i’d like to send mail from multiple subdomains of the same parent domain. ultimately i’m unable to get TLS certs for everything i’ve tried so far.
i deployed 2 VPS instances and installed MiaB on each, they’re named:
boxv1.mailpotato.io
boxv2.mailpotato.io
the status checks are all good but TLS is failing with a bunch of these errors:
The Certificate Authority reported these problems: Domain: autodiscover.boxv1.mailpotato.io Type: dns Detail: DNS problem: SERVFAIL looking up CAA for mailpotato.io - the domain’s nameservers may be malfunctioning
i also tried these with the same results:
box.s1.appundix.com
box.s2.appundix.com
i’m able to send mail from both of these (but failed DKIM and SPF)
i tried adding CAA records to DNS (like this) for each of those servers but that didn’t help. is it possible to add this record to a parent domain somehow? i tried deploying a separate vpm to try to run miab as the parent domain (appundix.com) (to add dns records for the parent) but it didn’t like that (sudo: unable to resolve host appundix.com: Temporary failure in name resolution)
Here is the million dollar question … are you sending email from the same or different domains in each instance?
In each of your examples you set up Glue records for both instances, right?
From your errors it appears that you are trying to run authoritative DNS from two different instances simultaneously for the domain mailpotato.io? Would that be the case? If so, that ain’t gonna work.
Here is the million dollar question … are you sending email from the same or different domains in each instance?
not sure i understand. i’d like them to be subdomains of the same domain, so sending from the same domain, yes? like box1.asdf.com, box2.asdf.com, box3.asdf.com, etc
In each of your examples you set up Glue records for both instances, right?
From your errors it appears that you are trying to run authoritative DNS from two different instances simultaneously for the domain mailpotato.io? Would that be the case? If so, that ain’t gonna work.
Aye, we are on the same level here as far as the server host name is concerned.
What I am asking about is the domain mailpotato.io itself. Where is it’s DNS being hosted? Do you know?
WHOIS is telling me that you have listed the name servers as being both boxes. Again, that is not possible.
The other question is where will the email for the domain mailpotato.io be hosted?
In your OP you stated:
Which is not a problem. What is a problem is if you are wanting to send mail from the same parent domain from both boxes.
Please clarify exactly what your end goal here is, thanks!
Looking further, this vps is not reachable at all – ns1.boxv1.mailpotato.io. 3600 IN A 144.202.117.93
However the other can be reached. However even though I can ping it, I cannot connect to postfix on ports 465 or 587, nor DNS on port 53. Is there an external firewall in play?
well, as i understand it, it used to be hosted by namecheap, but then by setting the Custom DNS stuff on namecheap’s config, i transferred DNS control to the mailinabox boxes. which, as i think i understand now, doesn’t make any sense bc there are two competing DNS authorities for mailpotato.io which is causing these weird conflicts.
What is a problem is if you are wanting to send mail from the same parent domain from both boxes.
i dont need to have all the emails being sent directly from the same domain. but can they send from different subdomains of the same parent domain? eg, where box 1 sends emails from me@box1.asdf.com, and box2 sends from me@box2.asdf.com?
basically i dont care about any specifics, i would just like to send emails somehow from a mail server on b1.example.com and also from one on b2.example.com and b3.example.com…
You do not need multiple mail servers to send email from multiple sub-domains. However, you could if you wanted to. But why would you want to if you don’t have to? Granted, there may well be a very practical reason, which is why you could.
You’re falling into the trap of confusing the mail server’s hostname with the (sub)domain’s that are hosted by the mail server.
ok awesome. yes, i’m interested in having separate multiple MiaB mail servers with separate IP addresses sending mail from b1.asdf.com and b2.asdf.com etc
Ok, this is a more complex set up DNS wise. Due to this I recommend that you have a second domain name solely for the purpose of hosting the MiaB servers. This is not a requirement, but it will make everything work so very much simpler. Can you do this?
Assuming yes, and assuming that the domain name you use is abcd.com then you will have to create NS records for each MiaB on the server in DNS. Most registrar’s DNS servers do NOT accommodate this, but your registrar, Namecheap, does. For the domain abcd.com you will leave the name servers pointed to Namecheap and will create an NS record for both box1.abcd.com and box2.abcd.com. You will also create the necessary Glue records as you did the first time around. But remember NOT to point the name servers to the MiaB servers, but leave them at Namecheap.
From there proceed as normal to install MiaB using an admin user with the subdomain for each individual box rather than the root domain. Be sure to fix the suggested host name accordingly during the install process.
Once the two boxes are created and up and running, you can add email users for the two subdomains b1.asdf.com and b2.asdf.com. One to each box accordingly. DNS for asdf.com will need to be handled externally, since only one server can handle DNS for a domain, so you will need to copy the appropriate records from the admin area of each MiaB to the DNS for asdf.com.
You could choose to use one of the two boxes for DNS for asdf.com but that adds yet another layer of complexity. Let’s say that you choose to host DNS for asdf.com on box1.abcd.com, you’ll need to copy the DNS records from box2’s external DNS page to box1’s custom DNS page.
Like I said, this is complex but do-able. I provide installation and maintenance services for MiaB servers. I’d charge $100 per server to set this up, which is my usual charge of $75 plus an additional $25 for the extra DNS work. Let me know if you need my assistance.
yes. what should i do instead?