Old entries in DNS zone files

julians1976 · June 3, 2022, 5:37am

Hi all,
I have a few old domains listed in my dns zone files that are not listed in the custom dns page or any other location.
There are 2 zone files that require editing - domain.txt and domain.txt.signed.
If I remove the signed file and edit the entries in the non signed file and restart nsd will this recreate the signed zone file? Or is there a another way to achieve this?

Thanx

Julian

miabuser · June 3, 2022, 12:51pm

Hi @julians1976

How is that even possible? Did you add and sign these domains / zone files manually? If yes, you can simply edit the .txt file and then re-sign the zone using the same command you were using when you first signed the zone…

A simple resatart of the NSD service definetly does not re-sign the zone automatically. This has to be done with the ldns-signzone command. But I don’t know how the Mail-in-a-Box scripts are managing the zone files. Maybe you can look through the code on GitHub to find out how Mail-in-a-Box actually manages NSD. For re-signing the zone manually you need to know the path to key-signing key file, to the zone-signing key file and there is probably some salt that was generated when the zone was initially signed. The command would then look someting like this:

ldns-signzone -n -p -s "-the-salt-that-was-generated-" yourdomain.tld.txt Kyourdomain.txt.+013+11330 Kyourdomain.txt.+013+59536

julians1976 · June 5, 2022, 5:50am

Hi miabuser,
Thanks for the reply. I have never edited the zone files manually before, I’m think they have became corrupt when the custom dns page started playing up when I was adding and removing dns entries. Resigning the file and locating the key-signing key the seems like a lot of work, it may be easier to backup the mailboxes and reinstall, this may also resolve the issue I have with the custom dns page.

Thx
Julian

miabuser · June 5, 2022, 9:42am

Yes and it is probably better to let MiaB’s scripts manage these things anyways. MiaB is not really designed to manage things manually and it’s also not supported by the developers.

KiekerJan · June 5, 2022, 1:01pm

One other thing you could check is the custom.yaml file. It might somehow contain some residual entry. It is located under $STORAGE_ROOT/dns (usually /home/user-data/dns). Just look at it and check if there is anything there that seems out of place.

system · July 15, 2022, 1:02pm

This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.