{"id":2023,"date":"2025-11-18T15:13:14","date_gmt":"2025-11-18T12:13:14","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/pleskten-cpanele-ve-tersi-kesintisiz-gecis-dns-e%e2%80%91posta-ve-ssl-icin-adim-adim-tasima-plani\/"},"modified":"2025-11-18T15:13:14","modified_gmt":"2025-11-18T12:13:14","slug":"pleskten-cpanele-ve-tersi-kesintisiz-gecis-dns-e%e2%80%91posta-ve-ssl-icin-adim-adim-tasima-plani","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/pleskten-cpanele-ve-tersi-kesintisiz-gecis-dns-e%e2%80%91posta-ve-ssl-icin-adim-adim-tasima-plani\/","title":{"rendered":"Plesk\u2019ten cPanel\u2019e (ve Tersi) Kesintisiz Ge\u00e7i\u015f: DNS, E\u2011posta ve SSL i\u00e7in Ad\u0131m Ad\u0131m Ta\u015f\u0131ma Plan\u0131"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#Nereden_Baslamali_Neden_Tasiyoruz_ve_Neyi_Kirmadan_Geciririz\"><span class=\"toc_number toc_depth_1\">1<\/span> Nereden Ba\u015flamal\u0131? Neden Ta\u015f\u0131yoruz ve Neyi K\u0131rmadan Ge\u00e7iririz?<\/a><\/li><li><a href=\"#Riskleri_Haritalamak_Kirilma_Noktularini_Onceden_Gormek\"><span class=\"toc_number toc_depth_1\">2<\/span> Riskleri Haritalamak: K\u0131r\u0131lma Noktular\u0131n\u0131 \u00d6nceden G\u00f6rmek<\/a><ul><li><a href=\"#Kayitli_Varsayimlar_ve_Dogrulamalar\"><span class=\"toc_number toc_depth_2\">2.1<\/span> Kay\u0131tl\u0131 Varsay\u0131mlar ve Do\u011frulamalar<\/a><\/li><li><a href=\"#Olculebilir_Hazirlik\"><span class=\"toc_number toc_depth_2\">2.2<\/span> \u00d6l\u00e7\u00fclebilir Haz\u0131rl\u0131k<\/a><\/li><\/ul><\/li><li><a href=\"#DNSi_Agrisiz_Tasimak_TTL_Golgeli_Yayin_ve_Kesim\"><span class=\"toc_number toc_depth_1\">3<\/span> DNS\u2019i A\u011fr\u0131s\u0131z Ta\u015f\u0131mak: TTL, G\u00f6lgeli Yay\u0131n ve Kesim<\/a><ul><li><a href=\"#TTLi_Erken_Dusur_Kayitlari_Iki_Tarafta_Paralel_Tut\"><span class=\"toc_number toc_depth_2\">3.1<\/span> TTL\u2019i Erken D\u00fc\u015f\u00fcr, Kay\u0131tlar\u0131 \u0130ki Tarafta Paralel Tut<\/a><\/li><li><a href=\"#Gercek_Sorgu_ile_Dogrulama\"><span class=\"toc_number toc_depth_2\">3.2<\/span> Ger\u00e7ek Sorgu ile Do\u011frulama<\/a><\/li><li><a href=\"#NS_Degisimi_ve_Izleme\"><span class=\"toc_number toc_depth_2\">3.3<\/span> NS De\u011fi\u015fimi ve \u0130zleme<\/a><\/li><\/ul><\/li><li><a href=\"#Eposta_Hesaplar_Icerik_ve_Itibar_Ogeleri_SPF_DKIM_DMARC\"><span class=\"toc_number toc_depth_1\">4<\/span> E\u2011posta: Hesaplar, \u0130\u00e7erik ve \u0130tibar \u00d6\u011feleri (SPF, DKIM, DMARC)<\/a><ul><li><a href=\"#Posta_Kutularini_Kirmadan_Tasimak\"><span class=\"toc_number toc_depth_2\">4.1<\/span> Posta Kutular\u0131n\u0131 K\u0131rmadan Ta\u015f\u0131mak<\/a><\/li><li><a href=\"#SPF_DKIM_DMARC_Uyumunu_Bozmadan_Degistirmek\"><span class=\"toc_number toc_depth_2\">4.2<\/span> SPF, DKIM, DMARC Uyumunu Bozmadan De\u011fi\u015ftirmek<\/a><\/li><li><a href=\"#MTASTS_TLSRPT_ve_DANE_ile_Ince_Ayar\"><span class=\"toc_number toc_depth_2\">4.3<\/span> MTA\u2011STS, TLS\u2011RPT ve DANE ile \u0130nce Ayar<\/a><\/li><\/ul><\/li><li><a href=\"#Web_Icerigi_ve_Veritabanlari_Ilk_Kopya_Artimli_Senkron_Son_Kesim\"><span class=\"toc_number toc_depth_1\">5<\/span> Web \u0130\u00e7eri\u011fi ve Veritabanlar\u0131: \u0130lk Kopya, Art\u0131ml\u0131 Senkron, Son Kesim<\/a><ul><li><a href=\"#Dosya_Icerigini_Isitmak\"><span class=\"toc_number toc_depth_2\">5.1<\/span> Dosya \u0130\u00e7eri\u011fini Is\u0131tmak<\/a><\/li><li><a href=\"#Veritabaninda_Donmadan_Dondurmak\"><span class=\"toc_number toc_depth_2\">5.2<\/span> Veritaban\u0131nda Donmadan Dondurmak<\/a><\/li><li><a href=\"#CDN_Cache_ve_Oturum_Yonetimi\"><span class=\"toc_number toc_depth_2\">5.3<\/span> CDN, Cache ve Oturum Y\u00f6netimi<\/a><\/li><\/ul><\/li><li><a href=\"#SSLACME_Sertifikayi_Onceden_Al_Yenilemeyi_Kesmeyecek_Sekilde_Kurgula\"><span class=\"toc_number toc_depth_1\">6<\/span> SSL\/ACME: Sertifikay\u0131 \u00d6nceden Al, Yenilemeyi Kesmeyecek \u015eekilde Kurgula<\/a><ul><li><a href=\"#ACME_ile_Onceden_Provision\"><span class=\"toc_number toc_depth_2\">6.1<\/span> ACME ile \u00d6nceden Provision<\/a><\/li><li><a href=\"#CAA_ve_Yetki_Zinciri\"><span class=\"toc_number toc_depth_2\">6.2<\/span> CAA ve Yetki Zinciri<\/a><\/li><li><a href=\"#Panel_Eklentileri_ve_Otomatik_Yenileme\"><span class=\"toc_number toc_depth_2\">6.3<\/span> Panel Eklentileri ve Otomatik Yenileme<\/a><\/li><\/ul><\/li><li><a href=\"#Otomasyon_ve_Gozlemlenebilirlik_Gecis_Anini_Izlemek_ve_Geri_Almayi_Hazir_Tutmak\"><span class=\"toc_number toc_depth_1\">7<\/span> Otomasyon ve G\u00f6zlemlenebilirlik: Ge\u00e7i\u015f An\u0131n\u0131 \u0130zlemek ve Geri Almay\u0131 Haz\u0131r Tutmak<\/a><ul><li><a