[Answered: no, you can't.] Anyone have a .is domain working with MIAB DNS?

I’m trying to get my MIAB working with a .is domain registered on isnic.is.

They require nameservers to register and pass some tests. One of the tests is that the PTR has to return the full nameserver name, so there should be a PTR record to ns1.box.example.com and another to ns2.box.example.com .

MIAB sets the PTR to box.example.com, without the ns1 and ns2. Is there a way I can modify this so that there are PTR to ns1.box and ns2.box?

It might be best to use something like CloudFlare here. CloudFlare now supports DNSSEC and can provide two name servers for free; I have some .is domains on CloudFlare and their name servers pass the ISNIC tests.

To do it yourself your best bet would be to set up name servers on your own. ISNIC tests both ns1 and ns2, and according to ISNIC technical documentation you need “at least two different nameservers must be specified (and the hosts must not resolve to the same IP address).” (https://www.isnic.is/en/domain/req) This means that you would not be able to use one MIAB as the name server for a .is domain directly.

As far as I know, the name server requirements of .is will prevent you from using the DNS provided via the box because they require the PTR to be unique (i.e. your box needs an IP and your name server needs to resolve separately)–as stated above. I get what you’re trying to do but I do not believe it will work. Further, ISNIC regularly inspects any .is domains and if you are found to be out of their requirements, they will notify you (so even if you managed to find a way to trick it at first, you’ll be found out).

Yeah… so I did manage to trick .is into registering ns1.box.example.com, but I think you’re right – this won’t work in the long run and doesn’t address the requirement that the nameservers have unique IPs.

It seems .is should be added to the mailinabox “problem TLDs” list.

I’ve set it up with Cloudflare and that works fine (DNSSEC, but no TLSA).

2 Likes

I found this article that describes how you can meet the ISNIC name server requirements without additional expense.

https://parabing.com/2015/01/dot-is-domains/

It refers you to a hosting company in Iceland that offers a Free DNS service. It took about five minutes to register and add the domain and the IP address for the website. I redelegated the domain in the ISNIC control panel and selected 1984 ehf from the ISP list. I received an email from ISNIC within fifteen minutes confirming the nameserver change.

After I add the MIAB DNS entries, I don’t expect to have to change them at all. Overall, this way is a lot less work to meet the ISNIC requirements and enjoy using Mail in a Box with my .is domain.

Sure, if you host the DNS somewhere else, you can use any TLD. I’ve been using my .is domain with MIAB for a few months now, using Cloudflare for DNS. This forum topic is about using MIAB’s DNS, which is impossible to do with .is as far as I can tell.

1 Like