Fresh install: dns seems to work from wan, but status checks fail

i made a fresh install. using box as DNS. glue records and nameservers are setup. i can easily access the box from the internet via hostname.

1.png832×936 35.7 KB

; <<>> DiG 9.11.3-1ubuntu1.8-Ubuntu <<>> @192.168.2.87 box.janning.tech any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53789
;; flags: qr aa rd; QUERY: 1, ANSWER: 10, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;box.janning.tech.              IN      ANY

;; ANSWER SECTION:
box.janning.tech.       1800    IN      A       91.190.230.87
box.janning.tech.       1800    IN      RRSIG   A 7 3 1800 20190728000000 20190628151307 15092 janning.tech. mYcHMSHGS360A40pCNpK3/OrQj97aJANUrsSYQzgRLT3RQrojE9v6Mle W5+k/rmhIe788ROnAFY4Fv33M13ngym9yFebLsHLyy0rrtUsQIS9M8zG IZ8otcyFgCXSkqGXNcfvWc5SgK9VVi78uPCiUE6/Rcjh0CUzOhm0YvTi xpw=
box.janning.tech.       1800    IN      RRSIG   MX 7 3 1800 20190728000000 20190628151307 15092 janning.tech. p5egN7G75E93yFyTv56QGHnvsIV7dSXtQiNWh0rJ5rWb6rI4kLIbSnro 5hgkWUZSMgAxAiDufuZWnkcx12GBCHvbV7kVS2GTOp0iPAtX6IsFA18R 3ac8V1Tzs9lFnk2AOeJPt+hRjujWmQU97u4r+2xYYLxkUlR9Sekknb8A ViM=
box.janning.tech.       1800    IN      RRSIG   TXT 7 3 1800 20190728000000 20190628151307 15092 janning.tech. ySUNWInvImHMa8+e12z3C+ZlXbXQc7bN9KPved6wJN5RtLEew2DlIOx6 aarOxyaHtkDetXqm9MSv0C6K6Li2vIGvkwTTs7jTf3ei2JEqNwu+Npi+ D2kOhGtxmQmyMUdR9txcWE72DQd7BKD9DdW1R8xTeuxs5Mvtb/DAkDjq Hqg=
box.janning.tech.       1800    IN      RRSIG   SSHFP 7 3 1800 20190728000000 20190628151307 15092 janning.tech. PVR1FaAumSy960Fa7xMwdN3w+k3zYwRKwJkJQt6zVK1tvhyPjH84ffJe gKB3jcBg/rTP05BBxLAt17txA2cy985iNXU5uj8ObvMDMFJjaCfZVmgR HUbOk1R9mqYjW1ya8DfYr/Ev1byGJMospcM+Rzw5EZ+18L5tdp8qw54a Ths=
box.janning.tech.       1800    IN      MX      10 box.janning.tech.
box.janning.tech.       1800    IN      TXT     "v=spf1 mx -all"
box.janning.tech.       1800    IN      SSHFP   1 2 E987D6CBC3FB0CF3E0C20F2BBFDD573B74E3930993008BFD3D59BD8C 0DCDE81C
box.janning.tech.       1800    IN      SSHFP   3 2 85DF43A98F82265F1CC586E8259DFB29B18E189DC2287DE2D37459DD 9AAF8D15
box.janning.tech.       1800    IN      SSHFP   4 2 25A745AE49FC216EB4B02C41ADAEF268654D4FB447509DD045B1A313 09B4BE64

;; AUTHORITY SECTION:
janning.tech.           1800    IN      NS      ns1.box.janning.tech.
janning.tech.           1800    IN      NS      ns2.box.janning.tech.

;; ADDITIONAL SECTION:
ns1.box.janning.tech.   1800    IN      A       91.190.230.87
ns2.box.janning.tech.   1800    IN      A       91.190.230.87

;; Query time: 0 msec
;; SERVER: 192.168.2.87#53(192.168.2.87)
;; WHEN: Sun Jun 30 17:19:59 CEST 2019
;; MSG SIZE  rcvd: 998

i can send mail to the box…

but some strange things in syslog:

Jun 30 17:17:01 box named[28523]: REFUSED unexpected RCODE resolving 'box.janning.tech/A/IN': 91.190.230.87#53
Jun 30 17:17:01 box named[28523]: REFUSED unexpected RCODE resolving 'box.janning.tech/AAAA/IN': 91.190.230.87#53
Jun 30 17:17:01 box named[28523]: REFUSED unexpected RCODE resolving 'box.janning.tech.janning.tech/A/IN': 91.190.230.87#53
Jun 30 17:17:01 box named[28523]: REFUSED unexpected RCODE resolving 'box.janning.tech.janning.tech/AAAA/IN': 91.190.230.87#53

thought fail2ban is blocking something?