href=\"#IaC_ile_Tekrar_Edilebilir_Altyapi\"><span class=\"toc_number toc_depth_2\">7.1<\/span> IaC ile Tekrar Edilebilir Altyap\u0131<\/a><\/li><li><a href=\"#Metrikler_Loglar_ve_Canli_Saglik_Nabzi\"><span class=\"toc_number toc_depth_2\">7.2<\/span> Metrikler, Loglar ve Canl\u0131 Sa\u011fl\u0131k Nabz\u0131<\/a><\/li><li><a href=\"#Rollback_Kapisi\"><span class=\"toc_number toc_depth_2\">7.3<\/span> Rollback Kap\u0131s\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#Araclar_Plesk_Migrator_cPanel_Transfer_Tool_ve_Kucuk_Hileler\"><span class=\"toc_number toc_depth_1\">8<\/span> Ara\u00e7lar: Plesk Migrator, cPanel Transfer Tool ve K\u00fc\u00e7\u00fck Hileler<\/a><ul><li><a href=\"#Panel_Araclarinin_Ritmi\"><span class=\"toc_number toc_depth_2\">8.1<\/span> Panel Ara\u00e7lar\u0131n\u0131n Ritmi<\/a><\/li><li><a href=\"#Kucuk_Ama_Kurtarici_Komutlar\"><span class=\"toc_number toc_depth_2\">8.2<\/span> K\u00fc\u00e7\u00fck Ama Kurtar\u0131c\u0131 Komutlar<\/a><\/li><\/ul><\/li><li><a href=\"#Ters_Yon_cPanelden_Pleske_Gecerken_Farkli_Olan_Ne\"><span class=\"toc_number toc_depth_1\">9<\/span> Ters Y\u00f6n: cPanel\u2019den Plesk\u2019e Ge\u00e7erken Farkl\u0131 Olan Ne?<\/a><ul><li><a href=\"#Farkli_Varsayilanlar_Ayni_Hedef\"><span class=\"toc_number toc_depth_2\">9.1<\/span> Farkl\u0131 Varsay\u0131lanlar, Ayn\u0131 Hedef<\/a><\/li><li><a href=\"#SSL_ve_ACME_Uzantilari\"><span class=\"toc_number toc_depth_2\">9.2<\/span> SSL ve ACME Uzant\u0131lar\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#Gercek_Operasyon_Postmortemden_Kisa_Notlar\"><span class=\"toc_number toc_depth_1\">10<\/span> Ger\u00e7ek Operasyon: Post\u2011mortemden K\u0131sa Notlar<\/a><ul><li><a href=\"#DKIM_Anahtarlarinin_Iki_Yuzu\"><span class=\"toc_number toc_depth_2\">10.1<\/span> DKIM Anahtarlar\u0131n\u0131n \u0130ki Y\u00fcz\u00fc<\/a><\/li><li><a href=\"#Onleyici_Aksiyonlar\"><span class=\"toc_number toc_depth_2\">10.2<\/span> \u00d6nleyici Aksiyonlar<\/a><\/li><\/ul><\/li><li><a href=\"#Kapanis_Sakin_Gecislerin_Sirri_Kucuk_Adimlar_ve_Net_Runbook\"><span class=\"toc_number toc_depth_1\">11<\/span> Kapan\u0131\u015f: Sakin Ge\u00e7i\u015flerin S\u0131rr\u0131 K\u00fc\u00e7\u00fck Ad\u0131mlar ve Net Runbook<\/a><\/li><\/ul><\/div>\n<h2 id=\"section-1\"><span id=\"Nereden_Baslamali_Neden_Tasiyoruz_ve_Neyi_Kirmadan_Geciririz\">Nereden Ba\u015flamal\u0131? Neden Ta\u015f\u0131yoruz ve Neyi K\u0131rmadan Ge\u00e7iririz?<\/span><\/h2>\n<p>Hi\u00e7 gece 03:17\u2019de DNS kesintisi y\u00fcz\u00fcnden telefonunuzun titre\u015fimiyle yataktan f\u0131rlad\u0131n\u0131z m\u0131? Ben f\u0131rlad\u0131m. Bir m\u00fc\u015fterinin Plesk\u2019ten cPanel\u2019e ge\u00e7i\u015finde \u201cTTL\u2019leri d\u00fc\u015f\u00fcrd\u00fck, kay\u0131tlar\u0131 kopyalad\u0131k, art\u0131k basar\u0131z NS de\u011fi\u015fimini\u201d diye d\u00fc\u015f\u00fcn\u00fcrken, bir alt alan\u0131n eski sunucuda kalan bir wildcard kayd\u0131 bize ters k\u00f6\u015fe yapm\u0131\u015ft\u0131. O gece \u015funu bir kez daha g\u00f6rd\u00fcm: <strong>kesintisiz ge\u00e7i\u015f<\/strong> sadece veri kopyalamak de\u011fil, ak\u0131\u015ftaki k\u0131r\u0131lma noktalar\u0131n\u0131 \u00f6nceden g\u00f6r\u00fcp, k\u00fc\u00e7\u00fck prova kesitleriyle do\u011frulamakt\u0131r. Bu yaz\u0131da tam da bunu yapaca\u011f\u0131z; Plesk\u2019ten cPanel\u2019e (ve tersi) ge\u00e7i\u015fi <strong>DNS<\/strong>, <strong>e\u2011posta<\/strong> ve <strong>SSL\/ACME<\/strong> ekseninde, ger\u00e7ek operasyon notlar\u0131 ve \u00f6l\u00e7\u00fclebilir kontrollerle ad\u0131m ad\u0131m anlataca\u011f\u0131m.<\/p>\n<p>Plan \u015fu: \u00d6nce riski \u00e7er\u00e7eveliyoruz, sonra DNS taraf\u0131nda g\u00f6lgeli yay\u0131n ve TTL y\u00f6netimiyle zemini yumu\u015fat\u0131yoruz. E\u2011posta hesaplar\u0131n\u0131 ve itibar \u00f6\u011felerini (SPF, DKIM, DMARC ve gerekti\u011finde MTA\u2011STS) d\u00fczg\u00fcnce ta\u015f\u0131y\u0131p, web i\u00e7eri\u011fini art\u0131ml\u0131 senkronlarla kesintisiz kap\u0131ya b\u0131rak\u0131yoruz. SSL sertifikalar\u0131n\u0131 \u00f6nceden \u00fcretip HSTS ve CAA ile s\u00fcrprizleri azalt\u0131yor, g\u00f6zlemlenebilirlik metrikleriyle ge\u00e7i\u015f an\u0131n\u0131 izliyoruz. Araya ger\u00e7ek bir gece operasyonunun post\u2011mortem notlar\u0131n\u0131 serpi\u015ftirip, kapan\u0131\u015fta da uygulanabilir bir runbook \u00f6zetliyorum. Mesela \u015f\u00f6yle d\u00fc\u015f\u00fcn\u00fcn: B\u00fcy\u00fck resmi sadele\u015ftirip k\u00fc\u00e7\u00fck ve geri al\u0131nabilir ad\u0131mlara b\u00f6l\u00fcnce, ge\u00e7i\u015f gecesi sessiz olur.