attempt to add any other domain to _mta-sts.example.com
I only found one topic related to this, in 2023. It mentioned that underscores in names would just cause issues. Unless I’ misunderstand mta-sts, that would be incorrect for this record type.
As one can see, it simply returns the last uptime time/serial number for the _mta-sts record.
How is it possible to have an underscore in the Cusom Domain of a Worker?
Underscores are not valid in DNS hostnames. The reason they are used in “special” TXT record names is so they can’t collide with any valid hostname that may have already existed.
The _mta-sts record is meant to be a TXT record. An associated A record would be mta-sts without the underscore. What are you trying to accomplish with your custom hostname?
What am I trying to accomplish? :-/ To be lazy and update a single file in my github which then would be applied for all domains that are attached to that worker.
Now that I (re)process and not have a broken brain, I can see the Workers use CNAME.
Starting a reprovisioning of a MTA-STS Worker, I see a comment:
* There are two things needed to enable MTA-STS:
* - Setup an HTTPS endpoint that responds to requests on https://mta-sts.YOURDOMAIN/.well-known/mta-sts.txt that returns the actual policy.
* - WorkerDetails > Triggers > Custom Domains: add mta-sts.YOURDOMAIN
* - Create a TXT record named _mta-sts.YOURDOMAIN that returns the current policy ID.
* If the domain is using Email Routing it can delegate to the policy defined by mx.cloudflare.net.
* - Zone DNS: Add TXT record: name: _mta-sts.YOURDOMAIN, content: _mta-sts.mx.cloudflare.net
I can use a spare domain for the TXT for all other domains. It’ll accomplish what I need. I hope. If not, I’ll just revert to the manual method.
The Worker in those instructions is on mta-sts, no underscore. The underscore version is just a TXT record. It’s not an HTTPS endpoint and doesn’t need a Worker or anything else but the TXT record.