I want to move all my emails and domain to Protonmail.
My domain provider is Hover.
The team at Proton advised me to:
Tell Hover you want to use Hover’s domain name services (Hover’s Name Servers) to host all your DNS records.
Go to Proton’s “Domain Names” page and obtain the “Verify” TXT record.
Add the Proton “Verify” TXT record to your Hover DNS console.
Once the TXT record gets verified, go to Proton’s “Domain Names” page again and follow the steps to:
Create corresponding email addresses (make sure you create all the corresponding email addresses before adding the rest DNS records).
Obtain the MX/SPF/DKIM/DMARC records. Then, add them to your Hover DNS console.
Import your emails to Proton and wait for at least 3 days before you shut down the old servers.
Important!
Some sender servers may cache your old DNS records for 3 days and send emails to your old servers. So, please don’t shutdown the old servers before the new Hover name servers run for at least 3 days.
Ensure you have added the correct Proton MX, TXT, and CNAME records (MX/SPF/DKIM/DMARC records) to your Hover DNS console.
So a couple of things that bothers me and that’s why i am asking advice here on the forum…
What do i do with my glue records? Change them back to (default) hover?
The Nameservers? When and at which moment do i change them? With the old MIAB droplet still running?
Or shut it down and then change the old records to new (default) Hover.
How can i let the old MIAB droplet keep running for three days, while i change the records to Protonmail?
Doesn’t that interfere with the records that i still haven on MIAB at the moment?
The dns records are now set on MIAB and not at Hover.
I must say I’m not the most technical guy at all of this, so i hope my explanation makes sense.
Hover has a 15 minute TTL default. So your 3 days is 15 minute while the new NS records propagate. I am sure that you will not miss any new messages in the 15 minute window.
Follow the rest of the procedure as instructed excpet for the 3 day period which is 15 minutes in your case.
Yes! After you make the changes monitor here https://dnschecker.org/ type your domain and select MX record to confirm that the new record DID propagate. Then test by sending a message to one of your mailboxes that you moved to Proton. Check if the new message arrived in the proton mailbox.
To be on the safe side keep the old MIAB running for 3 days and check MIAB after 3 days if any new messages arrived which are not present on your proton.
One more thing: did you set your rDNS, i.e. the PTR record yourself or your VPS provider has set it for you? This might be a problem because if set by the VPS provider via Support ticker or similar. The PTR record TTL (or the cached time to live) might be quite high. Check that with your VPS provider (or if you do it yourself via the VPS admin panel test a new PTR record propagation time here https://dnschecker.org/). If it set via Support Ticket ask them to lower the TTL of the PTR record to 15 minutes before proceeding, otherwise some recieving servers will see a discrapancy, i.e. your old PTR record will not match the new IP address of Proton and then when you send a message, it might end up in spam with the recieving server. But I guess this is not something to worry about.
When i leave the old MIAB running for a couple of days. Does the old record (at Hover) still have to be pointed to my old MIAB. Or can i just delete the old records that point to my MIAB, before i point them to Proton?
Not really sure about the right way and at wich time i can delete the old records…at Hover’s side
I think, by the way, that all records all held in MIAB itself. For the ptr i thought it was at Hover? Have to check that out tommorow…
No. It is where your MIAB instance is currently running.
Yes. Delete all MIAB realted records. I.e. NS: ns1.box.yourdomain.comns2.box.yourdomain.com and A ns1.box and ns2.box (if you use box).
Thus, MIAB is no longer your name server.
Then make a TXT record to verify yourself with Proton. Check the Proton page if they verified you.
Then
Don’t worry about the PTR since multiple PTR records can exist for one domain.
I do remember when setting up MIAB 3 years ago. I got confused somewhere around this point and my glue records were stuck.
Don’t want that to happen this time…
Also discovered that my ptr records are held in DigitalOcean vps.
I can modify them myself and lower the TTL to 15 minutes before proceeding.
Do i just lower the TTL records and let them stay that way? And then proceed to transfer to Proton and let the old MIAB keep running for three days?
Sorry my bad. They don’t have a TTL option in their panel when changing nameservers. As per your link.
Then it really might take 24-48 hours to propagate. Thus keep an eye DNS Checker - DNS Check Propagation Tool
only when it propagated throughout the world shut down your MIAB.
Lower the ptr TTL so servers will cache your rDNS at lower intervals and eventually delete the PTR record at DO.
Depending on your technical knowledge you can speed up the entire process by making Custom DNS entries, such as the ones you received from Proton, the verification key, MX, A, TXT, CNAME records in MIAB’s custom dns section. All these records in the MIAB Custom DNS page have a TTL of 24 hours. So initiate the propagation from the MIAB DNS and they will start propagating. And then delete the MIAB nameservers from HOVER and put the HOVER nameservers and start making the identical MX, A, TXT, CNAME entries you received from Proton, in the HOVER panel. As long as they are identical there will be no problem. Your choice. This will save you time. There is another hack to speed up propagation by putting secondary nameservers in MIAB, but that is another story.
I’m not that technical, but it sounds doable for me👍
So putting it together to speed things up i would:
Put the dns records for Proton (for verifying and so on) in the custom dns records in MIAB. And let them propagate.
When propagation is done and domain is verified within Proton. Then delete the MIAB nameservers from HOVER and put the HOVER nameservers and start making the identical MX, A, TXT, CNAME entries i have received from Proton.
Do i keep the old MIAB still running at this point? Or shut it down and let Proton handle everything…?
So finally i did the transfer to Proton and i think all went well, almost…
So at first i removed the old MIAB records at Hover. Then i added the txt record for verification (for my domain) towards Proton and changed the nameservers back to Hover.
After that i began to add (create) the existing users emails at Proton. After creating the mailboxes at Proton i transfered over all emails from old MIAB to Proton.
When that was successfully completed i added the rest of the remaining records like MX, A, TXT, CNAME entries i’ve received from Proton.
With all records green and good to go at the Proton side, i deleted the glue records (at Hover) that where still pointing to the old MIAB, included the dnssec record i had in place.
This is the point where we at right now.
I tested a few emails from hotmail and they are getting through, to the new situation in Proton.
Question:
Two things that bothers me, is that i still have old records in place at my vps at DigitalOcean. Should i remove these old records now? Or wait a few days before removing them and shutting down the old MIAB?
Also if i send an email (from Proton) to one of my Gmail accounts, it lands in my Gmail inbox.
The other way around, like sending an email from Gmail back to Proton, does not reach my Proton inbox. I guess Gmail is still using the old entry’s of the dns? I don’t have any rejected mails coming back to Gmail either.
