I’ve been encountering a Custom DNS issue when attempting to create a CNAME for one of my domains. I receive an error 500 box.
I have 3 domains hosted by MIAB and 2 of them update without issue.
By looking in the sky’s log file It appears to be connected to the /usr/bin/ldns-signzone command.
I recently moved the website of the problematic domain to the MIAB server after hosting it elsewhere. The email has been hosted here for some time. Happy to provide extra info if anybody has any ideas as to what I need to look for. I have rebooted the server a couple of times and I have reinstalled MIAB using the update process. I really don’t want to have to destroy the setup as everything else is running great. I’m still on the latest v57.
Thanks in advance.
I assume you use the Custom DNS menu on the admin page of the box and that there yoi receive the error. Is “error 500 box” the exact text of the error you receive.
Also, can you post part of the log you looked at? You mention ldns-signzone, but it helps to have a bit more context.
This is the message I get in Custom DNS control panel when adding or deleting an entry for a domain. It only happens with one domain.
Internal Server Error
The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.
I’ll have the log file extract in around 14 hours from now. I have the server terminal access on another machine which I currently don’t have access to.
This is the syslog entry I noticed. I checked the zones file and it looks identical to the other domain zones that work OK. So, I’m not sure where to go to from here.
May 9 10:57:46 box start: subprocess.CalledProcessError: Command ‘[’/usr/bin/ldns-signzone’, ‘-e’, ‘20230608’, ‘-
n’, ‘/etc/nsd/zones/website.com.txt’, ‘/tmp/Kwebsite.com.+013+07470’, ‘/tmp/Kwebsite.com.+013+03448’, ‘/tm
p/Kwebsite.com.+008+15655’, ‘/tmp/Kwebsite.com.+008+57633’, ‘/tmp/Kwebsite.com.+007+60810’, ‘/tmp/Kwebsite.com.+007+49982’]’ returned non-zero exit status 1.
Still no luck with this. The situation is that I have 3 domains hosted on the server. All the emails have been hosted there since their beginning. All good. I was hosting the website for the domain that I am receiving the 500 error for elsewhere, but recently changed this to hosting it on this server for now. It is a simple website with low traffic numbers. I wanted to change the smtp server since I am now unable to send anything to the hotmail domain. There is something going on between Microsoft and Akamai I guess.
Anyway, I can’t change any of the DNS settings for this one domain. They are registered in the server and they are displayed in the Custom Domain listing, but they are not seen outside the server when I check the DNS entries using something like MX Toolbox and I receive the error 500 box when I enter the info into the custom DNS field. I don’t want to destroy the server and recreate it as I don’t want to clear the mailboxes. I have tried reinstalling on top of what is there, but it hasn’t made any difference to anything. The other two domains allow changes without any issues. I’ll keep working at it and if I find anything I will update it here.
It looks like the mail-in-a-box code eats the error that is returned by
/usr/bin/ldns-signzone so it is difficult to see what happens there.
Some options that come to mind to troubleshoot:
- The custom dns entries are stored in
/home/user-data/dns/custom.yamlPerhaps you see something funny in there?
- You might try to move all
/etc/nsd/zones/website.*files to a safe location, then force a dns update, and then try to create a new custom dns entry.
- Perhaps there is something special about the CNAME you try to create. Does it have special name? Can you create the same CNAME for your other domains?
Yeah that could be improved… In the meanwhile, @veej you can run the original command to see what its output was. i.e. Run this on the command line. It will hopefully show you the problem:
/usr/bin/ldns-signzone -e 20230608 -n /etc/nsd/zones/website.com.txt /tmp/Kwebsite.com.+013+07470 /tmp/Kwebsite.com.+013+03448 /tmp/Kwebsite.com.+008+15655 /tmp/Kwebsite.com.+008+57633 /tmp/Kwebsite.com.+007+60810 /tmp/Kwebsite.com.+007+49982
Knowing the domain would be helpful …
At this point with what little information I have, I suspect that this is a DNSSEC issue. Please check if it is enabled at that domain’s registrar, and if so, turn it off.
Thanks for the reply. This is the error: Zone not read, error: Syntax error, could not parse the RR’s rdata at /etc/nsd/zones/hummingbird.help.txt line 14
I saw this written somewhere else as well.
I did check all the zone files and they all look identical.
Here is the start of that zones file:
$TTL 86400 ; default time to live
@ IN SOA ns1.box.mountainhamlet.com. hostmaster.box.mountainhamlet.com. (
2023051700 ; serial number
7200 ; Refresh (secondary nameserver update interval)
3600 ; Retry (when refresh fails, how often to try again, should be lower than the refresh)
1209600 ; Expire (when refresh fails, how long secondary nameserver will keep records around anyway)
86400 ; Negative TTL (how long negative responses are cached)
IN NS ns1.box.mountainhamlet.com.
IN NS puck.nether.net.
IN TXT “google-site-verification=62AUdPvu670kHmwF5miy6OylKcpdtbyAuzUK597Odiw”
IN CAA 0 issue letsencrypt.org
IN A 184.108.40.206
IN AAAA 2400:8907::f03c:92ff:fefe:9eab
IN MX 10 box.mountainhamlet.com.
IN TXT “v=spf1 mx -all”
I’m not quite sure which one is line 14, but would the google verification code be potentially affecting it? I’ve moved the email mailbox to a different provider for now as I really needed to send some emails to a hotmail address, but if there are any clues to this I would be happy to move it all back again.
@alento Would the DNSSEC only affect one of the three domains? All of them have identical settings and the other two domains edit without any issues.
@KiekerJan I’ve checked the zone files for any variance. The only bit that’s different is the google sites TXT entry - maybe that’s the issue? The other two domains edit and update without any issue with the exact same CNAME entries.
What happens if you (temporarily) remove or recreate the google-site-verification entry?
Yeah I don’t see an obvious problem, but
ldns-signzone can’t be lying. There must be an issue. Line 14 is probably the A or AAAA line.