Using Google Apps with your Gandi domain

If you choose to prove your domain ownership by adding a TXT record, please see our specific instructions on verifying your domain ownership by TXT entry in your zone file.

If you have purchased Google Apps for Business from Google, you can make use of their automatic DNS configuration tool that will make the domain verification process easier if you use Gandi's DNS. For more on that, please see Google's support page here.

Pointing your domain to Google's servers

With Google Apps, you'll need to create a CNAME record if you want to customize a service URL. Here is how your CNAME record would need to look for your domain with a www.

www 10800 IN CNAME ghs.google.com.

If you need help in doing this, please follow our instructions on creating CNAME records.

Using your domain with Google Apps' email

If you want to use Google apps for your email, you need to change the MX records to Google's.

To do this, you first need to create an editable copy of your zone file (if you don't know how, see this procedure).

After following the steps at the procedure linked above to create a new version of your zone file, switch to expert mode. In the “Bind Zone” field you see on the page, delete any Gandi MX records (or CNAME records ending with mail.gandi.net), such as the following:

@ 10800 IN MX 10 spool.mail.gandi.net.
@ 10800 IN MX 50 fb.mail.gandi.net.
imap 10800 IN CNAME access.mail.gandi.net.
smtp 10800 IN CNAME relay.mail.gandi.net.
pop 10800 IN CNAME access.mail.gandi.net.
webmail 10800 IN CNAME agent.mail.gandi.net.

Make sure to leave any other entries intact! Only delete the ones in the list above.

You will be replacing them with the following entries (make sure it's exactly the same as below):

@ 3600 IN MX 1 ASPMX.L.GOOGLE.COM.
@ 3600 IN MX 3 ALT1.ASPMX.L.GOOGLE.COM.
@ 3600 IN MX 3 ALT2.ASPMX.L.GOOGLE.COM.
@ 3600 IN MX 5 ASPMX2.GOOGLEMAIL.COM.
@ 3600 IN MX 5 ASPMX3.GOOGLEMAIL.COM.
@ 3600 IN MX 5 ASPMX4.GOOGLEMAIL.COM.
@ 3600 IN MX 5 ASPMX5.GOOGLEMAIL.COM.

Submit the changes. If you are prompted to begin using Gandi's custom DNS, be sure to accept, and don't forget to activate the new version of your zone file.

We also recommend adding the following record in your zone file, to help ensure your emails are not rejected as Spam:

@ 3600 IN TXT v=spf1 include:_spf.google.com ~all

Secure an address on Google App Engine

Google App Engine does not allow for the installation of a Gandi intermediary certificate directly. To compensate for this, and to avoid the displaying of an error to the visitor, it is necessary to combine the certificate provided by Gandi with the intermediate certificate.

After having recovered your SSL certificate from your Gandi interface, you will also need to get the intermediate certificate from Gandi in the PEM format, depending on the type of certificate purchased: http://wiki.gandi.net/fr/ssl/intermediate

You will then need to convert the certificate to text format:

openssl x509 -in GandiStandardSSLCA.pem -text -out GandiStandardSSLCAtxt.crt

and then concatenate the certificates by executing the following command in a terminal:

cat moncertificat-xxxxx.crt GandiStandardSSLCAtxt.crt > moncertificat-bundle.crt

Once these actions have been performed, the concatenated certificates will be present in the 'moncertificat-bundle.crt' file that you can then import from the Google App Engine.

See also

Last modified: 09/18/2014 at 16:35 by Ryan A. (Gandi)