External and internal DNS

Hi there,

I am playing around with my first MIAB. I have 4 private domains that I want to have email accounts for at the end.

I started with one of the domains I don’t use at the moment and used the external dns feature to learn about the necessary entries. That worked fine.

Now I tried to setup the second unused domain. This time I tried out miab as primary name server. I have set the ip of miab as that primary nameserver at my registrar, but after ~2h I still could not ping the domain. So I tried something else. Instead of setting miab as primary nameserver I added a zone file with an A and a NS entry both pointing to my box.
Ping works now but miab tells me:
The nameservers set on this domain are incorrect. They are currently <ip>. Use your domain name registrar’s control panel to set the nameservers to ns1.mail.<my-first-domain>.com; ns2.mail.<my-first-domain>.com.

Is it really necessary to let the NS point to ns1.mail.<first-domain> for DNS to work? Wouldn’t it be enough if the nameserver points to the right ip where DNS listens on port 53?

Setting up ns1/ns2.mail… works (miab does not show the above message anymore), but i would prefer if those domains are not coupled. Because I would prefer to change that “main-domain” of the box to be another domain later on (to have that main domain as reverse dns entry)

Also, it does not help with all of the other DNS related red status messages in that second domain.

When i do dig <second-domain> @localhost MX I don’t get the box as valid MX entry. So I guess miab has copied the entries from the (now main) nameservers that I have set at my registrar. So my plan can not work…

Is there any way to mix external DNS and using miab as primary nameserver on different domains?

Happy about everything that helps me understand…
Thanks and have a nice day
Andy

I don’t think you can directly use an IP as NS, you have to enter a domain. It’s weird your registrar even let you do it.

You may be tempted to ask me why that is. I would be unable to answer, you have to research it.

External NS would be your solution in the meantime. Be aware that your primary domain will still show in the headers of the emails sent from your secondary domains. But it’s not for “the world to see”, only people receiving the emails (and looking at the headers).

Yes, because the RFC states to use a domain.

There is no easy way to eliminate your mail server domain from appearing somewhere in a domain’s published records (e.g., ns1.box.example.com for nameserver or box.example.com for mx record) when you want said domain to have mail served by your mail server. You could have an external wildcard forwarding service, but this will be clunky and your replies may appear unprofessional (plus, as @MIAB-lover notes, the mail server must present itself to the receiving domain for mail sent).

My advise is, follow the MIAB way and get the server running. When it’s time to change your domain, then you change your settings.

It’s as simple as

1. changing the glue record at your registrar.
2. sudo mailinabox ( if you are using MIAB dns)/

Personally, I don’t see why you need to move your box DNS to external DNS. For other domains maybe, not really the main domain. Mail in a box made things very easy, while installers try to make it complicated.

1. Use a domain.com for your box.
2. Set glue record for domain.com and mailinabox will take care of dns.
3. Register 2/3/4/5/6 domains point all to ns1.box.domain.com and let mailinabox take care of the rest

Everything working? You want more control… then move on to external DNS, by copying all the details over.

IF you have made changes at your registrar, or external DNS servers, please note DNS updates can take up to 48 hours to resolve and propagate. It is not immediate.

@daveteu He didn’t talk of moving the box to external DNS, but not wanting the SECOND domain to be associated to the first one (=the box) => He didn’t want “ns1.box” & “ns2.box” to appear as the nameservers of the SECOND domain. Now, I didn’t think about the MX records, as @openletter mentions. Let’s say it may be a little less obvious as it doesn’t appear in a whois, and it is just a little more technical to get the information. But anybody can still for example go to mxtoolbox.com and get the MX records of a domain easily.

It might be possible to not set any MX records. I believe there will be a try to deliver the mail to the IP of the A record then (he needs to point it to the BOX IP in this case. You would necessarily need to receive the mail at the same IP as the web content). I’m not sure about this. But he could try it, and maybe it works fairly well. But querying the PTR records (reverse DNS) of the IP of the A record would still give you the domain name of the BOX. I guess there is no way to totally disassociate them (the BOX still needs to handle the mail for the second domain), but you can make it less visible for people not searching for it.

maybe register a 5th domain at $10 and use it only for the box. problem solved.

Or run a second mail server.

or 1 domain 1 server

or quit the Internet

Talking about that, I found a registrar proposing domains for a ONE TIME PAYMENT of $0.99. You just pay this price once, and there are no renewal fees. You just have to not care too much about the extension (it’s .pp.ua / “ua” being the country code of Ukraine). They even offer whois privacy (your details won’t show in the whois). I’ve checked, you seem to be able to set GLUE RECORDS on it with them. I didn’t test it yet, so I can’t confirm everything works or how it works. But this may be a good solution for OP here. Here it is: Regery (there is a referral code for me to make millions out of 99 cents one-time payments I’m kidding, of course)

I’m not sure about emails, but in the SEO world, google give these domain extensions very low SEO scores.

E.g. .com will score more than a .xyz

Domains that cost $1, $2, are mark as low reputation, and usually associated with spammers.

These domains rarely appears on search results.

I wonder if the same works for Email spam filtering.

PS: If I see a .ua server in my mail.log I will likely add it to spam filter, do additional server backup, updates, fail2ban the IP and Domain, and entire IP range, and hopefully I still can go to bed, not worrying about my box being targetted by hackers.

PPS: pp.ua is actually a $0 domain and you can get for free at http://pp.ua … maybe u just wasted a dollar.

Thanks a lot for your answers!!

I learned a lot about DNS (and cheap domains :D) yesterday/today. I wanted to reply to your posts earlier but everytime I typed some text I googled, tried, learned in a loop.

