Back at it. It was not TOO hard for a new Ubuntu build. Not to customize it beyond proper netplan for addressing and then successfully (I think!) install MiaB.
I can now go to the admin web URL, go to External DNS and see the base zone file you create.
I found out where the zone files are stored (yay locate command!): /etc/nsd/zones
Does not look wise to directly edit any of the files there. So…
The FIRST customization I want is to add an A record for another host:
medon IN A 23.122.122.50
But the External DNS tab is only display and download zone file.
Custom DNS lets me create a RR for a zone, but not seem to allow specifying the host name?
How does this go? After I get a couple other hosts set up in my main zone, I will create a subzone of test.htt-consult.com for further testing and next moving on to doing some mailing.
Also there is a strange thing going on with that External DNS page which I think is associated with the SSHD port. I moved my SSHD port to 1234 and I get an error on that web page and it would not do that nice display of all the zone records, yet I could still download the zone file. Do you have some SSH commands buried into your web scripting? I moved SSHD back to 22 and that page started working properly, so I really think this is a lockdown to SSHD to the default port? From a security position, this is not so good.
If I knew what your commands look like (ssh localhost or ssh host), I could probably edit /etc/ssh/ssh_config to provide the port value. I do that on my laptop to make connecting to my various hosts with there non-default SSHD port, and still connect to github on port 22.
But IMO, changing SSHD port cuts down the noise of all the port knocking. Otherwise you have to implement rate limiting on the default port.
If you want to serve dns for another host, first add an email user for that domain. Then it will be possible to create custom dns entries for that new domain.
You should configure the ssh port through the sshd config as explained earlier. That is what mailinabox recognizes, and probably explains the error you see.
I will review the SSHD stuff you refer to and get back here on it.
Ah: sudo sshd -T | grep port and sudo sshd -T | grep listenaddress
I will change back to port 1234 and see what these report. Changing SSHD port number with systemd means many changes and what sshd -T reports may be from a config file that need not be changed for how SSHD really listens now. Will work on that tomorrow. Along with DNS stuff.
Are you just adding local servers to the main domain - like myprinter.mydomain.com? Use the admin page / System / Custom DNS and Set custom DNS records.
Wow. The name field content hint is rather misleading. It suggests a subdomain. Perhaps “host name or subdomain”?
So moving forward on the DNS front. Interesting all the other RR you add for a host (e.g, SPF). I run logwatch on all my servers and their postfix sends email typically to rgm@htt-consult.com
I will get around to testing this, but if you can forewarn me,
add lines like whitelist_from *@server.domain.com to /etc/spamassassin/99_local.cf
add name or address of known acceptable servers to /etc/postgrey/whitelist_clients.local
send test email from each server - might need to wait 3 mins and resend, to get through greylisting the first time
check that nothing in /etc/ssh/sshd_config.d/* has PasswordAuthentication yes … Ubuntu seems to include this by default and any ‘yes’ overrides defaults . I use sshd -T | grep password to check the effective config.
Also set-up watchdog timer and secondary DNS, if you/your-hardware support them.
The External DNS Download option opens a dialog box that, at least on Firefox, is a pain to use. You have to selectively highlight the content of the dialog (cntl-A also highlights the page behind the dialog box), and copy the clipboard into a file editor of choice. Something more effective for getting the zone file locally would be nice.
I had to edit /etc/ssh/sshd_config, adding the line
Port 1234
and then
sshd -T | grep port
port 1234
gatewayports no
And admin External DNS works.
Interesting, as with systemd, /etc/ssh/sshd_config is supposedly not used. At least for port SSHD is listening on.
One more vagary to keep track of.
Oh, I would gladly share here all the changes one needs to make for Ubuntu 22 to move the SSHD port. Just tell me where to send the instructions. There are a number of files to change and add and it is poorly documented in Ubuntu help…
Oh course, someone here might say: “here is the easier way!”
It looks like the instructions are to first create an email addr in that subdomain. I tried that with rgm@test.htt-consult.com and got an internal error. Note that is the same user name as rgm@htt-consult.com. I don’t know if that matters?
That threw an error, but the record is showing on the Custom DNS page. OK. I go to the External DNS page and get an error and it will not list the zone file and contents.
I log in and look in /etc/nsd/zones and only the htt-consult.com zone. No sub zones. I grep that directory content for both test and NS and no NS records there for test.htt-consult.com
Obviously something is off, but I ask for some help on where to look.
This resulted in a lot of DNS records in the htt-consult.com.txt zone file for test.htt-consult.com. MiaB is not doing this as a separate zone file with various NS records. OK. I can work with that. Besides the test subdomain, the only active subdomain is labs which has real users.
Testing plan:
I will use one of the imap tools to move the email from the old server to klovia and then check out the mail with roundcube.
Here is my question for now:
As much as I would like to switch my public DNS, I can’t yet until I move all email. Which DNS records for test.htt-consult.com do I move to my current public DNS to get mail sent here? I might think all I need to add to my test.htt-consult.com.zone is:
. I use 
MIAB is a community project - I imagine