Ok, so you've got a public domain name that you want Internet users to be able to query and be directed to your public-facing Sovereign Stack deployment. Great! But first, you need to configure the DNS records appropriately.

First some basic requirements. Sovereign Stack DOES NOT require DNSSEC, but we RECOMMEND turning it ON.

The table below shows the records required by a typical public domain, domain.tld.

Type Host Value Description
A+ dc0 domain.tld DDNS Record
Alias @ dc0.domain.tld Root A record
CNAME www domain.tld Ghost CMS
CNAME relay domain.tld Nostr relay
CNAME tip domain.tld BTCPay Server
CNAME nextcloud domain.tld Nextcloud
CNAME git domain.tld Gitea

The @ record MAY be specified as anALIAS record in in your public DNS provider. DDNS-set domain name as discussed in this post. If your public DNS provider doesn't support ALIAS records, simply set the A+ record as your @ instead.

Ultimately the @ record MUST resolve to an A record when resolved by clients.

When you have your domains configured using this structure, everything will just update whenever your datacenter (dc0) gets a new IP address from your upstream ISP.