NS authority section reply is wrong from MIAB machine itself

The problem is that the MIAB box itself cannot resolve its own A section address. My conclusion is that for some reason the DNS that’s running on the localhost has the wrong AUTHORITY SECTION reply. Here’s what I get for my box’ own domain name:

root@mailbox:/etc# dig mailbox.kypelihosting.com

; <<>> DiG 9.9.5-3ubuntu0.9-Ubuntu <<>> mailbox.kypelihosting.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6803
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mailbox.kypelihosting.com. IN A

;; AUTHORITY SECTION:
kypelihosting.com. 1179 IN SOA ns1.digitalocean.com. hostmaster.kypelihosting.com. 1435002584 10800 3600 604800 1800

AFAIK this means that the request if forwarded to ns1.digitalocean.com that is not going to handle the request. Thus, when resolving the host, it won’t work:

root@mailbox:/etc# host mailbox.kypelihosting.com
Host mailbox.kypelihosting.com not found: 3(NXDOMAIN)

Here’s the dig output for a domain that is hosted on the MIAB:

root@mailbox:/etc# dig kypeli.com

; <<>> DiG 9.9.5-3ubuntu0.9-Ubuntu <<>> kypeli.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1518
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;kypeli.com. IN A

I would assume the replies on these both should be the same. But I can’t figure out what’s wrong and where.

From the outside world, everything is working and the A record is resolved just fine => email is working and so on. But I have to renew my SSL certificates and that’s not going to work if the box cannot resolve its own domain name, so I would like to get this fixed.

Any help? Thanks!

Ok, this is weird, but I am sure it happened. For a while there, from localhost I was able to resolve my box’ A record:

root@mailbox:/var/log# host mailbox.kypelihosting.com
mailbox.kypelihosting.com has address 139.59.130.180

I went to the Status Check page to see what it says. It still said that it couldn’t resolve the domain name.

And now, when trying to resolve the domain name again from command line, it fails:

root@mailbox:/var/log# host mailbox.kypelihosting.com
Host mailbox.kypelihosting.com not found: 3(NXDOMAIN)

So why would Status Check page break the DNS setup? Going to mark this as “Improvement” since it looks like a bug.

Where does MIAB store the DNS settings for all of its domains? Something must be wrong there.

You haven’t set up your glue records properly.

~$ whois kypelihosting.com

Domain Name: KYPELIHOSTING.COM
Registrar: GANDI SAS
Sponsoring Registrar IANA ID: 81
Whois Server: whois.gandi.net
Referral URL: http://www.gandi.net
Name Server: NS1.DIGITALOCEAN.COM
Name Server: NS2.DIGITALOCEAN.COM
Name Server: NS3.DIGITALOCEAN.COM

Those should be ns1.box.kypelihosting.com and ns2.box.kypelihosting.com

The setup doc describes them, and you can search for help on how to do it at Gandi.

Wow, thanks a lot!

I knew it must be something with my original setup, I just couldn’t figure out that the issue was the name server of the top level domain name based on the error message shown.

I originally didn’t want to use my MIAB box to take over the DNS for the top level domain. The setup instructions mention the use of external DNS, so it should be possible to have the DNS elsewhere. I just missed setting up the glue records at my domain registrar. Thanks for pointing this out to me!