After update to .20 ctrl panel reporting DNS issues

Prior to upgrading from .19 to .20 System Status Checks were all green… now it shows issues with nameserver glue records and resolving DNS.

I checked with my registrar and nothing has changed…

New users are limited to only 1 pic per post… see replys for screen shots

Used MXtoolbox to check for DNS issues and it reported the following…

New users are limited to only 1 pic per post… see replys for screen shots

I’d appreciate help in tracking down what has changed and how to fix it.

The mail server seems to be functioning… I have have sent e-mail to and from my gmail acct from the webmail page and via pop/imap accts…

Have you tried rebooting your box and running the installer again?

I’ve rebooted twice… but hadn’t tried rerunning install script… will do that now…
Still the same errors…

I very much doubt the MIAB update broke your status page.

It could very well be a DNS issue, I don’t think there’s anything wrong with your box.

Is that Google’s DNS manger? Maybe open up a ticket with Google? Something may have changed since you updated your box.

What does your nameserver record show here? https://www.whatsmydns.net/

My understanding is that MiaB is handling the DNS… That is why I have the registrar point to the MiaB DNS server… And yes this domain is registered with Google Domains.

WhatsmyDNS seems to report all is well…

I just noticed that my nameservers and glue records point at ns1.mydomain.net should they be pointed at ns1.box.mydomain.net?

They should yes.

So as you said.

ns1.box.mydomain.net
ns2.box.mydomain.net

Ok, I will change that. I doubt Google changed that on their own; I must have set them that way in the beginning. The update must have included a different way of looking at DNS settings and reporting an error. I will let you know if that clears the MiaB error status…

1 Like

Ok that fixed the warnings and errors that MXtoolbox and DNSys were showing.

But MiaB status page hasn’t changed. I’m also concerned that even when I ssh in to the server it doesn’t even seem to see itself…

root@box: nslookup XXXXX.net
Server: 127.0.0.1
Address: 127.0.0.1#53

** server can’t find XXXXX.net: SERVFAIL

root@box: host XXXXX.net
Host XXXXX.net not found: 2(SERVFAIL)

root@box: ping XXXXX.net
ping: unknown host XXXXX.net

I appreciate your help. What other info can I provide you to help diagnose?

