DNSSEC causes DNS records to fail

I set up a new user. The DNS is hosted externally to miab.
I set everything correctly and email was working,

Then, I set DNSSEC at my registrar and that broke the mail DNS records. I could no longer send or receive mail.

The DNSSEC records messed up my mail DNS records.

Do you know why that is and how I can set DNSSEC on a domain using external DNS that does not break DNS mail records?

Remove the DNSSEC records. I suspect that you took them from the MiaB admin status page, right? @amicheals

I removed the DNSSEC records and after a few hours, mail started working again.

I took it from the status email I got at night.

Is there another place for DNSSEC records or another way to do it? Or should I not set DNSSEC?

Hi, sorry I had meant to offer more information but I got distracted.

DNSSEC is tied to the name server that you are using, so setting DNSSEC based on the information from the nightly status emails or from the status page of MiaB would be incorrect since in your case you are using an external DNS provider.

If you really want to enable DNSSEC, you would need to get the details from whomever is hosting your DNS. Personally, I do not bother as it can be more problem than it is worth (as you just saw).

If you have a domain that is likely to come under attack for political or even monetary reasons I would enable DNSSEC but for the little guy that is hosting email on a VPS using MiaB … you certainly would not be doing this if you had to be concerned with someone hijacking your domain via DNS so, no reason to set DNSSEC. Again, that is my opinion though.

Thank you very much for your detailed response

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.