Knowledgebase › Networking & DNS

Networking & DNS

Search

Articles

Setting reverse DNS (PTR) for your VPS — and why mail servers need it

Reverse DNS — the PTR record — is the lookup that maps an IP address back to a hostname. It's the inverse of the A/AAAA record that maps a hostname to…

Setting up Let's Encrypt on Debian, AlmaLinux, and Ubuntu — three ways

Let's Encrypt is a free, automated, browser-trusted certificate authority. Three things are needed: a domain pointing at your VPS, a way to prove you…

Mail server prerequisites — PTR, SPF, DKIM, DMARC explained

Sending mail from a VPS in 2026 is harder than it used to be — not because the protocols changed, but because every major recipient (Gmail, Outlook,…

Caddy vs nginx vs Traefik — choosing the right reverse proxy

Three reverse proxies cover the vast majority of practical deployments in 2026. Each is best at something specific. This article picks them apart so you can…

ACME without port 80 — DNS-01 challenges for blocked ports and wildcards

The standard Let's Encrypt flow uses HTTP-01: certbot serves a challenge on port 80, the CA fetches it, cert issued. This fails if port 80 is blocked, busy,…

Your IP got blacklisted — diagnosing the cause and rotating to a clean IP

An IP that ends up on a public blocklist hurts in different ways depending on what you use the VPS for: outbound mail rejected silently, the carrier's SIP…

WireGuard site-to-site between two LYLIX VPSes — config, routing, MTU

WireGuard is the cleanest way to connect two VPSes — or two sites — over an encrypted tunnel. Configuration is a few lines of text per side. This…

IPv6-only deployment — when you can skip IPv4 (and when you can't)

IPv4 is exhausted; IPv6 has been ready for decades. Yet the internet remains stubbornly dual-stack because some destinations still don't have IPv6. This…

nftables practical recipes — the UFW alternative for power users

UFW is great for "open SSH, open HTTPS, close everything else." When you need more control — per-source-IP rate limits, custom port ranges, blocking…

WireGuard road-warrior setup — laptop and phone access to your VPS network

Road-warrior VPN gives your laptop and phone always-on access to services on your LYLIX VPS — internal admin interfaces, databases, monitoring dashboards…

Split-horizon DNS — different answers for inside vs outside your network

Split-horizon DNS is the pattern where the same hostname resolves to different IPs depending on who's asking. Inside your network (or your VPN),…

Running your own authoritative DNS — when to bother, BIND on a VPS

Most people put their zones at Cloudflare / Route 53 / their registrar and never think about it. Running your own authoritative nameserver on a VPS is a…

Reverse-proxy TLS termination patterns — nginx, Caddy, Traefik on a VPS

You have an app listening on port 8080 (or 3000, or 5000) and you want it on https://app.example.com with a real cert. The pattern is a reverse proxy in…

Cloudflare Tunnel vs publishing directly — when each fits

Cloudflare Tunnel (formerly Argo Tunnel) is a free way to expose a service on your VPS to the public without opening any ports on the VPS itself — an…

Firewall managers compared — ufw, firewalld, raw nftables

Three competing abstractions sit on top of Linux's netfilter: ufw (Debian/Ubuntu's simple wrapper), firewalld (AlmaLinux's zone-based manager), and raw…

Why an IPv6-only mail server doesn't work — and what to do instead

You'd think in 2026 that running a mail server on IPv6 alone would be reasonable. It isn't. Mail is one of the few places where IPv6-only is still a…

« Back to Knowledgebase

Powered by WHMCompleteSolution