# DNS Records

Our team will set up your DNS records using Cloudflare. We can fully manage your DNS for in our own Cloudflare account, or you may set up a Cloudflare account and [invite our team to access your domain](https://digitalchurch.guide/guides/domains/cloudflare-invitation). Our IP Address changes often so you CANNOT use Digital Church without granting us ongoing access to your domain DNS records.

## Records we will set

| Type | Name | Target | TTL | Purpose |
|---|---|---|---|---|
| A | `@` | *ip address* | Auto | Primary IP Address |
| A | `staging` | *ip address* | Auto | Staging IP Address |
| CNAME | `www` | `@` | Auto | Redirects to your domain |
| CNAME | `www.staging` | `staging.@` | Auto | Redirects to staging for SSL/TLS |
| CNAME | `_acme-challenge` | `_acme-challenge.digitalchurch.app` | Auto | Used for SSL/TLS certificate |
| CNAME | `_acme-challenge.www` | `_acme-challenge.digitalchurch.app` | Auto | Used for SSL/TLS certificate |
| CNAME | `_acme-challenge.staging` | `_acme-challenge.digitalchurch.app` | Auto | Used for SSL/TLS certificate |
| CNAME | `_acme-challenge.www.staging` | `_acme-challenge.digitalchurch.app` | Auto | Used for SSL/TLS certificate |
| TXT | ...pm._domainkey | "k=rsa;p=..." | Auto | Postmark Email Verification |
| CNAME | `pm-bounces` | `pm.mtasv.net` | Auto | Postmark Email Bounces |

## Setting up your CloudFlare SSL Edge Certificate

Your SSL/TLS encryption mode will be set to Full (strict).

> Sites can take up to 48 hours for the changes to work their way through the system. Open a chat with us if you have any questions and we will be able to assist you.
