DNS Issues on System Check

1

Hi all,

I’ve been having a very confusing issue where the System Check page show’s the following on all domains/sub-domains:

Nameserver glue records are incorrect. The ns1.[domain] and ns2.[domain] nameservers must be configured at your domain name registrar as having the IP address [IP]. They currently report addresses of [Not Set]/[Not Set]. It may take several hours for public DNS to update after a change.

In the Ubuntu CLI I also see:

sudo: unable to resolve host [domain]: Resource temporarily unavailable

Which starts to crop up during the installation of MIAB…

The biggest confusion is - everything functions perfectly! What is this DNS issue!?

EDIT:
Further issues which I persume are related…

I also have these on the System Check page:

:heavy_multiplication_x: SSH Login (ssh) is running but is not publicly accessible at [IP].
:heavy_multiplication_x: Incoming Mail (SMTP/postfix) is running but is not publicly accessible at [IP].
:heavy_multiplication_x: Outgoing Mail (SMTP 587/postfix) is running but is not publicly accessible at [IP].
:heavy_multiplication_x: IMAPS (dovecot) is running but is not publicly accessible at [IP].
:heavy_multiplication_x: Mail Filters (Sieve/dovecot) is running but is not publicly accessible at [IP].
:heavy_multiplication_x: The SSH server on this machine permits password-based login. A more secure way to log in is using a public key. Add your SSH public key to $HOME/.ssh/authorized_keys, check that you can log in without a password, set the option ‘PasswordAuthentication no’ in /etc/ssh/sshd_config, and then restart the openssh via ‘sudo service ssh restart’.

Again the confusions are… MIAB is reachable publicly, via IP and domain and is functionioning perfectly… The SSH server also does NOT accept password based logins…

Why am I seeing all of these incorrect reports?

I suspect it has something to do with pfSense - but I just cannot figure it out. I’ve tried turning on NAT reflection as others have suggested in the links below… but it makes no difference.

EDIT2:

I’ve tried:
dig @[Local IP] [Domain] any
Which checks out fine!

When I try:
dig @[Remote IP] [Domain] any
Everything times out which is leading me to believe this is definetly an issue with my pfSense setup…

2

I had the same issue when I ran locally using pfSense. I figured out why MiaB was giving each warning, but then I just ignored the warnings after that.

Generally, MiaB doesn’t seem to be aware of when it is behind any kind of proxy.

The reason I abandoned local mail hosting was because I didn’t want to upgrade to a business account with my local ISP and FCrDNS was becoming a bigger deal for receiving servers, so I moved to VPS.

3

Everything is running perfectly and everything is working as expected… just the status’s on the System Status Check.

I’ve managed to make it happy by adding some Host Overrides in the DNS resolver for ns1 & ns2 .[domain] and pointing them to my public IP.

What is still bugging me and confusing me is:

:heavy_multiplication_x: SSH Login (ssh) is running but is not publicly accessible at [IP].
:heavy_multiplication_x: Incoming Mail (SMTP/postfix) is running but is not publicly accessible at [IP].
:heavy_multiplication_x: Outgoing Mail (SMTP 587/postfix) is running but is not publicly accessible at [IP].
:heavy_multiplication_x: IMAPS (dovecot) is running but is not publicly accessible at [IP].
:heavy_multiplication_x: Mail Filters (Sieve/dovecot) is running but is not publicly accessible at [IP].
:heavy_multiplication_x: The SSH server on this machine permits password-based login. A more secure way to log in is using a public key. Add your SSH public key to $HOME/.ssh/authorized_keys, check that you can log in without a password, set the option ‘PasswordAuthentication no’ in /etc/ssh/sshd_config, and then restart the openssh via ‘sudo service ssh restart’.

I imagine the complaints about the ports is another issue with pfSense… as I say… it all works fine… it just reports it doesn’t…

However, why on earth am I being told:

‘The SSH server on this machine permits password-based login. A more secure way to log in is using a public key. Add your SSH public key to $HOME/.ssh/authorized_keys, check that you can log in without a password, set the option ‘PasswordAuthentication no’ in /etc/ssh/sshd_config, and then restart the openssh via ‘sudo service ssh restart’’

It’s one of the first things I do when spinning up a new server… I’ve double checked it and restarted the ssh service… the server is definiately not accepting passwords for ssh login so why is it telling me so…? Is it tied to the port 22 check somehow?