External and internal DNS

maybe register a 5th domain at $10 and use it only for the box. problem solved.

1 Like

Or run a second mail server.

1 Like

or 1 domain 1 server

or quit the Internet :wink:

1 Like

Talking about that, I found a registrar proposing domains for a ONE TIME PAYMENT of $0.99. You just pay this price once, and there are no renewal fees. You just have to not care too much about the extension (it’s .pp.ua / “ua” being the country code of Ukraine). They even offer whois privacy (your details won’t show in the whois). I’ve checked, you seem to be able to set GLUE RECORDS on it with them. I didn’t test it yet, so I can’t confirm everything works or how it works. But this may be a good solution for OP here. Here it is: Regery (there is a referral code for me to make millions out of 99 cents one-time payments :wink: I’m kidding, of course)

I’m not sure about emails, but in the SEO world, google give these domain extensions very low SEO scores.

E.g. .com will score more than a .xyz

Domains that cost $1, $2, are mark as low reputation, and usually associated with spammers.

These domains rarely appears on search results.

I wonder if the same works for Email spam filtering. :thinking: :thinking: :thinking:

PS: If I see a .ua server in my mail.log I will likely add it to spam filter, do additional server backup, updates, fail2ban the IP and Domain, and entire IP range, and hopefully I still can go to bed, not worrying about my box being targetted by hackers. :grin: :grin: :grin: :smile: :smile: :smile:

PPS: pp.ua is actually a $0 domain and you can get for free at http://pp.ua … maybe u just wasted a dollar.

1 Like

Thanks a lot for your answers!!

I learned a lot about DNS (and cheap domains :D) yesterday/today. I wanted to reply to your posts earlier but everytime I typed some text I googled, tried, learned in a loop.

In the meantime I have

  • setup another miab in parallel to try out using it as ns from the very beginning
  • decided for one domain to be the one main domain

I didn’t have a problem with the fact that users see another domain when they read headers or use tools to read dns data. I really just thought it would be nicer to not “bind” every domain to one “main domain” and I thought there probably is an easy way around it…not a big deal just a little scrape in my perfectionism to minimize work on changes.

I understand that feature now. It simply is the possibility to set their nameservers as secondary to your nameserver. I had to set two things: in the domain settings I have set the first nameserver to my ns1.mybox.com / ip pair and the 2nd NS to one of their nameservers. In the zone settings I added their nameserver as secondary to my ip.

Thanks a lot for that summary! I have copied the link to your post to my notes for changing the main domain :+1:

Do you know what happens in the days after a primary dns dies? Lets take my setup as example…miab as primary and the nameserver(s) of my registrar as secondary. 2 scenarios:

  • my miab dies the secondary nameservers are still up and running
    • will, at any point, the secondaries remove the zone after not reaching the primary for days, weeks, months?!
    • anything else happening if primary nameservers disappear from the web for long time?!
  • all of the nameservers, that appear in the zone settings, die.
    • my miab server and the nameservers are operated by the same company (hetzner), so indeed possible. It’s not likely though, as I’m pretty sure that they have distributed their nameservers to all of their sites.

I have 1 domain that really should be reachable and I ask myself if it would always be better to configure this domain via external dns. Firstly because it’s already done and I fear to mess something up if I migrate to miab and secondly because of reliability.

Any thoughts on that?
Thanks a lot again for all your help! :man_teacher: :eye: :brain: :sparkling_heart:
Andy

If you are using the domain only for the mail server, it doesn’t really matter if the DNS dies together with the mail server since the mail server is not reachable anyway.

Mails usually try to resend (i think up to 3 days) if the mail server is not reachable, other wise it will drop the mail, and probably, if the sender’s mail server is properly configured, will send a alert to the sender.

I’ve created a post on how to create secondary server for free, which can ensure your DNS is up (e.g. you use your domain to host a website elsewhere), but like I said, if mail server is down, the mail is still not reachable.

Unless your registrar’s dns can server can act as a Slave DNS, you will need to manually copy all DNS entries over. My post below creates a DNS slave which automatically copy entries from your MIAB.

You need to ensure your server is up, by ensuring you don’t install unnecessary modifications, don’t install other applications in the same server which may cause other services to be down, have enough space, have enough memory etc.

I don’t think that’s the case (unfortunately). I answered to you in the other (dedicated) topic (about this and the rest): 99cents 1-time payment domains to setup your MIAB (no renewal) But if you can get them for totally free, please indicate to everybody how to do it!

i won’t do it since free stuff are usually what spammer uses.

It’s still an option, if anybody wants to use it (not for spam, of course) -knowing the potential drawbacks-. Options are good IMHO. I would also like to know if you can get them for totally free (as said, I don’t think so). You also have to activate them with a SMS confirmation, so that should prevent massive registrations (especially by spammers)

no, telling you by experience that these domains are spam proned and your mail may not reach recipients since it may likely get filtered.

Sharing information here means you are sharing information with all the potential mailserver owners. We need to be responsible for the information we share.

Sharing information that may harm their mails sending is not recommended.

I’m all about sharing all the negative aspects too. No problem about that. Something extremely cheap (almost free, here - Maybe even totally free if you’re right) isn’t probably as good as something you pay. That may seem quite logical. It can even be used only for testing purposes or specific uses. Honestly, I keep thinking that having access to different options (knowing about them existing) is a good thing. Now, I do also think it is very good to know about all aspects, especially the bad ones, so your comments are very welcome.

