DNS

What This Skill Does

The DNS skill provides OpenClaw agents with the capability to manage, audit, and configure Domain Name System settings with precision. It automates the complex workflows required for domain migrations, email deliverability, and security hardening. The skill handles essential configurations like TTL (Time to Live) management, SPF/DKIM/DMARC implementation, and CAA record security. By integrating these best practices, the skill ensures that users can execute record updates without service downtime, effectively navigate propagation delays, and ensure that their domains are protected from unauthorized certificate issuance.

Installation

To integrate this skill into your environment, run the following command in your terminal or via the OpenClaw command interface: clawhub install openclaw/skills/skills/ivangdavila/dns

Use Cases

This skill is designed for system administrators, DevOps engineers, and web developers who need to:

• Perform zero-downtime domain migrations by calculating and adjusting TTL values.
• Harden email infrastructure to ensure high deliverability by properly configuring SPF, DKIM, and DMARC.
• Secure domains by deploying CAA records to prevent unauthorized SSL certificate generation.
• Debug resolution issues across different resolvers to determine if a problem lies with authoritative nameservers or local ISP caching.
• Manage complex setups involving apex and www records, including proper redirection strategies.

Example Prompts

1. "OpenClaw, I'm planning to migrate my web server in 48 hours. Please check my current TTL for example.com and provide a schedule to lower it for a seamless transition."
2. "My emails are landing in spam. Can you analyze my current DNS records and propose the correct SPF, DKIM, and DMARC TXT entries to improve deliverability?"
3. "I need to restrict SSL issuance for my domain to Let's Encrypt only. Please generate the necessary CAA records for my apex and wildcard subdomains."

Tips & Limitations

• TTL Management: Always lower your TTL to 300s at least 48 hours before any planned migration to avoid long-lived cache issues.
• Email Security: SPF alone is insufficient. You must implement DMARC and DKIM to meet modern authentication requirements for major providers like Gmail and Outlook.
• Proxied Services: Be aware that Cloudflare's 'Orange Cloud' masks your IP and ignores your manual TTL settings. Use the 'Grey Cloud' (DNS-only) for non-HTTP traffic like SSH or mail servers.
• Wildcard Caveats: Remember that *.example.com does not cover the apex example.com. You must define both records explicitly.
• Debugging: When in doubt, use dig +trace to identify where a resolution chain breaks, and always compare responses between your authoritative nameserver and public resolvers like Google or Cloudflare.