Letsencrypt expired, and dns errors


#21

the beauty of LXC…sure, thanks, I will try that then… Which one is the one I remove? bind9 or nsd4?

$ lxc list
±-------------±--------±-----------------------±-----±-----------±----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
±-------------±--------±-----------------------±-----±-----------±----------+
| box | RUNNING | 192.168.140.253 (eth0) | | PERSISTENT | 0 |
±-------------±--------±-----------------------±-----±-----------±----------+
| box20170216 | STOPPED | | | PERSISTENT | 0 |
±-------------±--------±-----------------------±-----±-----------±----------+
| box20170405 | STOPPED | | | PERSISTENT | 0 |
±-------------±--------±-----------------------±-----±-----------±----------+
| box20170418 | STOPPED | | | PERSISTENT | 0 |
±-------------±--------±-----------------------±-----±-----------±----------+
| box20170820 | STOPPED | | | PERSISTENT | 0 |
±-------------±--------±-----------------------±-----±-----------±----------+
| box20171014 | STOPPED | | | PERSISTENT | 0 |
±-------------±--------±-----------------------±-----±-----------±----------+
| box20171212 | STOPPED | | | PERSISTENT | 0 |
±-------------±--------±-----------------------±-----±-----------±----------+
| newtest | STOPPED | | | PERSISTENT | 1 |
±-------------±--------±-----------------------±-----±-----------±----------+
| newtestclone | STOPPED | | | PERSISTENT | 0 |
±-------------±--------±-----------------------±-----±-----------±----------+
| up | STOPPED | | | PERSISTENT | 0 |
±-------------±--------±-----------------------±-----±-----------±----------+
| up20170226 | STOPPED | | | PERSISTENT | 0 |
±-------------±--------±-----------------------±-----±-----------±----------+
| up20170520 | STOPPED | | | PERSISTENT | 0 |
±-------------±--------±-----------------------±-----±-----------±----------+
| vpn | STOPPED | | | PERSISTENT | 0 |


#22

I have named running on port 53 on my server so it should be correct. The reason the script is saying it is not open is because it runs a check out to see if port 53 is accessible on the public internet and if it is not gives you that message. Also, when I check to see if I can get any response for your domain out using nslookup tools I also don’t get a response.


#23

sorry, you mean “apt purge bind9” or “apt purge nsd”?


#24

I use ESXi for my virtualization platform, but they all work similar. Lets blow away both with the below:

apt-get remove bind9
apt-get remove nsd*

That should get rid of both from the server. Then check to see if anything is sitting on port 53 before starting the reinstall. I love the installer of MiaB as it is smart enough to reinstall missing services.


#25

nsd 1882 0.0 0.1 51820 28276 ? Ss 15:41 0:00 /usr/sbin/nsd -d -c /etc/nsd/nsd.conf
nsd 1886 0.0 0.2 58412 34308 ? S 15:41 0:00 /usr/sbin/nsd -d -c /etc/nsd/nsd.conf
nsd 1890 0.0 0.0 58704 1824 ? S 15:41 0:00 /usr/sbin/nsd -d -c /etc/nsd/nsd.conf

it looks like we have “nsd” running, instead of “bind9”… All distro is moving from “bind9” to “nsd/unbound” stuff…

I will try that.
thanks


#26

ooops, forgot to check before re-install mailinabox… :frowning:
but will check and do it again if not working still…


#27

updated DNS: OpenDKIM configuration
No TLS certificates could be provisoned at this time:

box.f2f10.com: DNS isn’t configured properly for this domain: DNS resolution failed (A: All nameservers failed to answer the query box.f2f10.com. IN A: Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered SERVFAIL).


#28

still the same errors…will redo it again…


#29

@box:~$ sudo netstat -plnt | grep named
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5694/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 5694/named
@box:~$ sudo netstat -plnu | grep named
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
udp 0 0 127.0.0.1:53 0.0.0.0:* 5694/named


#30

System

:heavy_multiplication_x: SSH Login (ssh) is running but is not publicly accessible at 76.10.176.225:22.
:heavy_multiplication_x: Public DNS (nsd4) is not running (port 53).

ok will check before re-installation…


#31

@box:~$ sudo mailinabox/management/status_checks.py

System

:heavy_multiplication_x: Local DNS (bind9) is not running (port 53).
:heavy_multiplication_x: Local DNS Control (bind9/rndc) is not running (port 953).
:heavy_multiplication_x: SSH Login (ssh) is running but is not publicly accessible at 76.10.176.225:22.
:heavy_multiplication_x: Public DNS (nsd4) is not running (port 53).
:heavy_multiplication_x: Incoming Mail (SMTP/postfix) is running but is not publicly accessible at 76.10.176.225:25.
:heavy_multiplication_x: Outgoing Mail (SMTP 587/postfix) is running but is not publicly accessible at 76.10.176.225:587.
:heavy_multiplication_x: IMAPS (dovecot) is running but is not publicly accessible at 76.10.176.225:993.
:heavy_multiplication_x: Mail Filters (Sieve/dovecot) is running but is not publicly accessible at 76.10.176.225:4190.
:heavy_multiplication_x: HTTP Web (nginx) is running but is not publicly accessible at 76.10.176.225:80.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
:heavy_multiplication_x: HTTPS Web (nginx) is running but is not publicly accessible at 76.10.176.225:443.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

@box:~$ sudo netstat -plnu | grep named
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
@box:~$ sudo netstat -plnt | grep named
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)


#32

It looks like that we need “bind9 and nsd” ???
this is before re-install mailinabox…


#33

@miabatf2f10 please contact your ISP / VPS provider to confirm they are not blocking the ports. (some VPS providers will auto block these ports if you send or receive too much mail as an example or if you violate a ToS somewhere)

Also confirm sudo is working as it should not complain about process ownership when running netstat with sudo.


#34

my ISP is not blocking it…I don’t have many emails as well…thanks for the tips anyway…


#35

I would still confirm to be safe, they might not have blocked it before, but a simple ToS update would allow them to, still worth a look.


#36

so, what ports do you suggest that they blocked? UDP/tcp 53?


#37

UDP 53, TCP 25, and TCP 993?


#38

If you give me your IP Address / Domain name for the miab server I can easily confirm if this is an external issue.


#39

:slight_smile: I tried to hide my IP , but obviously I disclosed it already…

Anyway, if you can help…76.10.176.225


#40

I am getting “220 box.f2f10.com ESMTP Hi, I’m a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)” when accessing ports 25 and 587 on that IP.

Is this correct for your server?