It now seems my comment has been flagged and deleted (OP in the other topic). That’s not good IMHO. I believe people are smart enough to make an educated judgment, and that they don’t need to be supposedly “protected” by totally hiding the information from them. But hey, that’s only my view.

PS: Could we maybe talk about everything related cheap domain (pp.ua or potential alternative) in the other topic? It would better than here where it’s rather off-topic, and alternating between 2 topics :wink:

Most secondary providers have a clause in their terms that if the primary is unreachable after x number of days, the service is discontinued. So, you’d be good for a short term outage but there is no reason for any outage to legitimately not be fixed in a few days at most.

As you said, not likely … but if it happened, your domain would eventually become inoperative. Again though, this is a scenario that would be corrected in 2-3 days if it occurred. Actually, to avoid this exact scenario, I would not host my Secondary DNS with the same provider as a rule.

I run a MiaB installation for a small non-profit web host. I use a third domain to be the generic MX name for the domains that are served by it (think something like email-server.net). This works well.

1 Like

Interestingly enough, if the info may be of any use to anybody, the nameservers of my MIAB have been changed by mistake very recently (I did a manipulation at my registrar which changed them without warning). A bunch of emails had been sent to it while it was down. I restored things a few hours later, and going forward, I was unable to receive any email from the website having sent the unreceived emails. I’m not sure if it was a DNS propagation thing, or if it was this server not sending the emails as it knew there were coming back a little earlier.

Everything resolved itself 2 days later: I did receive all the unreceived emails (so, there indeed seems to be a timeframe where returned emails are kept and there is a try to send them again a few days later). And I started to receive again emails from this website. Again, I’m not sure if the DNS were propagating during the time things were not working or if the sending mailserver was holding back.

One point to eventually also consider aside from reachability, is SPEED. I did a few tests, and going through MIAB DNS to access to a website isn’t were performant, especially compared to Cloudflare DNS for example, which are pretty good. You can easily multiply by 10 the time needed for the DNS request; 10 or 12 ms to 100 or 120 ms. (EDIT) WARNING: This may be totally false. Or only true when there are very few requests. But not very important in that case.

Wait, isn’t the whole DNS entry propagation to other DNS servers and TTL and all that stuff about caching that data near the user?
I mean, doesn’t the browser get the ip of the webserver from “the nearest” nameserver that has cached the zones info?!

1 Like

You actually make a good point. Maybe what I just found was that the DNS hadn’t propagated enough :wink: It is true I tested not that long after setting it up. It is possible (probable?) what I said at the end of my previous post is totally false.

I have to admit my knowledge of how DNS works as a whole hits its limits, here. But what is a site like this one actually testing in this case? https://www.dnsperf.com/ And when I did “dig” queries on domains I own with different registrars (so, with different nameservers configured on it), I did get different query times, coherent with the results of this site? (my MIAB query time being bad, but I can’t test again now as there was a modification recently)

Or maybe the caching needs actual requests, and there weren’t many for what I tested. That could be an explanation. EDIT: And/or another explanation may be that my tests included a check of the PTR pointer (reverse DNS), maybe that was why there was this difference.

doesn’t matter whether you host your DNS on your box, or external DNS, all domains are cached base on their TTL (Time to Live). TTL are usually set to default of 3600 seconds though it’s adjustable. So usually a quick restart of your server barely do any damage.

The only reason I can justify on using External DNS is if your domain is too big to fail. You cannot afford your server to go down. If your server go down, your domain cannot resolve once the cache expires. That’s where secondary DNS come in, it serves as a secondary server if the primary fails.

For domains which requires email, and does not have any website, I use the box’s DNS service so I don’t need to create individual records manually.

and NO, your email delivery speed has nothing got to do with the ‘SPEED’ of your DNS.

Neither are retries.

The retries are set by the sender’s mail server. For example, postfix have the following settings you can look at (which most likely gets overwritten by miab updates).

From: http://www.postfix.org/TUNING_README.html

queue_run_delay=300s (default: 300 seconds; before Postfix 2.4: 1000s) - How often the queue manager scans the queue for deferred mail.

minimal_backoff_time=300s (default: 300 seconds; before Postfix 2.4: 1000s) - The minimal amount of time a message won’t be looked at, and the minimal amount of time to stay away from a “dead” destination.

maximal_backoff_time=4000s (default: 4000 seconds) - The maximal amount of time a message won’t be looked at after a delivery failure.

maximal_queue_lifetime=5d (default: 5 days) - How long a message stays in the queue before it is sent back as undeliverable. Specify 0 for mail that should be returned immediately after the first unsuccessful delivery attempt.

bounce_queue_lifetime=5d (default: 5 days, available with Postfix version 2.1 and later) - How long a MAILER-DAEMON message stays in the queue before it is considered undeliverable. Specify 0 for mail that should be tried only once.

1 Like

Nobody said that. I raised the point if you also point the domain to a website.
Even if you were loosing a few hundreds of milliseconds for your emails, it wouldn’t really be important.
It any case, my point seems wrong, so, there is no question.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.