I got this error after updating my installation.
The DANE TLSA record for incoming mail (_25._tcp.box.domain.org) is not correct. It is '3 0 1 02d6b1d2bcdd4242afdc1a105b0dca8259d035b89dfd650e6cc55d246b1015a4' but it should be '3 1 1 ebf6406738d3758841e4c3588006e8cc08805399891c6d44ec06df4e1235fe3b'. It may take several hours for public DNS to update after a change.
Still not fix with this command: tools/dns_update --force
Mail-in-a-Box Version: v0.15a-29-g2ad7d08
and I did not update the ssl cert outside of the admin interface.
What I did is just update to recent release.
As it says, it may take several hours for public DNS to update after a change. Has this resolved itself on its own since you posted?
5 hours now, since I posted.
Still showing that error.
Okay I will wait for several hours more.
On System > External DNS, it is showing:
3 1 1 ebf6406738d3758841e4c3588006e8cc08805399891c6d44ec06df4e1235fe3b
Are you using External DNS? 
No I’m not using external DNS.
23 hours now, but still showing the error.
How can I fix this ? 
Thanks!
/etc/nsd/zones/box.example.com.txt fie content.
`$ORIGIN box.domain.org.
$TTL 1800 ; default time to live
@ IN SOA ns1.box.domain.org. hostmaster.box.domain.org. (
2015073100 ; serial number
7200 ; Refresh (secondary nameserver update interval)
1800 ; Retry (when refresh fails, how often to try again)
1209600 ; Expire (when refresh fails, how long secondary nameserver will keep records around anyway)
1800 ; Negative TTL (how long negative responses are cached)
)
IN NS ns1.box.domain.org.
IN NS ns2.box.domain.org.
IN A 45.63.123.231
IN SSHFP 3 2 ( 31621D18C588FD45537A061F581F0A4A371B966691C8B7C993FB43B1D5E0DA38 )
IN SSHFP 1 2 ( 5EB83C8008240727A1002D4BBF277DBFA031BEFBE492A50DCC144F3F7C752C52 )
IN MX 10 box.domain.org.
IN TXT “v=spf1 mx -all”
_dmarc IN TXT "v=DMARC1; p=quarantine"
mail._domainkey IN TXT "v=DKIM1; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzyGnEQQLZ3PdxJcNU6P6cchWC7s3qGcBjr92M5g8jy0ZE2W22xl7fL7TBOUCZuxL3/GAx+lqahvxtWLC5ai6J+$
_25._tcp IN TLSA 3 0 1 03ac133f6c2b33c7f1148611cfa48b88df5d35262c253b046c92903a827f01a3
_443._tcp IN TLSA 3 0 1 03ac133f6c2b33c7f1148611cfa48b88df5d35262c253b046c92903a827f01a3
ns1 IN A 45.63.123.231
ns1 IN TXT “v=spf1 -all”
_dmarc.ns1 IN TXT "v=DMARC1; p=reject"
ns2 IN A 45.63.123.231
ns2 IN TXT “v=spf1 -all”
_dmarc.ns2 IN TXT "v=DMARC1; p=reject"
www IN A 45.63.123.231
www IN TXT “v=spf1 -all”
_dmarc.www IN TXT “v=DMARC1; p=reject”
`
That file has the old TLSA record. For some reason Mail-in-a-Box isn’t updating that file.
What remedy can I do?
Something like chwon? chmod? or ?
Thanks!
Currently, all files on this folder was own by root:root.
I’m not sure what’s going on. You could try deleting (but save a backup first) that zone file, then running dns_update, and seeing what happens.
You haven’t modified the source code of Mail-in-a-Box, right?
No, all default.
But I’m using the master branch, does it matter?
Doesn’t fix it either.
File doesn’t get generated again, So I move back the file for now.
Are you sure you’re looking at the right zone file? Domains that are no longer in use by the box may still leave around old zone files.
Yes, that is my box hostname.
[quote=“JoshData, post:18, topic:1030”]
Domains that are no longer in use by the box may still leave around old zone files.
[/quote]It was active, and it is my MiaB Hostname :|.
I ask because
/etc/nsd/zones/box.example.com.txt
`$ORIGIN box.domain.org.
are different domain names-- but i understand if that’s just a typo in your replacement of the names here.
Otherwise, I have no idea what’s going on.