Broken trust chain

shrit · July 14, 2020, 1:48pm

Hello,

I have mail in a box as a droplet image which I use to host my email and my website. it was working perfectly for over two months. I get the mail of the system check and I dicovered that the DNS server is not resolving my domain name. After some debugging, I have discovered that the issue is related to the DNSSEC, but I can not figure out the problem here.

So when I try to use ping or dig on my domain name from my image the domain resolution failed. I have executed root@box:~# /etc/init.d/bind9 status and I got this response
broken trust chain resolving and bad cache hit.

I have re-updated the DNSSEC entry inside my domain hosting website. I was able to ping my domain name from my droplet for only five minutes and then I got the same error as before.

Do you have any idea how to resolve this issue? Or what is causing it? Do I need to clean the cache? if yes How to do that?

Best,

alento · July 14, 2020, 4:09pm

Start by disabling DNSSEC at your domain registrar.

Wait 24 hours, then reenable it.

What changes, if any have you made to the VPS (droplet) hosting your MiaB instance, if any?

shrit · July 14, 2020, 4:47pm

OK, I will give it a try.
I did not change anything in my droplet. I just received an email 10 days ago when the status has changed from working to NoSet for IP address showing that the DNS has failed.