<\/p>\n<h2 id=\"section-2\"><span id=\"Riskleri_Haritalamak_Kirilma_Noktularini_Onceden_Gormek\">Riskleri Haritalamak: K\u0131r\u0131lma Noktular\u0131n\u0131 \u00d6nceden G\u00f6rmek<\/span><\/h2>\n<h3><span id=\"Kayitli_Varsayimlar_ve_Dogrulamalar\">Kay\u0131tl\u0131 Varsay\u0131mlar ve Do\u011frulamalar<\/span><\/h3>\n<p>Ta\u015f\u0131man\u0131n ba\u015f\u0131nda ekip\u00e7e \u015fu sorular\u0131 cevaplar\u0131z: Alan adlar\u0131n\u0131n yetkili DNS\u2019i nerede? E\u2011posta ak\u0131\u015f\u0131 hangi MTA \u00fczerinde ve kim imzal\u0131yor? SSL nas\u0131l yenileniyor, ACME mi panel uzant\u0131lar\u0131 m\u0131? Bu basit g\u00f6r\u00fcnen sorular, kesinti noktalar\u0131n\u0131 i\u015faretler. Bir projede, DKIM \u00f6zel anahtarlar\u0131n\u0131 eski Plesk\u2019te b\u0131rak\u0131p yeni cPanel\u2019de yeniden \u00fcrettik; g\u00f6nderen itibar\u0131 bir anda dalgaland\u0131. Root cause basitti: Al\u0131c\u0131lar bir s\u00fcre iki farkl\u0131 selector ile farkl\u0131 anahtarlar g\u00f6rd\u00fc. \u00c7\u00f6z\u00fcm, ta\u015f\u0131ma \u00f6ncesi <strong>tek \u201ckaynak ger\u00e7e\u011fi\u201d<\/strong> belirlemek ve \u00fcretim imzalama anahtarlar\u0131n\u0131 g\u00fcvenle beraber ta\u015f\u0131makt\u0131.<\/p>\n<h3><span id=\"Olculebilir_Hazirlik\">\u00d6l\u00e7\u00fclebilir Haz\u0131rl\u0131k<\/span><\/h3>\n<p>Ge\u00e7i\u015ften \u00f6nce referans metrikleri al\u0131r\u0131m: 95. y\u00fczdelik yan\u0131t s\u00fcresi, 5xx hata oran\u0131, MX kuyruk boyu, IMAP oturum say\u0131s\u0131. Bunu abartmay\u0131n, \u00fc\u00e7 be\u015f g\u00f6sterge yeter. Ge\u00e7i\u015f an\u0131nda bu \u00e7ubuklar normal ritminde mi, yoksa bir \u015fey mi k\u0131p\u0131rd\u0131yor, net g\u00f6r\u00fcrs\u00fcn\u00fcz. Operasyonda \u015fu tip k\u00fc\u00e7\u00fck denemeler de yapar\u0131m: \u201cYeni sunucudan staging alan ad\u0131na trafik ver, ger\u00e7ek i\u00e7erikle y\u00fck alt\u0131na sok, loglar\u0131n ritmini dinle.\u201d B\u00f6ylece final ana gelmeden sistemin terini \u00f6l\u00e7m\u00fc\u015f olursunuz.<\/p>\n<h2 id=\"section-3\"><span id=\"DNSi_Agrisiz_Tasimak_TTL_Golgeli_Yayin_ve_Kesim\">DNS\u2019i A\u011fr\u0131s\u0131z Ta\u015f\u0131mak: TTL, G\u00f6lgeli Yay\u0131n ve Kesim<\/span><\/h2>\n<h3><span id=\"TTLi_Erken_Dusur_Kayitlari_Iki_Tarafta_Paralel_Tut\">TTL\u2019i Erken D\u00fc\u015f\u00fcr, Kay\u0131tlar\u0131 \u0130ki Tarafta Paralel Tut<\/span><\/h3>\n<p>DNS\u2019te s\u0131f\u0131r kesintinin s\u0131rr\u0131, <strong>zaman\u0131 b\u00fckmek<\/strong>tir. Yani TTL\u2019i \u00fc\u00e7 d\u00f6rt g\u00fcn \u00f6nceden kademeli d\u00fc\u015f\u00fcrmek. \u00d6nce 3600\u2019den 900\u2019e, sonra 300\u2019e inmek. B\u00f6ylece NS de\u011fi\u015fti\u011finde d\u00fcnyadaki \u00f6nbellekler k\u0131sa s\u00fcrede yeni yan\u0131ta d\u00f6ner. Bu arada eski yetkili DNS\u2019te hangi kay\u0131t varsa, yeni tarafta birebir olu\u015ftururum. Burada \u201cg\u00f6lgeli yay\u0131n\u201d dedi\u011fim \u015fey \u015fu: NS\u2019yi hen\u00fcz de\u011fi\u015ftirmeden, hedef DNS \u00fczerine <strong>t\u00fcm kay\u0131tlar\u0131<\/strong> eksiksiz yans\u0131t\u0131p <em>ger\u00e7ek sorgu sim\u00fclasyonlar\u0131<\/em>yla do\u011frulamak.<\/p>\n<h3><span id=\"Gercek_Sorgu_ile_Dogrulama\">Ger\u00e7ek Sorgu ile Do\u011frulama<\/span><\/h3>\n<p>Basit ama etkili bir refleks: \u201cM\u00fc\u015fterinin en \u00e7ok trafik alan alan adlar\u0131n\u0131\u201d tek tek sorgulay\u0131p yeni DNS\u2019teki yan\u0131ta bakar\u0131m. Elim al\u0131\u015fkanl\u0131kla \u015funu yazar: <strong>dig A www.ornek.com @yeni-otori-dns<\/strong> ve \u00e7\u0131kan IP eskiyle birebir mi, CDN CNAME\u2019leri do\u011fru mu, wildcard var m\u0131 kontrol ederim. Ayr\u0131ca alt alanlarda beklenmeyen <strong>\u00f6rten wildcard<\/strong> kay\u0131tlar\u0131n\u0131 tespit etmek i\u00e7in \u201cbilinmeyen\u201d bir alt alan\u0131 da denerim. Ge\u00e7i\u015fin birinde \u201c<em>api\u2011staging\u2011hidden<\/em>\u201d diye kimsenin dokunmad\u0131\u011f\u0131 bir alt alan, \u00fcretimdeki \u00f6deme webhook\u2019lar\u0131n\u0131 \u00f6rt\u00fcyordu; onu yakalay\u0131nca gecemiz kurtuldu.<\/p>\n<h3><span id=\"NS_Degisimi_ve_Izleme\">NS De\u011fi\u015fimi ve \u0130zleme<\/span><\/h3>\n<p>NS\u2019yi de\u011fi\u015ftirdi\u011finiz an, geri say\u0131m ba\u015flar. O noktada <strong>dig +trace<\/strong> \u00e7\u0131kt\u0131s\u0131nda yeni NS\u2019lerin g\u00f6r\u00fcnmesiyle beraber 5\u201110 dakika i\u00e7inde d\u00fcnyadaki yo\u011fun b\u00f6lgelerde ilk d\u00f6n\u00fc\u015fleri g\u00f6r\u00fcrs\u00fcn\u00fcz. Ben ge\u00e7i\u015f an\u0131nda terminalde k\u00fc\u00e7\u00fck bir d\u00f6ng\u00fcyle en b\u00fcy\u00fck ISP\u2019leri s\u0131ras\u0131yla denerim; \u201c<strong>dig www.ornek.com @8.8.8.8<\/strong>\u201d ve \u201c<strong>dig www.ornek.com @1.1.1.1<\/strong>\u201d yan\u0131tlar\u0131 bekledi\u011fim IP\u2019yi veriyorsa, nefes al\u0131r\u0131m. DNS taraf\u0131nda daha derin stratejiye ihtiyac\u0131n\u0131z varsa, <a href=\"https:\/\/www.dchost.com\/blog\/cok-bolgeli-mimariler-nasil-kurulur-dns-geo%E2%80%91routing-ve-veritabani-replikasyonu-ile-korkusuz-felaket-dayanikliligi\/\">DNS geo\u2011routing ve felaket dayan\u0131kl\u0131l\u0131\u011f\u0131 \u00fczerine \u015fu notlar<\/a> plan\u0131n\u0131z\u0131 rafine eder.