After moving my MIAB to a new ipaddress I’m having DNS problems. Status page says:
Nameserver glue records are incorrect. The ns1.box.frackmail.com and ns2.box.frackmail.com nameservers must be configured at your domain name registrar as having the IP address 167.172.124.173. They currently report addresses of [Not Set]/[Not Set]. It may take several hours for public DNS to update after a change.
This domain must resolve to your box's IP address (167.172.124.173) in public DNS but it currently resolves to [Not Set]. It may take several hours for public DNS to update after a change. This problem may result from other issues listed above.
But re-checked the glue records. They are indeed pointing to 167.172.124.173.
I checked the status page, re-ran setup, and rebooted the box, rechecked everything, checked the PTR record, checked the secondary dns, waited 3 days for DNS propagation.
dig on the box doesn’t even show a DNS listing:
dig frackmail.com +short
returns no A record
But pinging frackmail.com from another computer shows an A record clearly.
ns1.box & ns2.box must be set! Yes, even if you are using Secondary DNS at puck.
Next step — remove puck.nether.net as secondary dns … let’s get DNS working correctly first, then add puck. Make certain to add ns1 back as a name server at webnames.ca. Come back tomorrow after all that is done and we will go from there!
Something went wrong … I suspect it is you not pointing to ns1.box and puck. When a secondary is used, ns2 is replaced by the secondary within MiaB so your name servers should be ns1.box.frackmail.com and puck.nether.net at the registrar.
Give it a few hours to propagate throughout the internet. Your DNS looks MUCH better now that it did last night. I will look at it more closely a bit later, but I think with time it will all clear up. Then we can redo the secondary dns.
I rebooted the box again for the umpteenth time. Still the same status. Still the same broken DNS.
This is the third box with this domain name. The first box worked fine but had a low rep ip address so I decided to rebuild with a different ip address. The second (built and tested last week) had these problems we have been seeing. This third rebuild is no better than the first.
My old MIAB boxes are doing fine. I have some others I built some time ago.
I am wondering if there may be a recent broken dns clockworks between digitalocean droplets and MIAB. Droplets with MIAB don’t seem to be reading their own dns. Not sure of the next step.
An update to this issue … we have resolved it - explanation below:
This should have been an indication to me to check DNSSEC, but I missed it. The problem was that the OP enabled DNSSEC with his registrar, but did not change the entries when MiaB was moved to a new server. So, DNSSEC was failing, causing DNS to fail.
The solution was to remove DNSSEC records at the registrar. OP may re-enable DNSSEC if so desired by providing the data shown on the status page to the registrar.
So, in conclusion … if you move your MiaB to a different VPS (or change OS versions) you must change the DNSSEC key and record info with the registrar.