In the meantime I have

• setup another miab in parallel to try out using it as ns from the very beginning
• decided for one domain to be the one main domain

I didn’t have a problem with the fact that users see another domain when they read headers or use tools to read dns data. I really just thought it would be nicer to not “bind” every domain to one “main domain” and I thought there probably is an easy way around it…not a big deal just a little scrape in my perfectionism to minimize work on changes.

I understand that feature now. It simply is the possibility to set their nameservers as secondary to your nameserver. I had to set two things: in the domain settings I have set the first nameserver to my ns1.mybox.com / ip pair and the 2nd NS to one of their nameservers. In the zone settings I added their nameserver as secondary to my ip.

Thanks a lot for that summary! I have copied the link to your post to my notes for changing the main domain

Do you know what happens in the days after a primary dns dies? Lets take my setup as example…miab as primary and the nameserver(s) of my registrar as secondary. 2 scenarios:

• my miab dies the secondary nameservers are still up and running
  • will, at any point, the secondaries remove the zone after not reaching the primary for days, weeks, months?!
  • anything else happening if primary nameservers disappear from the web for long time?!
• all of the nameservers, that appear in the zone settings, die.
  • my miab server and the nameservers are operated by the same company (hetzner), so indeed possible. It’s not likely though, as I’m pretty sure that they have distributed their nameservers to all of their sites.

I have 1 domain that really should be reachable and I ask myself if it would always be better to configure this domain via external dns. Firstly because it’s already done and I fear to mess something up if I migrate to miab and secondly because of reliability.

Any thoughts on that?
Thanks a lot again for all your help!
Andy

If you are using the domain only for the mail server, it doesn’t really matter if the DNS dies together with the mail server since the mail server is not reachable anyway.

Mails usually try to resend (i think up to 3 days) if the mail server is not reachable, other wise it will drop the mail, and probably, if the sender’s mail server is properly configured, will send a alert to the sender.

I’ve created a post on how to create secondary server for free, which can ensure your DNS is up (e.g. you use your domain to host a website elsewhere), but like I said, if mail server is down, the mail is still not reachable.

Unless your registrar’s dns can server can act as a Slave DNS, you will need to manually copy all DNS entries over. My post below creates a DNS slave which automatically copy entries from your MIAB.

You need to ensure your server is up, by ensuring you don’t install unnecessary modifications, don’t install other applications in the same server which may cause other services to be down, have enough space, have enough memory etc.

I don’t think that’s the case (unfortunately). I answered to you in the other (dedicated) topic (about this and the rest): 99cents 1-time payment domains to setup your MIAB (no renewal) But if you can get them for totally free, please indicate to everybody how to do it!

i won’t do it since free stuff are usually what spammer uses.

It’s still an option, if anybody wants to use it (not for spam, of course) -knowing the potential drawbacks-. Options are good IMHO. I would also like to know if you can get them for totally free (as said, I don’t think so). You also have to activate them with a SMS confirmation, so that should prevent massive registrations (especially by spammers)

no, telling you by experience that these domains are spam proned and your mail may not reach recipients since it may likely get filtered.

Sharing information here means you are sharing information with all the potential mailserver owners. We need to be responsible for the information we share.

Sharing information that may harm their mails sending is not recommended.

I’m all about sharing all the negative aspects too. No problem about that. Something extremely cheap (almost free, here - Maybe even totally free if you’re right) isn’t probably as good as something you pay. That may seem quite logical. It can even be used only for testing purposes or specific uses. Honestly, I keep thinking that having access to different options (knowing about them existing) is a good thing. Now, I do also think it is very good to know about all aspects, especially the bad ones, so your comments are very welcome.

It now seems my comment has been flagged and deleted (OP in the other topic). That’s not good IMHO. I believe people are smart enough to make an educated judgment, and that they don’t need to be supposedly “protected” by totally hiding the information from them. But hey, that’s only my view.

PS: Could we maybe talk about everything related cheap domain (pp.ua or potential alternative) in the other topic? It would better than here where it’s rather off-topic, and alternating between 2 topics

Most secondary providers have a clause in their terms that if the primary is unreachable after x number of days, the service is discontinued. So, you’d be good for a short term outage but there is no reason for any outage to legitimately not be fixed in a few days at most.

As you said, not likely … but if it happened, your domain would eventually become inoperative. Again though, this is a scenario that would be corrected in 2-3 days if it occurred. Actually, to avoid this exact scenario, I would not host my Secondary DNS with the same provider as a rule.

I run a MiaB installation for a small non-profit web host. I use a third domain to be the generic MX name for the domains that are served by it (think something like email-server.net). This works well.

Interestingly enough, if the info may be of any use to anybody, the nameservers of my MIAB have been changed by mistake very recently (I did a manipulation at my registrar which changed them without warning). A bunch of emails had been sent to it while it was down. I restored things a few hours later, and going forward, I was unable to receive any email from the website having sent the unreceived emails. I’m not sure if it was a DNS propagation thing, or if it was this server not sending the emails as it knew there were coming back a little earlier.

Everything resolved itself 2 days later: I did receive all the unreceived emails (so, there indeed seems to be a timeframe where returned emails are kept and there is a try to send them again a few days later). And I started to receive again emails from this website. Again, I’m not sure if the DNS were propagating during the time things were not working or if the sending mailserver was holding back.

One point to eventually also consider aside from reachability, is SPEED. I did a few tests, and going through MIAB DNS to access to a website isn’t were performant, especially compared to Cloudflare DNS for example, which are pretty good. You can easily multiply by 10 the time needed for the DNS request; 10 or 12 ms to 100 or 120 ms. (EDIT) WARNING: This may be totally false. Or only true when there are very few requests. But not very important in that case.