<\/p>\n<h2 id=\"section-4\"><span id=\"Eposta_Hesaplar_Icerik_ve_Itibar_Ogeleri_SPF_DKIM_DMARC\">E\u2011posta: Hesaplar, \u0130\u00e7erik ve \u0130tibar \u00d6\u011feleri (SPF, DKIM, DMARC)<\/span><\/h2>\n<h3><span id=\"Posta_Kutularini_Kirmadan_Tasimak\">Posta Kutular\u0131n\u0131 K\u0131rmadan Ta\u015f\u0131mak<\/span><\/h3>\n<p>E\u2011posta taraf\u0131nda \u201ckullan\u0131c\u0131 + parolalar + posta i\u00e7eri\u011fi + y\u00f6nlendirmeler + listeler\u201d d\u00f6rtl\u00fcs\u00fcn\u00fc bir arada g\u00f6r\u00fcr\u00fcm. Hesaplar\u0131 panel ara\u00e7lar\u0131yla i\u00e7e aktarmak genelde kolay, ama as\u0131l s\u0131k\u0131nt\u0131 y\u0131llar\u0131n birikmi\u015f kutu i\u00e7eri\u011fini ta\u015f\u0131makt\u0131r. Burada y\u0131llard\u0131r i\u015fimi g\u00f6ren y\u00f6ntem, <strong>imapsync<\/strong> ile <em>kaynak ve hedef sunucuyu e\u015f zamanl\u0131 senkron tutmak<\/em>. \u0130lk b\u00fcy\u00fck senkronu g\u00fcnd\u00fcz yapar, ak\u015fam son fark senkronunu al\u0131r\u0131m. Komut akl\u0131mda kalm\u0131\u015ft\u0131r: \u201c<strong>imapsync &#8211;host1 eski\u2011imap &#8211;user1 ali &#8211;password1 &#8216;***&#8217; &#8211;host2 yeni\u2011imap &#8211;user2 ali &#8211;password2 &#8216;***&#8217; &#8211;automap<\/strong>\u201d. Ara\u00e7 detaylar\u0131 i\u00e7in <a href=\"https:\/\/github.com\/imapsync\/imapsync\" rel=\"nofollow noopener\" target=\"_blank\">imapsync arac\u0131<\/a> pratik a\u00e7\u0131klamalar sunuyor.<\/p>\n<h3><span id=\"SPF_DKIM_DMARC_Uyumunu_Bozmadan_Degistirmek\">SPF, DKIM, DMARC Uyumunu Bozmadan De\u011fi\u015ftirmek<\/span><\/h3>\n<p>\u0130tibar\u0131n temel ta\u015flar\u0131 olan <strong>SPF, DKIM ve DMARC<\/strong> ge\u00e7i\u015fte k\u0131m\u0131ldar; biz onlar\u0131n sars\u0131lmas\u0131na izin vermeyiz. SPF\u2019te g\u00f6nderen IP aral\u0131\u011f\u0131n\u0131z de\u011fi\u015fiyorsa, \u00f6nce yeni IP\u2019leri include ederek <em>\u00e7ift tarafl\u0131<\/em> bir d\u00f6neme girin, sonra eskileri \u00e7\u0131kar\u0131n. DKIM\u2019de m\u00fcmk\u00fcnse eski anahtarlar\u0131n <strong>\u00f6zel anahtarlar\u0131n\u0131<\/strong> g\u00fcvenli \u015fekilde yeni tarafa ta\u015f\u0131y\u0131n; selector\u2019\u0131 koruyun. DMARC\u2019ta raporlama adreslerini ge\u00e7i\u015f boyunca izlerim, ak\u0131\u015fta beklenmeyen bir g\u00f6nderen \u00e7\u0131kt\u0131\u011f\u0131nda \u201c<strong>dig txt _dmarc.ornek.com<\/strong>\u201d ile do\u011frular\u0131m. Bu konular\u0131n d\u00f6n\u00fc\u015f yolunda ba\u015f a\u011fr\u0131s\u0131 yapmamas\u0131 i\u00e7in <a href=\"https:\/\/www.dchost.com\/blog\/e%E2%80%91posta-yonlendirmede-spf-dmarc-neden-kiriliyor-srs-ve-arc-ile-nasil-tatli-tatli-onarirsin\/\">SPF\/DMARC ve SRS\/ARC notlar\u0131n\u0131<\/a> ge\u00e7meden bir g\u00f6zden ge\u00e7irmenizi \u00f6neririm.<\/p>\n<h3><span id=\"MTASTS_TLSRPT_ve_DANE_ile_Ince_Ayar\">MTA\u2011STS, TLS\u2011RPT ve DANE ile \u0130nce Ayar<\/span><\/h3>\n<p>Posta g\u00fcvenli\u011finde bir ad\u0131m ileri gitmek istiyorsan\u0131z, ge\u00e7i\u015f an\u0131 f\u0131rsatt\u0131r. MTA\u2011STS politikas\u0131, TLS raporlamas\u0131 ve DANE kay\u0131tlar\u0131n\u0131 yeni sunucuyla uyumlu hale getirip, teslim edilebilirli\u011fi art\u0131rabilirsiniz. Ben genelde finalden \u00f6nce <strong>STS policy<\/strong> dosyas\u0131n\u0131 yeni hostta yay\u0131mlar, DNS TXT kayd\u0131n\u0131 d\u00fc\u015f\u00fck TTL ile denerim. Teslimat\u0131n nas\u0131l yumu\u015fad\u0131\u011f\u0131n\u0131 g\u00f6rmek i\u00e7in raporlar\u0131 birka\u00e7 g\u00fcn izlemek yeter. Detaylar i\u00e7in <a href=\"https:\/\/www.dchost.com\/blog\/e%E2%80%91postada-mta%E2%80%91sts-tls%E2%80%91rpt-ve-dane-teslim-edilebilirligi-nasil-tatli-tatli-yukseltirsin\/\">MTA\u2011STS, TLS\u2011RPT ve DANE \u00fczerine bu rehber<\/a> ge\u00e7i\u015f plan\u0131n\u0131za g\u00fczel ekler katacakt\u0131r.