MTA-STS policy is missing: STSFetchResult.NONE

Hello everyone,
after some issues with MIAB, I had migrated to another solution in the spring.
Here I am back, following a hack on the other solution, and spam …
But, on the latest version that I find out everything works fine, but, I got an error regarding MTA-STS.
What value to create on my domain name.
I’ve been looking for two days, I’m stuck.
Last question, can we create dkim recordings?

Follow the instructions and use the verification sites in this thread and you’ll have no issues setting up mta-sts

Hello,
Thank you for your answer.
I saw this subject, but I admit that I did not understand everything.

tldr; Wait 48-72 hours and if the problem persists, then start wondering how to fix it.

Usually by the third day, it works properly. One question - are you using MiaB for DNS, or are you using External DNS?

I am sorry, but I don’t understand the question … what are dkim “recordings”? Could you elaborate please?

Good evening,
sorry for this late response.
Indeed I was using an external dns.
I created the subdomains ns1.mydomain.fr and ns2.mydomain.fr
I changed the dns server used by my domain name.
I have created three additional subdomains.

mta-sts.mydomain.fr. 60 A 000.000.00.000

mta-sts.mydomain.fr. 60 TXT
version: STSv1 mode: enforce mx: mail.mydomain.fr max_age: 604800

mta-sts.mail.mydomain.fr. 60 TXT
version: STSv1 mode: enforce mx: mail.mydomain.fr max_age: 604800

Everything is ok, great thank you.
I just have one last question, although it’s optional, I would like to enable DNSSEC.

In C-Panel I don’t have the option, is it just a subdomain to create?

thanks in advance

good evening to all

DNSSEC is enabled through your registrar. Depending on the registrar, there may be two steps, first enable DNSSEC, second create the DS records.

OK, thanks.
My service provider does not manage the dnssec, I requested the transfer of my domain name.

After, I know that there is the spf, the Dmarc and the DKIM to set up, the spf and the dmarc ok it’s simple, but the DKIM there seems to be a key to enter.

I ended up finding where the opendkim key was.
For those who are looking for it, it can be found on the System page, and external dns.
all you have to do is create a mail._domainkey.mydomain.fr subdomain in txt and insert the key of this style:

v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDiJryQ/FJpr2Es5vsGuZILYlciEbPmh9Ow0SFZ8CnfBuutnpf/2wzBZCoZFRh7EaIqNM96fE8eZNLN3ATIPmGmop/TYIRlHj4u90yoo7DsIzE9ylSpAaqN464/GCGrNBJQ7cXj5R12Vm7b19aHS0NKY0hv7rWJieJCq3VLAM5yWQIDAQAB

Attention, at some service providers using C-panel, we end up with a truncated key, (limitation of the number of characters) you must then click to add an additional field on the same record.

Hello,
I transferred my domain, I put in server name those of my mail server.
I have DNSSEC enabled, but how do I create a miab level record in custom dns?

If you enabled DNSSEC and added the DS key to the registrar, then added the MiaB DNS records (by default ns1.box.example.com and ns2.box.example.com) to the nameserver records for your domain, the rest of the records will be created automatically by MiaB.

The name server provided by miab does not support DNSSEC?
Because at my registar I put my own name servers, therefore, my registar no longer allowed me to manage the dns parameters of my domain.

In doubt, I restored the registrar’s name servers, wait for the propagation, then I will not delete my registar’s name servers, but add mine after creating my DS record.

For DNSSEC to work, you have to enable it at the registrar and add the key information to the registry. MiaB is configured to use DNSSEC by default.

In the dashboard ‘Status Checks’ page and under the domain it should state “This domain’s DNSSEC DS record is not set.” followed by the instructions for configuration.

For instructions on how to enable DNSSEC with your registrar, please either post who the registrar is or contact their support.

Yes, it absolutely does.

That is exactly what is supposed to happen. When you change the name servers from the registrar’s to your box’s, the registrar’s name servers should no longer function.

This is absolutely an incorrect method. Either you are using your registrar’s name servers, or you are using your MiaB’s name servers - you cannot use both. You are on a path to completely breaking DNS.

What was the solution you were using that got hacked?