False alarms about incorrect reverse DNS

I sometimes received the timeout error as well in the nightly status emails:
Your box’s reverse DNS is currently [timeout], but it should be box. … .com. Your ISP or cloud provider will have instructions on setting up reverse DNS for your box.

My reverse DNS was correctly set for my VPS’s IPv4 address but not the VPS’s IPv6 address. Setting the reverse DNS for both fixed the sporadic status change for me.

UPDATE: I got the above message again today, so the above suggestion did not solve it.

2 Likes

Let me ping in as well, I’m getting these occasionally in some nightly email checks as well.

As I have not changed anything and my IPv4 & IPv6 for a while and rDNS are setup correctly on the provides end.

If I test rDNS from anywhere else:

dig -x ipv6_dotted_global1 +short # returns my box.example.com.
dig -x ipv6_dotted_global2 +short # returns my box.example.com. 
dig -x ipv4_dotted_public +short # returns my box.example.com. 

When I do test at any point in time from any external location rDNS resolve all fine, as matter of fact, they do resolve on the MIAB box ssh console as well right now using “dig -x”

Tracking the issue it appears to be related to the MIAB IPv6 ns listening interface and the python health check script “time outs” - my VM has three IPv6 addresses - two global and one local.

This is a list of listening service port 53, below (details omitted just to make it more readable):

ss -l | grep domain
udp  [127.0.0.1]:bind
udp  [ipv4_public]:nsd
udp  [ipv6_global1]:nsd            
tcp  [127.0.0.1]:bind            
tcp  [ipv4_public]:nsd             
tcp  [ipv6_global1]:nsd

As you can see NS service does not listen to my [ipv6_global2]:nsd despite the fact that during mail setup ( mailinabox ) I do specify that my main ipv6_global2 when it asks about IPv6:

cat /etc/nsd/nsd.conf
ip-address:[ipv4_public]
ip-address:[ipv6_global1]

Running the python check script from a terminal:

sudo mailinabox/management/status_checks.py
System
======
✖  Public DNS (nsd4) is running and available over IPv4 but is not accessible over IPv6 at my_ipv6_global2 port 53.

Adding my my_ipv6_global2 to the list in the /etc/nsd/nsd.conf ip-address:[ipv6_global2] and restarting the “nsd” and rerun all above all works!

Whether or not if the fix will last - will see, could be overwritten by the nightly cron scripts or setup/mailinabox.

Edit2: I think I found the culprit of the issue described here:

cat mailinabox/setup/dns.sh         
...
source /etc/mailinabox.conf # load global vars
...

# Since we have bind9 listening on localhost for locally-generated
# DNS queries that require a recursive nameserver, and the system
# might have other network interfaces for e.g. tunnelling, we have
# to be specific about the network interfaces that nsd binds to.
for ip in $PRIVATE_IP $PRIVATE_IPV6; do
		echo "  ip-address: $ip" >> /etc/nsd/nsd.conf;
done

cat /etc/mailinabox.conf

.....
PUBLIC_IP=[ipv4_public]
PUBLIC_IPV6=[ipv6_global2]
PRIVATE_IP=[ipv4_public]
PRIVATE_IPV6=[ipv6_global1]

This may be a bug, but @JoshData should check and see if this is a bug and this is the appriporate fix to change $PRIVATE_IP $PRIVATE_IPV6; in dns.sh to $Public*:

for ip in $PUBLIC_IP $PUBLIC_IPV6; do
		echo "  ip-address: $ip" >> /etc/nsd/nsd.conf;
done

@JoshData is this a working solution for all or it’s just me as I do have two global IPV6 addresses?

Regards,

I suggest finding the open issue on GitHub and sharing your information there.

This forum mainly deals with support issues, not dev issues. :slight_smile: Thanks! @mveplus

Morning @alento,

Thanks for the reminder! If this turns up to affect a lot of people I can create a PR for it but will leave it for now, until Josh have time to assess it.

Regards,

Had the same issue as @mveplus . That is “Public DNS (nsd4) is running and available over IPv4 but is not accessible over IPv6…” I updated the nsd.conf file with the correct IVP6 address, restarted the service, and all is well, for now.

1 Like

I’m getting the same timeout error, in the Status Change emails, with v0.54 and I’m not using IPv6:

Your box's reverse DNS is currently [timeout],...

Since I’m not using IPv6, is this issue really related to IPv6?

No, as suggested with the reports of IPv4 in this thread. I also have this experience for both IPv6 and IPv4, and variously one, the other, or both. However, of my issues with MiaB that I choose to work on, this isn’t one of them.

Do you know if this every got sorted. I have been using the server live for about 6 weeks and get this error every week via email.

I can make the above suggested patch myself but would rather stay as close to vanilla as possible.

Control Panel/Status is fine
External DNS tests are fine
IPv4 only (no IPv6)

I get it every day.

It looks like a patch was accepted, so hopefully fixed on the next update:

1 Like

Thanks for the update.

I went through both threads on this and git. I then decided to make the change from 100 to 175. Fingers crossed this may help it until we get the patch.
“max-recursion-queries 175;”

I haven’t experienced this issue for a while but it’s now happening AGAIN almost every day. Started about a week ago.

I tried going from 100 to 175. Didn’t make any difference for me.

What version of MiaB are you on?

Wow - Sorry for the late reply. I’ve just been ignoring the annoying (every other day) rDNS failure message in the current status emails. Currently, I’m on version 56. I am in the middle of upgrading to v57a as I’m typing this post. I will follow up.

It’s been six days since upgrading to v57. Just got my first false alarm this morning.