<\/p>\n<h2 id=\"section-5\"><span id=\"Web_Icerigi_ve_Veritabanlari_Ilk_Kopya_Artimli_Senkron_Son_Kesim\">Web \u0130\u00e7eri\u011fi ve Veritabanlar\u0131: \u0130lk Kopya, Art\u0131ml\u0131 Senkron, Son Kesim<\/span><\/h2>\n<h3><span id=\"Dosya_Icerigini_Isitmak\">Dosya \u0130\u00e7eri\u011fini Is\u0131tmak<\/span><\/h3>\n<p>Web k\u00f6kleri, upload klas\u00f6rleri, logik \u00f6nbellekler\u2026 Hepsini ge\u00e7i\u015ften g\u00fcnler \u00f6nce hedefe \u201c\u0131s\u0131t\u0131r\u0131m\u201d. Plesk\u2019te vhosts dizininden cPanel\u2019deki kullan\u0131c\u0131 evine senkron i\u00e7in \u201c<strong>rsync -aHAX &#8211;numeric-ids &#8211;info=progress2 \/var\/www\/vhosts\/ornek.com\/ root@yeni:\/home\/USERNAME\/<\/strong>\u201d kullanmak pratik. \u0130lk b\u00fcy\u00fck kopyadan sonra her ak\u015fam k\u0131sa art\u0131ml\u0131 kopyalarla fark\u0131 k\u00fc\u00e7\u00fclt\u00fcr\u00fcm. B\u00f6ylece final kesimde ta\u015f\u0131nacak veri gramaj\u0131 hafifler ve riskiniz d\u00fc\u015fer.<\/p>\n<h3><span id=\"Veritabaninda_Donmadan_Dondurmak\">Veritaban\u0131nda Donmadan Dondurmak<\/span><\/h3>\n<p>MySQL\/MariaDB ge\u00e7i\u015flerinde veri tutarl\u0131l\u0131\u011f\u0131n\u0131 g\u00f6zetirim. Trafi\u011fi tamamen kesmek istemiyorsan\u0131z, uygulamay\u0131 <em>k\u0131sa s\u00fcreli yazma kilidine<\/em> al\u0131p, <strong>uygulama\u2011tutarl\u0131<\/strong> bir yedek \u00e7\u0131kar\u0131n. LVM snapshot veya fsfreeze ile al\u0131nm\u0131\u015f s\u0131cak bir kopya, bekledi\u011finiz rahatl\u0131\u011f\u0131 verir. Bu yakla\u015f\u0131m\u0131 ad\u0131m ad\u0131m anlatt\u0131\u011f\u0131m <a href=\"https:\/\/www.dchost.com\/blog\/uygulama%E2%80%91tutarli-yedekler-nasil-alinir-lvm-snapshot-ve-fsfreeze-ile-mysql-postgresqli-usutmeden-dondurmak\/\">uygulama\u2011tutarl\u0131 yedekler notlar\u0131na<\/a> bakabilirsiniz. Finalde \u201c<strong>mysqldump &#8211;single-transaction<\/strong>\u201d ile art\u0131ml\u0131 son fark\u0131 kapat\u0131r, \u201c<strong>mysql &lt; dump.sql<\/strong>\u201d ile hedefte aya\u011fa kald\u0131r\u0131r\u0131m; uygulamay\u0131 yazmaya yeniden a\u00e7madan \u00f6nce indekslerin ritmini de dinlerim.<\/p>\n<h3><span id=\"CDN_Cache_ve_Oturum_Yonetimi\">CDN, Cache ve Oturum Y\u00f6netimi<\/span><\/h3>\n<p>Ge\u00e7i\u015f s\u0131ras\u0131nda CDN \u00f6nbellekleri ve sunucu\u2011yan\u0131 cache katmanlar\u0131 (OPcache, Redis) kafa kar\u0131\u015ft\u0131r\u0131r. Ben \u015fu yolu denerim: Yeni tarafta uygulamay\u0131 staging alan ad\u0131yla k\u0131sa s\u00fcre canl\u0131ya yak\u0131n ko\u015fturur, CDN\u2019de d\u00fc\u015f\u00fck TTL ve soft purge ile \u0131s\u0131nmas\u0131n\u0131 izlerim. Oturum saklamay\u0131 dosya taban\u0131ndan Redis\u2019e \u00e7ekmek, kesim an\u0131nda kullan\u0131c\u0131lar\u0131n oturum kayb\u0131n\u0131 azalt\u0131r. K\u00fc\u00e7\u00fck ama kritik bir kazan\u0131m.<\/p>\n<h2 id=\"section-6\"><span id=\"SSLACME_Sertifikayi_Onceden_Al_Yenilemeyi_Kesmeyecek_Sekilde_Kurgula\">SSL\/ACME: Sertifikay\u0131 \u00d6nceden Al, Yenilemeyi Kesmeyecek \u015eekilde Kurgula<\/span><\/h2>\n<h3><span id=\"ACME_ile_Onceden_Provision\">ACME ile \u00d6nceden Provision<\/span><\/h3>\n<p>Ge\u00e7i\u015fte en sevdi\u011fim hamle, <strong>DNS\u201101<\/strong> ile sertifikalar\u0131 finalden \u00f6nce \u00fcretmek. B\u00f6ylece HTTP do\u011frulamaya mecbur kalmaz, staging hostta veya yeni panelde haz\u0131r beklersiniz. \u201c<strong>acme.sh &#8211;issue &#8211;dns dns_provider -d ornek.com -d *.ornek.com<\/strong>\u201d ile wildcard sertifika bile \u00f6nceden al\u0131n\u0131r. Do\u011frulama y\u00f6ntemlerini se\u00e7erken <a href=\"https:\/\/www.dchost.com\/blog\/acme-challenge-turleri-derinlemesine-http%E2%80%9101-dns%E2%80%9101-ve-tls%E2%80%91alpn%E2%80%9101-ne-zaman-hangisi\/\">ACME challenge t\u00fcrlerinin art\u0131\u2011eksi taraflar\u0131n\u0131<\/a> g\u00f6zden ge\u00e7irmek, final gecesi s\u00fcrprizleri azalt\u0131r.<\/p>\n<h3><span id=\"CAA_ve_Yetki_Zinciri\">CAA ve Yetki Zinciri<\/span><\/h3>\n<p>CAA kay\u0131tlar\u0131n\u0131 yeni planla uyumlu hale getirmeyi unutmay\u0131n. Yeni CA\u2019y\u0131 eklemeden sertifika iste\u011fi atarsan\u0131z, ba\u015ftan kaybedersiniz. Ben NOC ekran\u0131nda \u201c<strong>dig CAA ornek.com<\/strong>\u201d ile bir bak\u0131\u015fta do\u011frular\u0131m. CAA\u2019n\u0131n nas\u0131l \u00e7oklu\u2011CA senaryolar\u0131n\u0131 destekledi\u011fini ve de\u011fi\u015fikliklerin ne zaman mant\u0131kl\u0131 oldu\u011funu <a href=\"https:\/\/www.dchost.com\/blog\/caa-kayitlari-derinlemesine-neden-nasil-ve-ne-zaman-coklu%E2%80%91caya-gecmelisin\/\">\u015fu derinlemesine yaz\u0131da<\/a> g\u00fczel \u00f6zetledik. HSTS kullan\u0131yorsan\u0131z s\u00fcreleri fazla uzun tutmadan, ge\u00e7i\u015ften \u00f6nce bir iki ad\u0131m a\u015fa\u011f\u0131 \u00e7ekmek de manevra alan\u0131 yarat\u0131r.