After moving MIAB - Errors validating DNS

prostream · May 24, 2018, 8:16pm

Hi,

after i moved my MIAB installation everything worked smooth.

After about 1-2 hours all of my DNS records where lost. I looked into my syslog which shows me:

    May 24 22:10:01 box named[3995]: validating @0x7f202400b750: host01.oneofmydomains.co A: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f202400b750: host01.oneofmydomains.co AAAA: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2018041c40: oneofmydomains.de NS: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2028380810: oneofmydomains.de A: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2028380810: oneofmydomains.de MX: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2028380810: net01.oneofmydomains.co MX: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2028380810: www.oneofmydomains.email A: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2028380810: www.oneofmydomains.email AAAA: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2020228120: oneofmydomains.email AAAA: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2018041c40: oneofmydomains.de AAAA: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2028380810: net01.oneofmydomains.co A: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2018041c40: net01.oneofmydomains.co AAAA: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f202400b750: www.oneofmydomains.de A: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2018041c40: webmail.oneofmydomains.de MX: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f202022ba50: www.oneofmydomains.de AAAA: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2020228120: www.oneofmydomains.de A: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2020228120: www.oneofmydomains.de AAAA: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2020228120: webmail.oneofmydomains.de A: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2020228120: webmail.oneofmydomains.de AAAA: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2028380810: oneofmydomains.de NS: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2028380810: oneofmydomains.de A: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2028380810: oneofmydomains.de MX: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2020228120: oneofmydomains.de NS: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f202400b750: oneofmydomains.de A: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2018041c40: oneofmydomains.de AAAA: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2020228120: oneofmydomains.de MX: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f202400b750: oneofmydomains.co NS: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2028380810: oneofmydomains.co A: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2018041c40: oneofmydomains.co MX: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2020228120: oneofmydomains.de AAAA: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2020228120: www.oneofmydomains.de A: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2028380810: www.oneofmydomains.de AAAA: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2020228120: box.oneofmydomains.co A: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2020228120: ns1.box.oneofmydomains.co A: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2018041c40: ns2.box.oneofmydomains.co A: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2018041c40: webmail.oneofmydomains.de MX: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2020228120: _25._tcp.box.oneofmydomains.co TLSA: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2018041c40: box.oneofmydomains.co MX: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2018041c40: oneofmydomains.co AAAA: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f2020228120: webmail.oneofmydomains.de A: no valid signature found
May 24 22:10:01 box named[3995]: validating @0x7f202400b750: webmail.oneofmydomains.de AAAA: no valid signature found
May 24 22:10:02 box named[3995]: validating @0x7f2018041c40: 32.132.70.129.IN-ADDR.ARPA PTR: no valid signature found

Any ideas what is wrong?

After restoring my backup i got an error that this file: “/home/user-data/ssl/ssl_certificate.pem” could not be transferred. Can that have anything to do with it?

Edit:
Running “sudo management/status_checks.py” gives:

System
======
✓  All system services are running.
✖  The SSH server on this machine permits password-based login. A more secure way to log in is using a public key. Add your SSH public key to $HOME/.ssh/authorized_keys, check that you can log in without a password, set the option
   'PasswordAuthentication no' in /etc/ssh/sshd_config, and then restart the openssh via 'sudo service ssh restart'.
✓  System software is up to date.
✓  Mail-in-a-Box is up to date. You are running version v0.26c.
✓  System administrator address exists as a mail alias. [administrator@box.niewoehner.co ↦ admin@mydomain.com]
✓  The disk has 127.55 GB space remaining.
✓  System memory is 70% free.

Network
=======
✓  Firewall is active.
✓  Outbound mail (SMTP port 25) is not blocked.
✓  IP address is not blacklisted by zen.spamhaus.org.
multiprocessing.pool.RemoteTraceback:
"""
Traceback (most recent call last):
  File "/usr/lib/python3.4/multiprocessing/pool.py", line 119, in worker
    result = (True, func(*args, **kwds))
  File "/usr/lib/python3.4/multiprocessing/pool.py", line 47, in starmapstar
    return list(itertools.starmap(args[0], args[1]))
  File "management/status_checks.py", line 347, in run_domain_checks_on_domain
    check_dns_zone(domain, env, output, dns_zonefiles)
  File "management/status_checks.py", line 451, in check_dns_zone
    check_dnssec(domain, env, output, dns_zonefiles)
  File "management/status_checks.py", line 527, in check_dnssec
    ds_keytag, ds_alg, ds_digalg, ds_digest = rr_ds.split("\t")[4].split(" ")
IndexError: list index out of range
"""