I checked syslog and it looks like both NSD and Bind started up …

Oct 11 11:39:04 box named[1560]: starting BIND 9.9.5-3ubuntu0.9-Ubuntu -u bind -4
Oct 11 11:39:04 box named[1560]: built with ‘–prefix=/usr’ ‘–mandir=/usr/share/man’ ‘–infodir=/usr/share/info’ ‘–sysconfdir=/etc/bind’ ‘–localstatedir=/var’ ‘–enable-threads’ ‘–enable-largefile’ ‘–with-libtool’ ‘–enable-shared’ ‘–enable-static’ ‘–with-openssl=/usr’ ‘–with-gssapi=/usr’ ‘–with-gnu-ld’ ‘–with-geoip=/usr’ ‘–with-atf=no’ ‘–enable-ipv6’ ‘–enable-rrl’ ‘–enable-filter-aaaa’ ‘CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2’
Oct 11 11:39:04 box named[1560]: ----------------------------------------------------
Oct 11 11:39:04 box named[1560]: BIND 9 is maintained by Internet Systems Consortium,
Oct 11 11:39:04 box named[1560]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Oct 11 11:39:04 box named[1560]: corporation. Support and training for BIND 9 are
Oct 11 11:39:04 box named[1560]: available at Professional Support for Open Source - ISC
Oct 11 11:39:04 box named[1560]: ----------------------------------------------------
Oct 11 11:39:04 box named[1560]: adjusted limit on open files from 4096 to 1048576
Oct 11 11:39:04 box named[1560]: found 1 CPU, using 1 worker thread
Oct 11 11:39:04 box named[1560]: using 1 UDP listener per interface
Oct 11 11:39:04 box named[1560]: using up to 4096 sockets
Oct 11 11:39:04 box named[1560]: loading configuration from ‘/etc/bind/named.conf’
Oct 11 11:39:04 box named[1560]: reading built-in trusted keys from file ‘/etc/bind/bind.keys’
Oct 11 11:39:04 box named[1560]: using default UDP/IPv4 port range: [1024, 65535]
Oct 11 11:39:04 box named[1560]: using default UDP/IPv6 port range: [1024, 65535]
Oct 11 11:39:04 box named[1560]: no IPv6 interfaces found
Oct 11 11:39:04 box named[1560]: listening on IPv4 interface lo, 127.0.0.1#53
Oct 11 11:39:04 box named[1560]: generating session key for dynamic DNS
Oct 11 11:39:04 box named[1560]: sizing zone task pool based on 5 zones
Oct 11 11:39:04 box named[1560]: using built-in root key for view _default
Oct 11 11:39:04 box named[1560]: set up managed keys zone for view _default, file ‘managed-keys.bind’
Oct 11 11:39:04 box named[1560]: automatic empty zone: 10.IN-ADDR.ARPA
<sniped a lot of ‘automatic empty zone’ lines>
Oct 11 11:39:04 box named[1560]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Oct 11 11:39:04 box nsd[1528]: XXXXX.net.txt.signed:6: CNAME and other data at the same name
Oct 11 11:39:04 box nsd[1528]: XXXXX.net.txt.signed:7: CNAME and other data at the same name
Oct 11 11:39:04 box nsd[1528]: XXXXX.net.txt.signed:8: CNAME and other data at the same name
Oct 11 11:39:04 box nsd[1528]: XXXXX.net.txt.signed:9: CNAME and other data at the same name
Oct 11 11:39:04 box nsd[1528]: XXXXX.net.txt.signed:10: CNAME and other data at the same name
Oct 11 11:39:04 box nsd[1528]: XXXXX.net.txt.signed:11: CNAME and other data at the same name
Oct 11 11:39:04 box nsd[1528]: XXXXX.net.txt.signed:12: CNAME and other data at the same name
Oct 11 11:39:04 box nsd[1528]: XXXXX.net.txt.signed:13: CNAME and other data at the same name
Oct 11 11:39:04 box nsd[1528]: XXXXX.net.txt.signed:14: CNAME and other data at the same name
Oct 11 11:39:04 box nsd[1528]: XXXXX.net.txt.signed:15: CNAME and other data at the same name
Oct 11 11:39:04 box nsd[1528]: XXXXX.net.txt.signed:16: CNAME and other data at the same name
Oct 11 11:39:04 box nsd[1528]: zone XXXXX.net file XXXXX.net.txt.signed read with 11 errors
Oct 11 11:39:04 box nsd[1528]: nsd started (NSD 4.0.1), pid 1526
Oct 11 11:39:04 box named[1560]: command channel listening on 127.0.0.1#953
Oct 11 11:39:04 box named[1560]: managed-keys-zone: journal file is out of date: removing journal file
Oct 11 11:39:04 box named[1560]: managed-keys-zone: loaded serial 34
Oct 11 11:39:04 box named[1560]: zone 0.in-addr.arpa/IN: loaded serial 1
Oct 11 11:39:04 box named[1560]: zone 127.in-addr.arpa/IN: loaded serial 1
Oct 11 11:39:04 box named[1560]: zone 255.in-addr.arpa/IN: loaded serial 1
Oct 11 11:39:04 box named[1560]: zone localhost/IN: loaded serial 2
Oct 11 11:39:04 box named[1560]: all zones loaded
Oct 11 11:39:04 box named[1560]: running

Give it time for the DNS changes to propagate. It can take up to 24 hours for changes to take effect.

Been 2 days still same error status

Re-run the MIAB setup, check that the IP address within setup is the same as the IP address as your box.

I assume it will be, but re-run the setup anyway. I’m out of ideas…

I appreciate your help.

Maybe this is a bit off-topic but how about trying it with external DNS? Works perfectly for me (I joined at .20).
Just look at external DNS on the admin panel and enter the required DNS entries at your registrar. Maybe this could help if nothing else does…

Yeah, I’ve thought of doing that. Also thought about reverting to the snapshot I took before updating to .20

But I thought the developers would want to know… So I’ve been attempting to work through the issue. Instead of taking the easy way out.

Delete your DNSSEC key, what does your status box look like without it?

I’m having the EXACT same issue. Something is not working with Google Domains and my mailinabox since the .20 update. All of my domains are not resolving.

I had the same thing – my glue records were ns1.domain.com and ns2.domain.com… and has been working with everything prior to .20 …

but now what I see in MIAB is that they should be ns1.box.domain.com and ns2.box.domain.com

It seems this is a DNSsec issue … Running my domain through the debugger is showing that the RRSIG has expired.

http://dnssec-debugger.verisignlabs.com/dmurphynj.com

So, with a broken System Status panel how do I generate a new RRSIG on the MIAB side?