<\/p>\n<h3><span id=\"Panel_Eklentileri_ve_Otomatik_Yenileme\">Panel Eklentileri ve Otomatik Yenileme<\/span><\/h3>\n<p>Plesk\u2019in Let\u2019s Encrypt eklentisi ile cPanel\/AutoSSL farkl\u0131 davran\u0131r. Ge\u00e7i\u015ften \u00f6nce hangi taraf\u0131n yenileme i\u015fini devralaca\u011f\u0131n\u0131 netle\u015ftiririm. E\u011fer arada k\u0131sa bir \u201cikiz\u201d d\u00f6nem varsa, sadece bir taraf\u0131 aktif b\u0131rak\u0131r, di\u011ferini pasifle\u015ftiririm. Yoksa \u00e7ak\u0131\u015fan yenileme g\u00f6revleri rate limit\u2019e toslayabilir. Resmi k\u0131lavuzlar i\u00e7in <a href=\"https:\/\/docs.cpanel.net\/knowledge-base\/accounts\/how-to-use-the-transfer-tool\/\" rel=\"nofollow noopener\" target=\"_blank\">cPanel Transfer Tool kullan\u0131m k\u0131lavuzu<\/a> ve <a href=\"https:\/\/docs.plesk.com\/en-US\/obsidian\/migration-guide\/plesk-migrator.74610\/\" rel=\"nofollow noopener\" target=\"_blank\">Plesk Migrator rehberi<\/a> i\u015finizi kolayla\u015ft\u0131r\u0131r.<\/p>\n<h2 id=\"section-7\"><span id=\"Otomasyon_ve_Gozlemlenebilirlik_Gecis_Anini_Izlemek_ve_Geri_Almayi_Hazir_Tutmak\">Otomasyon ve G\u00f6zlemlenebilirlik: Ge\u00e7i\u015f An\u0131n\u0131 \u0130zlemek ve Geri Almay\u0131 Haz\u0131r Tutmak<\/span><\/h2>\n<h3><span id=\"IaC_ile_Tekrar_Edilebilir_Altyapi\">IaC ile Tekrar Edilebilir Altyap\u0131<\/span><\/h3>\n<p>Yeni node\u2019lar\u0131 Ansible ile kurup, panel kurulumundan sonra servis sertle\u015fmesini (SSH anahtar\u0131, fail2ban, firewalld, TLS \u00f6n ayarlar\u0131) otomatik uygular\u0131m. B\u00f6ylece \u201c\u015fu sunucu farkl\u0131 kald\u0131\u201d s\u00fcrprizi ya\u015famam. \u00c7ekirdek parametrelerden log rotasyonuna kadar her \u015fey playbook\u2019ta durursa, iki ay sonra bile ayn\u0131 tarifi pi\u015firirsiniz.<\/p>\n<h3><span id=\"Metrikler_Loglar_ve_Canli_Saglik_Nabzi\">Metrikler, Loglar ve Canl\u0131 Sa\u011fl\u0131k Nabz\u0131<\/span><\/h3>\n<p>Ge\u00e7i\u015f ak\u015fam\u0131 her zaman iki k\u00fc\u00e7\u00fck komutum vard\u0131r. HTTP katman\u0131n\u0131 g\u00f6zlemek i\u00e7in \u201c<strong>curl -s -o \/dev\/null -w &#8216;%{http_code} %{time_total}n&#8217; https:\/\/www.ornek.com<\/strong>\u201d, SMTP el s\u0131k\u0131\u015fmas\u0131n\u0131 g\u00f6rmek i\u00e7in \u201c<strong>openssl s_client -starttls smtp -connect mx.ornek.com:25 -tlsextdebug -brief<\/strong>\u201d. Bunlar k\u00fc\u00e7\u00fck fenerlerdir; g\u00f6z\u00fcn\u00fcz karanl\u0131kta kalmaz. Ayr\u0131ca Nginx\/Apache 5xx oran\u0131, PHP FPM bekleme kuyru\u011fu, Exim kuyru\u011fu ve Dovecot e\u015fzamanl\u0131 oturumlar\u0131 grafikte normal mi, hepsine bakar\u0131m. Alarm e\u015fiklerini ge\u00e7i\u015f gecesi gev\u015fetmem; sadece <em>mesaj metinlerini<\/em> netle\u015ftirir, on\u2011call arkada\u015f\u0131n ihtiyac\u0131 olan ba\u011flam\u0131 eklerim.<\/p>\n<h3><span id=\"Rollback_Kapisi\">Rollback Kap\u0131s\u0131<\/span><\/h3>\n<p>Her kesimde geri d\u00f6n\u00fc\u015f kap\u0131s\u0131n\u0131 a\u00e7\u0131k tutar\u0131m. DNS\u2019te eski NS\u2019lere d\u00f6nmek bir se\u00e7enek, ama daha zarifi \u015fudur: Yeni tarafta health check patlarsa, \u201c<em>maintenance CNAME<\/em>\u201d ile trafi\u011fi ge\u00e7ici olarak eski ortama \u00e7evirirsiniz. Bu hamle, kullan\u0131c\u0131lar\u0131n hissetti\u011fi sars\u0131nt\u0131y\u0131 minimal tutar. Kendi pratiklerimde canary y\u00f6nlendirmeyi \u00e7ok severim; e\u011fer altyap\u0131n\u0131z uygunsa, trafi\u011fin k\u00fc\u00e7\u00fck bir y\u00fczdesini yeni tarafa verip, metrikler normal ise kademeli art\u0131rmak rahat uyku getirir. Fikir olarak <a href=\"https:\/\/www.dchost.com\/blog\/vpste-canary-dagitimi-nasil-tatli-tatli-kurulur-nginx-agirlikli-yonlendirme-saglik-kontrolu-ve-guvenli-rollback\/\">canary da\u011f\u0131t\u0131m\u0131yla g\u00fcvenli rollback<\/a> yaz\u0131s\u0131ndaki yakla\u015f\u0131m panel ta\u015f\u0131malar\u0131na da uyarlanabilir.<\/p>\n<h2 id=\"section-8\"><span id=\"Araclar_Plesk_Migrator_cPanel_Transfer_Tool_ve_Kucuk_Hileler\">Ara\u00e7lar: Plesk Migrator, cPanel Transfer Tool ve K\u00fc\u00e7\u00fck Hileler<\/span><\/h2>\n<h3><span id=\"Panel_Araclarinin_Ritmi\">Panel Ara\u00e7lar\u0131n\u0131n Ritmi<\/span><\/h3>\n<p>Plesk\u2019ten cPanel\u2019e giderken iki yan\u0131 kullan\u0131r\u0131m. cPanel taraf\u0131ndaki <strong>Transfer Tool<\/strong> do\u011frudan Plesk kaynaklar\u0131n\u0131 \u00e7ekebilir; kullan\u0131c\u0131 hesaplar\u0131, DNS b\u00f6lgeleri, posta kutular\u0131 ve web i\u00e7eri\u011fini d\u00fczg\u00fcn kavrar. Tersi y\u00f6nde <strong>Plesk Migrator<\/strong> cPanel kaynaklar\u0131n\u0131 i\u00e7eri al\u0131r. Bu ara\u00e7lar i\u015fi y\u00fczde seksen \u00e7\u00f6zer; kalan y\u00fczde yirmi \u201ck\u0131vr\u0131mlar\u201dd\u0131r: \u00f6zel Nginx kurallar\u0131, cron i\u015fleri, beklenmedik PHP ayarlar\u0131. Cron\u2019lar\u0131 systemd timer\u2019a ta\u015f\u0131yorsan\u0131z, davran\u0131\u015f farklar\u0131n\u0131 bilmek i\u00e7in <a href=\"https:\/\/www.dchost.com\/blog\/cron-mu-systemd-timer-mi-neden-nasil-ve-ne-zaman-hangisini-secmeli\/\">cron mu systemd timer m\u0131<\/a> rehberi iyi bir hat\u0131rlatma olur.