I absolutely love mail-in-a-box, it’s simple yet very powerful encompassing more than the average mail server’s functionality. One of which is the DNS configuration for domains.
I’ve tried a few different ways of configuring DNS on several domains but no matter what I do I always seem to have some red error in the status checks.
As per the instructions I added glue records to my MIAB domain.
I also configured the backup nameservers (digital ocean).
I set the nameservers of a website I’m hosting to those glue records.
When I add a new domain to MIAB I always have this error.
Secondary nameserver ns1.digitalocean.com is not configured correctly. (It resolved this domain as [WHERE IT IS HOSTED IP]. It should be [MAIL IN A BOX IP].)
How can I configure mail in a box to suppress this?
In an alternate configuration I set the nameservers of the website domain to those of digital ocean and the MX record to that of MIAB.
In this configuration I have the errors above plus another error.
The nameservers set on this domain are incorrect.
They are currently ns1.digitalocean.com; ns2.digitalocean.com; ns3.digitalocean.com. Use your domain name registrar’s control panel to set the nameservers to [MIAB GLUE ONE]; ns1.digitalocean.com; ns2.digitalocean.com; ns3.digitalocean.com.
I’ve tried adding the A record entries in the advanced DNS but that doesn’t help either.
What I did is:
ns1.box.example.com points to 220.127.116.11 at my registrar
ns2.box.example.com also points to 18.104.22.168 at my registrar
this removed the error for me, but is not best practice. For a simple domain with email for a few people this will be fine.
If you add a new domain, and it is hosted somewhere else, you simply use the Customer DNS feature in your admin panel to set the A record for the IP address of where the other domain is hosted. You could still have your email for that domain going to your box, though.
Say you have box.domain1.com setup and working fine for all your email. Then if you add domain2.com, you can set the Custom DNS for domain2.com by going to https://box.domain1.com/admin/ and then your box DNS will resolve domain2.com to the other IP address.
Is this what you’re trying to do?
Hi and thanks for the info, I’m not sure I understand it correctly though.
Are you saying that the glue records point to the web server hosting the domains and not the MIAB server?
I also tried to point the A record to the web host but then I was unable to re-prevision TLS certificates.
It seems that the TLS can only be provisioned for websites hosted on the box but as there’s very limited functionality like no PHP support this is not ideal.
I can provision certificates from my web server but I just want to know the best way forward.
Ensuring email delivery is my priority and MIAB does an excellent job of adding all sorts of DNS records to help with this.
It seems no matter which way I’ve tried I cannot find a workable solution which allows me to host websites on their own server and mail for those websites in the mail in a box server.
I made a graphic to show how I have things set up in the hope I’m doing something wrong and it can be corrected with some advice.
What about leaving the A record, but to get around not being able to re-provision TLS, install letsencrypt on your web server and db servers? Then a simple cron to renew them.
Digital Ocean has a great tutorial on letsencrypt.
My curiosity over the automatic TLS provisioning took me delving through the mail in a box code and ultimately led me to Certbot (previously known as your suggestion Let’s Encrypt Client). I have this installed on all my web servers and I highly recommend it. For reference here’s the newer tutorial.
While two from the graphic and the use of Let’s Encrypt solve the TLS it also leaves me with a single point of failure for both DNS and email. This is not ideal obviously so I’m still on the hunt for a way to use this mail server as a mail server and my web servers as web servers.
Maybe if Mail in a Box could output a different set of instructions to set up the DNS if the A record pointed to a remote server, this would solve a lot of my problems.
That has helped clarity things for me, much appreciated.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.