2019-06-30 16:55:28,132 fail2ban.ipdns [32457]: WARNING Unable to find a corresponding IP address for box.janning.tech: [Errno -3] Temporary failure in name resolution

but stopping the service does not stop the status page errors.

How about externally??? How long has it been since you have set DNS and is propagation complete to you? Whilst this may have been an issue at the time you posted, it appears now that your DNS is well propagated.

Have you tried SSL issuance? Did it fail?

And have you rebooted since installation was complete?

Have you check your firewall if it is not blocking any of these ports?
sudo ufw status Will show you firewall status. You could share the output and we see.

machine is rebootet, fully patched. i cannot create LE cert:

Self-signed. Get a signed certificate to stop warnings. The domain name does not resolve to this machine: [Not Set] (A)

i created the domain, glue and installation about 72 hours ago. dns seems to work fine. but inside the box there´s a problem…

/etc/resolv.conf shows 127.0.0.1 as DNS. but localhost is not respondig to nslookup.
it does respond, if i use the internal ip.

root@box:/var/log# nslookup box.janning.tech 127.0.0.1
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find box.janning.tech: SERVFAIL

root@box:/var/log# nslookup box.janning.tech 192.168.2.87
Server:         192.168.2.87
Address:        192.168.2.87#53

Name:   box.janning.tech
Address: 91.190.230.87

root@box:/var/log# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
53                         ALLOW       Anywhere
25/tcp                     ALLOW       Anywhere
587/tcp                    ALLOW       Anywhere
993/tcp                    ALLOW       Anywhere
995/tcp                    ALLOW       Anywhere
4190/tcp                   ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)
53 (v6)                    ALLOW       Anywhere (v6)
25/tcp (v6)                ALLOW       Anywhere (v6)
587/tcp (v6)               ALLOW       Anywhere (v6)
993/tcp (v6)               ALLOW       Anywhere (v6)
995/tcp (v6)               ALLOW       Anywhere (v6)
4190/tcp (v6)              ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)

i changed /etc/resolv.conf nameserver to: 192.168.2.87
after a reboot, status page shows, that glue records are correct and domain resolves to box ip.

but how can in ensure, that dns is listening on localhost?

also some other problems occur with dns set to 192.168.2.87

root@box:/home/box# ping google.de
ping: google.de: Temporary failure in name resolution

That seems ok. Try this and see if it will work. sudo mailinabox it will re-run your set up.

Which VPS provider are you using? Hmm, nevermind … I see that you are not.

So something upstream on your network is blocking access. However, I haven’t a clue what it could be.

something is broken with dns.

Installing Roundcube (webmail)...
sudo: unable to resolve host box.janning.tech: Resource temporarily unavailable
Installing Nextcloud (contacts/calendar)...
sudo: unable to resolve host box.janning.tech: Resource temporarily unavailable

i think i will do a fresh install again.

hmm. Fresh install doesn´t work. maybe my type of network setup is not working for mailinabox.

the “box” has an internal ip address: 192.168.2.87 which is routed through an opnsense firewall. opnsense has some portforwarding from WAN IP (Virtual IP) to the neccessary ports: 25,53,80,143,etc.

maybe this type of structure is not supported? do i need to configure the “box” with the public ip address?

Upgrading to Nextcloud version 14.0.6
sudo: unable to resolve host box.janning.tech: Resource temporarily unavailable
creating sqlite db
sudo: unable to resolve host box.janning.tech: Resource temporarily unavailable
Nextcloud is already latest version
Installing Z-Push (Exchange/ActiveSync server)...
Installing Mail-in-a-Box system management daemon...
Already using interpreter /usr/bin/python3
Using base prefix '/usr'
New python executable in /usr/local/lib/mailinabox/env/bin/python3
Also creating executable in /usr/local/lib/mailinabox/env/bin/python
Installing setuptools, pkg_resources, pip, wheel...done.
Installing Munin (system monitoring)...
sudo: unable to resolve host box.janning.tech: Resource temporarily unavailable
updated DNS: box.janning.tech

You’ve got a unique setup as far as the typical audience of MiaB is concerned, so sadly you are probably going to be on your own.

The big hangup seems to be (from everything you have posted so far) with DNS port 53. I am not familiar with networking enough to give you any valid advice. But I would focus on port 53 … you may need to tweak your /etc/resolv.conf due to your network setup … of course in Ubuntu 18, it is much more convoluted than editing that file. Good luck!

I experienced similar issues with MiaB behind pfSense, and received no help on this forum. The project is currently very narrowly focused (in my opinion, too narrowly focused).

My purpose was mostly just to test MiaB as a project and the project performed flawlessly except for this one issue.

I did not modify any network settings on the server, but did configure pfSense to open ports (except 53) to MiaB, plus I used an external DNS server.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.