<\/p>\n<h3><span id=\"Kucuk_Ama_Kurtarici_Komutlar\">K\u00fc\u00e7\u00fck Ama Kurtar\u0131c\u0131 Komutlar<\/span><\/h3>\n<p>DNS do\u011frulamas\u0131 i\u00e7in \u201c<strong>dig +short NS ornek.com<\/strong>\u201d, DMARC i\u00e7in \u201c<strong>dig +short TXT _dmarc.ornek.com<\/strong>\u201d, posta kuyru\u011fu i\u00e7in \u201c<strong>exim -bp | exiqsumm<\/strong>\u201d, IMAP canl\u0131lar\u0131n\u0131 g\u00f6rmek i\u00e7in \u201c<strong>ss -ltnp | grep 143<\/strong>\u201d. Veritaban\u0131nda uzun s\u00fcren sorgular\u0131 yakalamak i\u00e7in slow log\u2019u k\u0131sa s\u00fcre agresif a\u00e7ar\u0131m. Bu minik yard\u0131mc\u0131lar, ge\u00e7i\u015f an\u0131nda karar alma h\u0131z\u0131n\u0131z\u0131 art\u0131r\u0131r; gereksiz panik \u00f6nler.<\/p>\n<h2 id=\"section-9\"><span id=\"Ters_Yon_cPanelden_Pleske_Gecerken_Farkli_Olan_Ne\">Ters Y\u00f6n: cPanel\u2019den Plesk\u2019e Ge\u00e7erken Farkl\u0131 Olan Ne?<\/span><\/h2>\n<h3><span id=\"Farkli_Varsayilanlar_Ayni_Hedef\">Farkl\u0131 Varsay\u0131lanlar, Ayn\u0131 Hedef<\/span><\/h3>\n<p>cPanel\u2019den Plesk\u2019e d\u00f6nerken dosya yollar\u0131 ve servis kal\u0131plar\u0131 biraz de\u011fi\u015fir. cPanel\u2019de kullan\u0131c\u0131 merkezli \u201c\/home\/USER\/public_html\u201d d\u00fczeni, Plesk\u2019te vhost mant\u0131\u011f\u0131yla \u201c\/var\/www\/vhosts\/DOMAIN\/httpdocs\u201d taraf\u0131na denk d\u00fc\u015fer. Bu, yedeklerden d\u00f6nme ve rsync senaryolar\u0131nda k\u00fc\u00e7\u00fck yol d\u00fczeltmeleri gerektirir. PHP selector ve Apache\/Nginx birle\u015fimi Plesk\u2019te farkl\u0131 ayarlan\u0131r; \u00f6zel .htaccess kurallar\u0131n\u0131 Plesk\u2019teki \u201cEk Nginx Y\u00f6nergeleri\u201d alan\u0131na uyarlamak gerekebilir. E\u2011posta taraf\u0131nda da Dovecot\/Exim s\u00fcr\u00fcmleri ve kutu dizin yap\u0131s\u0131 de\u011fi\u015fti\u011finden, imapsync ile i\u00e7erik senkronu yine en g\u00fcvenli \u00e7\u0131k\u0131\u015f kap\u0131s\u0131d\u0131r.<\/p>\n<h3><span id=\"SSL_ve_ACME_Uzantilari\">SSL ve ACME Uzant\u0131lar\u0131<\/span><\/h3>\n<p>Plesk\u2019in Let\u2019s Encrypt uzant\u0131s\u0131, birden \u00e7ok domain ve alt domaini tek panelden toparlamakta rahatt\u0131r. cPanel\/AutoSSL ise WHM taraf\u0131nda kullan\u0131c\u0131lar\u0131n tamam\u0131na yay\u0131lmay\u0131 sever. Ters y\u00f6nde ge\u00e7erken sertifika yenileme sorumlulu\u011funu yeniden \u00e7izip, CAA kay\u0131tlar\u0131n\u0131 kontrol etmek, \u201chedefte yenileme ba\u015far\u0131s\u0131z\u201d s\u00fcrprizini ortadan kald\u0131r\u0131r. \u0130ki durumda da DNS\u201101 ile \u00f6nceden \u00fcretmek, ge\u00e7i\u015f gecesi i\u00e7in sigortad\u0131r.<\/p>\n<h2 id=\"section-10\"><span id=\"Gercek_Operasyon_Postmortemden_Kisa_Notlar\">Ger\u00e7ek Operasyon: Post\u2011mortemden K\u0131sa Notlar<\/span><\/h2>\n<h3><span id=\"DKIM_Anahtarlarinin_Iki_Yuzu\">DKIM Anahtarlar\u0131n\u0131n \u0130ki Y\u00fcz\u00fc<\/span><\/h3>\n<p>Bir gece, Plesk\u2019ten cPanel\u2019e ge\u00e7i\u015fte her \u015fey p\u00fcr\u00fczs\u00fcz gitti derken, ertesi sabah m\u00fc\u015fteri \u201cGiden postalar bazen Spam\u2019a d\u00fc\u015f\u00fcyor\u201d dedi. Log\u2019larda g\u00f6ze \u00e7arpan bir \u015fey yoktu. TLS tamam, SPF geni\u015f, DMARC relax. Sonra Mail\u2011Tester benzeri ara\u00e7ta g\u00f6rd\u00fck: DKIM selector \u201cs1\u201d iki farkl\u0131 anahtar ge\u00e7mi\u015fe sahip. Eski Plesk\u2019te tutulan \u00f6zel anahtar kopyalanmam\u0131\u015f, yeni tarafta ayn\u0131 selector ile <em>yeni<\/em> anahtar \u00fcretilmi\u015f. Baz\u0131 al\u0131c\u0131lar eski DNS \u00f6nbellekleri y\u00fcz\u00fcnden bir s\u00fcre eski public key\u2019i g\u00f6rm\u00fc\u015f. Root cause bu. D\u00fczeltme basitti: Eski \u00f6zel anahtar\u0131 g\u00fcvenle yeni tarafa ta\u015f\u0131d\u0131k, DNS\u2019te de yeni anahtara tekille\u015ftirdik. Etki penceresi k\u0131sa, ama ders b\u00fcy\u00fck: <strong>\u0130mzalama anahtarlar\u0131 veri gibi de\u011fil, kimlik gibidir; ta\u015f\u0131n\u0131rken b\u00fct\u00fcnl\u00fc\u011f\u00fc bozulmamal\u0131.