False alarms about incorrect reverse DNS

Let me ping in as well, I’m getting these occasionally in some nightly email checks as well.

As I have not changed anything and my IPv4 & IPv6 for a while and rDNS are setup correctly on the provides end.

If I test rDNS from anywhere else:

dig -x ipv6_dotted_global1 +short # returns my box.example.com.
dig -x ipv6_dotted_global2 +short # returns my box.example.com. 
dig -x ipv4_dotted_public +short # returns my box.example.com. 

When I do test at any point in time from any external location rDNS resolve all fine, as matter of fact, they do resolve on the MIAB box ssh console as well right now using “dig -x”

Tracking the issue it appears to be related to the MIAB IPv6 ns listening interface and the python health check script “time outs” - my VM has three IPv6 addresses - two global and one local.

This is a list of listening service port 53, below (details omitted just to make it more readable):

ss -l | grep domain
udp  [127.0.0.1]:bind
udp  [ipv4_public]:nsd
udp  [ipv6_global1]:nsd            
tcp  [127.0.0.1]:bind            
tcp  [ipv4_public]:nsd             
tcp  [ipv6_global1]:nsd

As you can see NS service does not listen to my [ipv6_global2]:nsd despite the fact that during mail setup ( mailinabox ) I do specify that my main ipv6_global2 when it asks about IPv6:

cat /etc/nsd/nsd.conf
ip-address:[ipv4_public]
ip-address:[ipv6_global1]

Running the python check script from a terminal:

sudo mailinabox/management/status_checks.py
System
======
✖  Public DNS (nsd4) is running and available over IPv4 but is not accessible over IPv6 at my_ipv6_global2 port 53.

Adding my my_ipv6_global2 to the list in the /etc/nsd/nsd.conf ip-address:[ipv6_global2] and restarting the “nsd” and rerun all above all works!

Whether or not if the fix will last - will see, could be overwritten by the nightly cron scripts or setup/mailinabox.

Edit2: I think I found the culprit of the issue described here:

cat mailinabox/setup/dns.sh         
...
source /etc/mailinabox.conf # load global vars
...

# Since we have bind9 listening on localhost for locally-generated
# DNS queries that require a recursive nameserver, and the system
# might have other network interfaces for e.g. tunnelling, we have
# to be specific about the network interfaces that nsd binds to.
for ip in $PRIVATE_IP $PRIVATE_IPV6; do
		echo "  ip-address: $ip" >> /etc/nsd/nsd.conf;
done

cat /etc/mailinabox.conf

.....
PUBLIC_IP=[ipv4_public]
PUBLIC_IPV6=[ipv6_global2]
PRIVATE_IP=[ipv4_public]
PRIVATE_IPV6=[ipv6_global1]

This may be a bug, but @JoshData should check and see if this is a bug and this is the appriporate fix to change $PRIVATE_IP $PRIVATE_IPV6; in dns.sh to $Public*:

for ip in $PUBLIC_IP $PUBLIC_IPV6; do
		echo "  ip-address: $ip" >> /etc/nsd/nsd.conf;
done

@JoshData is this a working solution for all or it’s just me as I do have two global IPV6 addresses?

Regards,