DNS when moving mailserver

tiggertlee · March 8, 2020, 9:56pm

I’m no expert as the thread proves, but the move yesterday from GD to NameSilo was a breeze. To top it off, the glue and dns appears to have picked up my server within about 3 min, my MiaB dashboard went to check boxes. So I will be moving all my GD parked names over to NameSilo asap.

On another note, I assume that the Let’sEncrypt is still waiting for the DNS prop to finish, as I just ran it and got “Cleaning up challenges Failed authorization procedure. autoconfig.box.tornmedia.com” as well as a bunch of other errors like “The client lacks sufficient authorization :: Invalid response from http://autodiscover.tornmedia.com/.well-known/acme-challenge/RH_jSl4nlfHshPqPvq15LBIZQe5yku9Za3Si180FOms [68.183.143.188]:”, even tho the IP address looks correct.

kellytrinh · March 10, 2020, 4:40am

Yeh that could be the case - I’ve found the urge to be anxious and trying to get everything done in (with the green checks) to be counter productive when I was setting.

Better would be to have a good idea what needs to be done (which you have covered) and after you execute; go to bed, come back next evening and then do the check. Its easier to get a feel for what is going right/wrong if you don’t have to worry about different update states from different DNS servers…

tiggertlee · March 10, 2020, 2:56pm

Odd, I am still seeing the failures on the Provision from Let’s encrypt. I believe I am now way past the 48 hour mark as I did the move on Sat, it is now Tue, any ideas?

Also an oddity, I opened box.tornmedia.com/mail and saw Database Error: Database not connected at the top of the page, nothing else showing. I had not opened that page to date, not sure if this is related to the provisioning of tls, but I doubt it…any other ideas?

openletter · March 10, 2020, 3:00pm

Did you try running sudo mailinabox? This runs the install script and can sometimes fix issues.

Also, a reboot occasionally fixes things.

tiggertlee · March 10, 2020, 3:26pm

Ok, different log after rerunning and rebooting:

Log:

Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Performing the following challenges: http-01 challenge for autoconfig.box.tornmedia.com http-01 challenge for autoconfig.tornmedia.com http-01 challenge for autodiscover.box.tornmedia.com http-01 challenge for autodiscover.tornmedia.com http-01 challenge for box.tornmedia.com http-01 challenge for tornmedia.com http-01 challenge for www.tornmedia.com Using the webroot path /root/estorage/ssl/lets_encrypt/webroot for all unmatched domains. Waiting for verification… Cleaning up challenges Failed authorization procedure. autodiscover.tornmedia.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for autodiscover.tornmedia.com - the domain’s nameservers may be malfunctioning, www.tornmedia.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for www.tornmedia.com - the domain’s nameservers may be malfunctioning IMPORTANT NOTES: - The following errors were reported by the server: Domain: autodiscover.tornmedia.com Type: None Detail: DNS problem: SERVFAIL looking up A for autodiscover.tornmedia.com - the domain’s nameservers may be malfunctioning Domain: www.tornmedia.com Type: None Detail: DNS problem: SERVFAIL looking up A for www.tornmedia.com - the domain’s nameservers may be malfunctioning

Also, I set STORAGE_ROOT to a dir I created under root, does that dir need special settings? I noticed a fail in php line 1 when installing nextcloud I think, didn’t capture it fast enough, with all the domain moving I didn’t think about folder settings…

openletter · March 10, 2020, 3:28pm

For large blocks of code or logs, please highlight the text and click the </> button.

tiggertlee · March 10, 2020, 3:32pm

Sorry about that let me try this:

Log:

Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Performing the following challenges: http-01 challenge for autoconfig.box.tornmedia.com http-01 challenge for autoconfig.tornmedia.com http-01 challenge for autodiscover.box.tornmedia.com http-01 challenge for autodiscover.tornmedia.com http-01 challenge for box.tornmedia.com http-01 challenge for tornmedia.com http-01 challenge for www.tornmedia.com Using the webroot path /root/estorage/ssl/lets_encrypt/webroot for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. box.tornmedia.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for box.tornmedia.com - the domain's nameservers may be malfunctioning, autoconfig.tornmedia.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: SERVFAIL looking up A for autoconfig.tornmedia.com - the domain's nameservers may be malfunctioning IMPORTANT NOTES: - The following errors were reported by the server: Domain: box.tornmedia.com Type: None Detail: DNS problem: SERVFAIL looking up A for box.tornmedia.com - the domain's nameservers may be malfunctioning Domain: autoconfig.tornmedia.com Type: None Detail: DNS problem: SERVFAIL looking up A for autoconfig.tornmedia.com - the domain's nameservers may be malfunctioning

openletter · March 10, 2020, 3:37pm

For some reason it is all in one line. Does it match the contents of /var/log/letsencrypt/letsencrypt.log?

Anything that is in the /root/ directory will only be readable by the root user, which is pretty much never the user reading anything. Changing these permissions will present serious security issues for your server.

tiggertlee · March 10, 2020, 4:23pm

Yeah I was an idiot not thinking. Moved everything to a non root dir, reinstalled, seems to be clean now.

Still throwing the error DNS problem: SERVFAIL looking up A for

Not sure why it is in one line, just copied off the admin page, looks like it matches what is in the log

alento · March 10, 2020, 4:33pm

Do you have an email address in the @tornmedia.com domain? How about @box.tornmedia.com?

tiggertlee · March 10, 2020, 4:34pm

I have one in the @tornmedia.com domain, tested I can login to webmail from it

alento · March 10, 2020, 4:35pm

Ok, hold on … something else is the problem - let me check some things. No need to add an email for @box.tornmedia.com.

tiggertlee · March 10, 2020, 4:35pm

Thanks, something seems to have gone wonky …

alento · March 10, 2020, 4:36pm

That something is dns … gonna check your name server listing in whois and the glue records once I finish my sandwich.

tiggertlee · March 10, 2020, 4:40pm

I did another reboot, just as I was closing the ssh session anyway. reran the provision and it worked…wonky

alento · March 10, 2020, 4:44pm

Hah, no wonder I am not getting consistent results! You were rebooting!

tiggertlee · March 10, 2020, 4:45pm

No worries…Suddenly I see emails flowing around!!!

Maybe the dns service got hung up, but seems to be working now…

WOW. This is so cool. I suppose I still need a real secondary dns…but still very cool that this is working finally

alento · March 10, 2020, 4:47pm

Yeah, odd … but seems to have been the case. Looks like all is functioning now!

alento · March 10, 2020, 4:52pm

@tiggertlee What’s next?

If I remember correctly you were going to set up Secondary DNS …

but what is the longer picture? You are going to be serving email for other domains from this box, correct? And where will the DNS be handled for those domains? MiaB or externally? If MiaB, do those domains have web sites and other services? If yes, you ABSOLUTELY should set up Secondary DNS for each domain. If DNS is going to be handled elsewhere, nothing more to do with those domains re DNS.

tiggertlee · March 10, 2020, 5:33pm

Correct, I do plan to serve email for some other domains in the not too distant futute, and yes they will all have websites (probably not on MiaB as they will be more dynamic) at minimum.