<\/strong><\/p>\n<h3><span id=\"Onleyici_Aksiyonlar\">\u00d6nleyici Aksiyonlar<\/span><\/h3>\n<p>Bu olaydan sonra runbook\u2019a \u015fu maddeleri ekledik: Ge\u00e7i\u015ften 24 saat \u00f6nce DKIM selector envanteri \u00e7\u0131kar, \u00f6zel anahtarlar\u0131n kasas\u0131n\u0131 do\u011frula, DNS TTL\u2019ini 300\u2019e indir, NS kesiminden 1 saat sonra DMARC raporlar\u0131n\u0131 erken okumaya ba\u015fla. Bir de k\u00fc\u00e7\u00fck script yazd\u0131k; \u201c<strong>dig TXT default._domainkey.ornek.com<\/strong>\u201d ile public key fingerprint\u2019ini al\u0131p, hedef taraftaki yerel private key ile e\u015fle\u015ftiriyor. K\u00fc\u00e7\u00fck ama etkili bir g\u00fcven testi.<\/p>\n<h2 id=\"section-11\"><span id=\"Kapanis_Sakin_Gecislerin_Sirri_Kucuk_Adimlar_ve_Net_Runbook\">Kapan\u0131\u015f: Sakin Ge\u00e7i\u015flerin S\u0131rr\u0131 K\u00fc\u00e7\u00fck Ad\u0131mlar ve Net Runbook<\/span><\/h2>\n<p>Toparlayal\u0131m. Plesk\u2019ten cPanel\u2019e ya da tersine ge\u00e7i\u015f, tek bir gecenin i\u015fi gibi g\u00f6r\u00fcnse de, sessiz ge\u00e7en gecelerin temeli g\u00fcnd\u00fczden at\u0131l\u0131r. DNS taraf\u0131nda TTL\u2019i erkenden d\u00fc\u015f\u00fcr\u00fcr, g\u00f6lgeli yay\u0131nla kay\u0131tlar\u0131 do\u011frulars\u0131n\u0131z. E\u2011postada hesaplar\u0131 imapsync ile \u0131s\u0131t\u0131r, SPF\/DKIM\/DMARC \u00fc\u00e7l\u00fcs\u00fcn\u00fc \u00e7ift tarafl\u0131 ge\u00e7i\u015f d\u00f6nemine g\u00f6re ayarlars\u0131n\u0131z. Web i\u00e7eri\u011fini rsync ile art\u0131ml\u0131 senkronlar, veritaban\u0131n\u0131 uygulama\u2011tutarl\u0131 bir kopyayla ta\u015f\u0131r, finalde k\u0131sa bir yazma kilidiyle kapan\u0131\u015f\u0131 yapars\u0131n\u0131z. SSL\u2019leri DNS\u201101 ile \u00f6nceden \u00fcretip, CAA ve HSTS ile uyumu kontrol etti\u011finizde, ge\u00e7i\u015f gecesi s\u00fcrpriz ihtimali azal\u0131r.<\/p>\n<p>Uygulanabilir bir mini\u2011runbook \u015f\u00f6yle akar: Bir, envanteri ve riskleri yaz; iki, DNS TTL ve kay\u0131t g\u00f6lgelemesini ba\u015flat; \u00fc\u00e7, posta kutular\u0131n\u0131 imapsync ile \u0131s\u0131t; d\u00f6rt, web ve DB\u2019yi art\u0131ml\u0131 senkronla; be\u015f, ACME ile sertifikalar\u0131 \u00f6nceden al; alt\u0131, canl\u0131 metrikleri ve loglar\u0131 ekranda tut; yedi, kesim an\u0131nda k\u00fc\u00e7\u00fck ve geri al\u0131nabilir ad\u0131mlar at; sekiz, DMARC ve kuyruk raporlar\u0131n\u0131 h\u0131zl\u0131ca tara. G\u00f6z\u00fcn\u00fcz\u00fc korkutmas\u0131n; ekip\u00e7e k\u00fc\u00e7\u00fck provalar yapt\u0131k\u00e7a bu ak\u0131\u015f refleksiniz olur. Yol \u00fcst\u00fcnde daha derinle\u015fmek isterseniz, <a href=\"https:\/\/www.dchost.com\/blog\/acme-challenge-turleri-derinlemesine-http%E2%80%9101-dns%E2%80%9101-ve-tls%E2%80%91alpn%E2%80%9101-ne-zaman-hangisi\/\">ACME do\u011frulama y\u00f6ntemleri<\/a> ve <a href=\"https:\/\/www.dchost.com\/blog\/caa-kayitlari-derinlemesine-neden-nasil-ve-ne-zaman-coklu%E2%80%91caya-gecmelisin\/\">CAA stratejileri<\/a> ile ba\u015flay\u0131n; e\u2011posta taraf\u0131nda ise <a href=\"https:\/\/www.dchost.com\/blog\/e%E2%80%91postada-mta%E2%80%91sts-tls%E2%80%91rpt-ve-dane-teslim-edilebilirligi-nasil-tatli-tatli-yukseltirsin\/\">MTA\u2011STS ve TLS\u2011RPT<\/a> notlar\u0131 g\u00fczel birer tamamlay\u0131c\u0131d\u0131r. Ekibinize g\u00fcvenin; net bir runbook, \u00f6l\u00e7\u00fclebilir kontroller ve sakin bir komuta merkeziyle bu ge\u00e7i\u015fler tatl\u0131 tatl\u0131 biter.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u0130&ccedil;indekiler1 Nereden Ba\u015flamal\u0131? Neden Ta\u015f\u0131yoruz ve Neyi K\u0131rmadan Ge\u00e7iririz?2 Riskleri Haritalamak: K\u0131r\u0131lma Noktular\u0131n\u0131 \u00d6nceden G\u00f6rmek2.1 Kay\u0131tl\u0131 Varsay\u0131mlar ve Do\u011frulamalar2.2 \u00d6l\u00e7\u00fclebilir Haz\u0131rl\u0131k3 DNS\u2019i A\u011fr\u0131s\u0131z Ta\u015f\u0131mak: TTL, G\u00f6lgeli Yay\u0131n ve Kesim3.1 TTL\u2019i Erken D\u00fc\u015f\u00fcr, Kay\u0131tlar\u0131 \u0130ki Tarafta Paralel Tut3.2 Ger\u00e7ek Sorgu ile Do\u011frulama3.3 NS De\u011fi\u015fimi ve \u0130zleme4 E\u2011posta: Hesaplar, \u0130\u00e7erik ve \u0130tibar \u00d6\u011feleri (SPF, DKIM, DMARC)4.1 Posta [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2029,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32,33,25],"tags":[],"class_list":["post-2023","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-alan-adi","category-nasil-yapilir","category-sunucu"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/2023","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=2023"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/2023\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/2029"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=2023"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=2023"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=2023"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}