NSD4 is not running MIaB v56

hixie · February 19, 2022, 1:21pm

Hi I’ve been trying for about a week now to get a new MIaB server running but seem to be running into a problem i believes stems from nsd4 not working properly. I’ve previously had setup MIaB before on different servers and don’t remember having any problems like this. Any help would be appreciated.

Before anyone asks, the machine is
-brand new clean install of ubuntu 18.04lts nothing else installed
-self hosted VM
-i’ve restarted everything in different orders multiple times for over a week
-i’ve tried clean installs of OS and MIaB multiple times

Admin Panel

SSH Login (ssh) is running but is not publicly accessible at [censored]
✖	

Public DNS (nsd4) is not running (port 53).
✖	

Incoming Mail (SMTP/postfix) is running but is not publicly accessible at [censored]
✖	

Outgoing Mail (SMTP 465/postfix) is running but is not publicly accessible at [censored]
✖	

Outgoing Mail (SMTP 587/postfix) is running but is not publicly accessible at [censored]
✖	

IMAPS (dovecot) is running but is not publicly accessible at [censored]
✖	

Mail Filters (Sieve/dovecot) is running but is not publicly accessible at [censored]
✖	

HTTPS Web (nginx) is running but is not publicly accessible at [censored]

output of netstat -anop | grep 53

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      -                    off (0.00/0/0)
tcp        0      0 10.0.138.1:53           0.0.0.0:*               LISTEN      -                    off (0.00/0/0)
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      -                    off (0.00/0/0)
tcp        0      0 10.0.138.1:53           172.253.4.1:58102       TIME_WAIT   -                    timewait (49.37/0/0)
tcp        0      0 10.0.138.1:53           172.253.237.3:45208     TIME_WAIT   -                    timewait (49.37/0/0)
tcp        0      0 10.0.138.1:53           74.125.41.73:46080      ESTABLISHED -                    off (0.00/0/0)
tcp        0      0 10.0.138.1:53           172.217.43.202:34957    ESTABLISHED -                    off (0.00/0/0)
udp        0      0 127.0.0.1:53            0.0.0.0:*                           -                    off (0.00/0/0)
udp        0      0 10.0.138.1:53           0.0.0.0:*                           -                    off (0.00/0/0)
unix  2      [ ACC ]     STREAM     LISTENING     27253    -                    private/smtp
unix  2      [ ACC ]     STREAM     LISTENING     29853    -                    /var/run/dovecot/imap-urlauth-worker
unix  2      [ ACC ]     STREAM     LISTENING     26530    -                    /var/run/dovecot/master
unix  3      [ ]         STREAM     CONNECTED     53526    -                    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     22353    -                    
unix  3      [ ]         STREAM     CONNECTED     53135    -                    /var/run/dovecot/config
unix  3      [ ]         STREAM     CONNECTED     53835    -                    
unix  3      [ ]         STREAM     CONNECTED     25331    -                    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     25333    -                    /run/systemd/journal/stdout
unix  3      [ ]         STREAM     CONNECTED     25327    -                    /run/systemd/journal/stdout

output of nsd.log

[2022-02-19 19:40:38.009] nsd[1152]: warning: signal received, shutting down...
[2022-02-19 19:41:19.796] nsd[1225]: notice: nsd starting (NSD 4.1.17)
[2022-02-19 19:41:19.921] nsd[1345]: notice: nsd started (NSD 4.1.17), pid 1225
[2022-02-19 19:54:04.628] nsd[1345]: warning: signal received, shutting down...
[2022-02-19 19:54:44.277] nsd[1207]: notice: nsd starting (NSD 4.1.17)
[2022-02-19 19:54:44.387] nsd[1330]: notice: nsd started (NSD 4.1.17), pid 1207
[2022-02-19 20:39:12.863] nsd[1330]: warning: signal received, shutting down...
[2022-02-19 20:39:12.875] nsd[6789]: notice: nsd starting (NSD 4.1.17)
[2022-02-19 20:39:12.899] nsd[6798]: notice: nsd started (NSD 4.1.17), pid 6789
[2022-02-19 20:47:13.521] nsd[6798]: warning: signal received, shutting down...
[2022-02-19 20:47:44.713] nsd[8312]: notice: nsd starting (NSD 4.1.17)
[2022-02-19 20:47:44.738] nsd[8314]: notice: nsd started (NSD 4.1.17), pid 8312

nsd systemctl status

● nsd.service - Name Server Daemon
   Loaded: loaded (/lib/systemd/system/nsd.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2022-02-19 20:47:44 HKT; 32min ago
 Main PID: 8312 (nsd)
    Tasks: 3 (limit: 7051)
   CGroup: /system.slice/nsd.service
           ├─8312 /usr/sbin/nsd -d
           ├─8314 /usr/sbin/nsd -d
           └─8325 /usr/sbin/nsd -d

I’m very stuck, please help

latinhypercube · February 19, 2022, 2:48pm

Does an nslookup of your server/vms IP address return the expected box.example.com name?

You need reverse DNS to be working to start with. Maybe that’s the cause of the problems you’re seeing?

hixie · February 19, 2022, 3:10pm

nslookup results

A record returns the correct IP address
ns1 & ns2 records are both correct

Added info that might or might not help

The nameservers set on this domain are incorrect. They are currently [timeout]. Use your domain name registrar's control panel to set the nameservers to ns1.mail.hixie.org; ns2.mail.hixie.org

I know the nameservers i set are correct, i read in another post that [timeout] provides some good information

latinhypercube · February 19, 2022, 3:23pm

I assume you checked the reverse nslookup <IP address> and it resolved to you box name?

hixie · February 19, 2022, 3:41pm

i just checked, it does not. Could that be the problem?
However, my previous MIaB setups never had reverse DNS setup and they all worked.

latinhypercube · February 19, 2022, 6:11pm

Perhaps although it should be possible to complete the install without the reverse DNS set up which you appear to have done. I only suspected the forward DNS server might be complaining because of this but if you had it working before then maybe not.

I have only ever installed on a VPS with the expected settings so I might be misleading you.

hixie · February 19, 2022, 6:25pm

After hours of digging, is there some sort of clash between pfsense and MIaB? i’m getting a feeling that might be where the problem is.
My previous MIaB setups had all used untangle and not pfsense, could pfsense resolver be causing an issue?

latinhypercube · February 19, 2022, 6:36pm

There is another recent thread where that was the problem with an upgrade.

hixie · February 19, 2022, 6:38pm

i found a thread from 2019, but the solution was never posted

latinhypercube · February 20, 2022, 1:28am

pfsense blocking DNS

hixie · February 21, 2022, 4:12pm

I might have solved my problem, i am able to receive mail but not send mail at this moment.

The problem was i hadn’t setup any outbound NAT reflection within pfsense and only set NAT (port forwarding) and a firewall rule, so requests were coming in, but no replies were going out.
Another member in another thread that said the error message in the admin panel of being [timedout] rather than [NotSet] hints to a certain kind of problem was true and helped eliminate about half the potential problems.
Hope this helps someone.

I still have to figure out why i can’t send any mail. Will update if i can.

system · February 28, 2022, 4:13pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.