www.workshopco.ca
  5. Monitor mail + web 24h; raise TTL to 3600

Part 3 — peer review

Swap your zone with a colleague (or re-read tomorrow). Check:

  • Only one SPF TXT at apex?
  • MX hostnames not raw IPs?
  • Staging TTL lower than production?
  • CNAME targets end with trailing dot in zone file?
  • Both www and apex reachable?
What’s next?

You finished Book 1. Tell us which chapters to refine as you read — and what Book 2 should cover (SSL/TLS, web servers, and Linux basics are natural follow-ons).

Send feedback

Book 1 complete

You can explain domains, trace DNS, configure records for web and mail, and plan a real cutover. That puts you ahead of most “I just point the domain at the host” setups.