I realize this is more of an infrastructure than a technology and functionality question, but if you have the chance please help me out.
One of the reasons I am asking is that when Cloudmin is made to be the DNS zone provider, each Virtualmin domain / server / zone is going to be served from the same DNS and when I do not see these things being recorded I am not sure if 1. I am doing something wrong or 2. Cloudmin / Virtualmin cannot be configured to do it for me. The other reason is I am trying to avoid blacklisting my domains due to hijacking or configuration error.
If I understand RFC2435 correctly:
Flag is usually 00, 01, 10, or 11 and the one used for/by dnssec is 10. Is this something Virtualmin is going to set, or may Virtualmin be configured to set it for the TLS / email portion, for each zone?
When the Flag is 10 should the the Protocol be 3, and again could Virtualmin set this to 1 or 2 for TLS / email?
When the keys are generated with a command "openssl genrsa -out example.com.priv 1024" is the Algorithm be 1?
So in Webmin the Name is going to look something like "1544501116.example._domainkey.example.com."
Is this string the "Selector" or only the Unix time part "1544501116" is the Selector?
Is this supposed to be updated / maintained every 30 days or so? How, by replacing the Unix time?
Is this something DNS admins should do on a regular basis, and not having a recent Selector means an un-maintained zone?
in a typical zone configuration, how many different types of of keys are there for a zone? For email, for ssl, for ftp each should have a differently configured key?
Thank you for reading.