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "management/status_checks.py", line 983, in <module>
    run_checks(False, env, ConsoleOutput(), pool)
  File "management/status_checks.py", line 65, in run_checks
    run_domain_checks(rounded_values, env, output, pool)
  File "management/status_checks.py", line 323, in run_domain_checks
    ret = pool.starmap(run_domain_checks_on_domain, args, chunksize=1)

alento · May 25, 2018, 4:56pm

Is DNSSEC set up with the registrar? Did you remove it before moving the box if it is?

You may want to delete the contents of the /home/user-data/ssl directory and run management/ssl_certificates.py to obtain new certs with a new private key.

boykin-interactive · August 8, 2020, 6:25am

Hi. I’m getting similar errors after upgrading to 0.47. I can access all of the Control Panel pages except the Status page. I deleted the contents of /home/user-data/ssl as mentioned above. when i run ssl_certificates.py i get the error:

Traceback (most recent call last):
File “management/ssl_certificates.py”, line 660, in
provision_certificates_cmdline()
File “management/ssl_certificates.py”, line 372, in provision_certificates_cmdline
status = provision_certificates(env, limit_domains=domains)
File “management/ssl_certificates.py”, line 348, in provision_certificates
ret.extend(post_install_func(env))
File “management/ssl_certificates.py”, line 448, in post_install_func
cert = get_domain_ssl_files(env[‘PRIMARY_HOSTNAME’], ssl_certificates, env, use_main_cert=False)
File “management/ssl_certificates.py”, line 153, in get_domain_ssl_files
“certificate_object”: load_pem(load_cert_chain(ssl_certificate)[0]),
File “management/ssl_certificates.py”, line 600, in load_cert_chain
with open(pemfile, “rb”) as f:
FileNotFoundError: [Errno 2] No such file or directory: ‘/home/user-data/ssl/ssl_certificate.pem’

When I run ‘sudo management/status_checks.py’ i get the error:

System

✓ All system services are running.
✓ SSH disallows password-based login.
✓ System software is up to date.
✓ Mail-in-a-Box is up to date. You are running version v0.47.
✓ System administrator address exists as a mail alias. [administrator@box.boykin.email ↦ tj@boykin.email]
? The disk has 22.27 GB space remaining.
✓ System memory is 69% free.

Network

✓ Firewall is active.
✓ Outbound mail (SMTP port 25) is not blocked.
✓ IP address is not blacklisted by zen.spamhaus.org.
multiprocessing.pool.RemoteTraceback:
“”"
Traceback (most recent call last):
File “/usr/lib/python3.6/multiprocessing/pool.py”, line 119, in worker
result = (True, func(*args, **kwds))
File “/usr/lib/python3.6/multiprocessing/pool.py”, line 47, in starmapstar
return list(itertools.starmap(args[0], args[1]))
File “management/status_checks.py”, line 349, in run_domain_checks_on_domain
check_mail_domain(domain, env, output)
File “management/status_checks.py”, line 587, in check_mail_domain
mxhost = mx.split(’; ‘)[0].split(’ ')[1]
IndexError: list index out of range
“”"

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File “management/status_checks.py”, line 976, in
run_checks(False, env, ConsoleOutput(), pool)
File “management/status_checks.py”, line 64, in run_checks
run_domain_checks(rounded_values, env, output, pool)
File “management/status_checks.py”, line 322, in run_domain_checks
ret = pool.starmap(run_domain_checks_on_domain, args, chunksize=1)
File “/usr/lib/python3.6/multiprocessing/pool.py”, line 274, in starmap
return self._map_async(func, iterable, starmapstar, chunksize).get()
File “/usr/lib/python3.6/multiprocessing/pool.py”, line 644, in get
raise self._value
IndexError: list index out of range

Has any one else seen this same problem?

RemoteControl · August 15, 2020, 7:05pm

I am having the same exact issue and looks like after the latest APT python upgrade, the ipv6 dnspython lookup is failing. Seems to be an incompatibility, but reinstalling pip or python or any of the dependencies does not help.