RFC 9276 states that the NSEC3 parameter for additional hash iterations must be set to zero

Just a short update here. By talking to my registrar’s support I found that the real blocker was that my MIAB’s IP showed up for both name servers located at the sub-domains ns1. and ns2.

I ended up fixing this issue by setting up an external secondary dns and logged into MIAB’s dashboard and created a custom dns entry for the ns2. sub-domain.

:point_up: After this change goes through your MIAB status page will probably show a little warning that the ns2. sub-domain doesn’t point MIAB’s IP. However, that’s to be expected since we’ve purposely overriden this behavior.

Shout out to this guide which helped me: Guide: How to setup NSD as a secondary nameserver for Mail-in-a-Box . Additionally, it also helped to inspect my MIAB’s NSD config by looking inside /etc/nsd without changing anything.