Script to copy all DNS records

miaber · April 11, 2025, 11:40am

I’m concerned about my mail-in-a-box, which is also my DNS server, being taken down
It is possible to determine our DNS server from our domain whois and someone could easily take it down. I don’t think users of miab go for a very resilient setup.
And when DNS goes down, email and web goes along with it.
I’m thinking of a script to duplicate the entire DNS to the registrar’s

I’m aware every registrar is different, so perhaps a script that is able to read out all DNS records is good enough for me to start, has anyone done that before?

KiekerJan · April 11, 2025, 6:46pm

It’s a good idea to duplicate your DNS servers. For this purpose, Mailinabox implements secondary dns, see e.g. this topic for an example on how to do that.
To get a list of all dns entries, go to External DNS in the admin panel. There you can download files containing all dns entries.

What do you mean with this statement? Why would it be easy to take down? Why wouldn’t there be a resilient setup?

alento · April 11, 2025, 7:36pm

Which is EXACTLY why you should follow my guide and set up Secondary DNS.

miaber · April 12, 2025, 1:19am

Easy to take down meaning, all they have to do is to DDOS the DNS server and no matter how redundant my other servers are, they would be put out of action
I gather most of us setup MIAB on 1 server, everything works and we leave it be. Probably a small fraction will try to setup secondary DNS
I did setup secondary DNS, but there are very limited choices and many of them cost more than running MIAB and I have no idea how robust their DNS are against a DDOS.
And setting up secondary DNS isn’t a set once and forget activity. Every new domain has to be added at the secondary DNS(s) for it to be “enabled”. Imagine missing a few, how would I even know?
In constrast, almost every registrar offers a DNS service when we purchase a domain, if there is a script to copy all records, then it opens up many other options
I believe puck.nether.net is now down as I write

KiekerJan · April 12, 2025, 2:39pm

Mailinabox takes care of this for you. You only need to set it up once, and you don’t need any dns entries for that.
There are many secondary dns providers out there, some of them offer a free tier, which is usually enough for mailinabox usage. I myself use puck, freedns.afraid.org and Hetzner (although you might need to be a customer for that last one) In the past I also used buddyns.

miaber · April 12, 2025, 2:59pm

Hmm… what do you enter for Domain and Primary NS?

alento · April 12, 2025, 3:05pm

I would assume the domain name and either the hostname of your primary DNS server or it’s IP. You’d have to read the provider’s instructions to know for certain.

miaber · April 12, 2025, 3:09pm

Ok, what @KiekerJan seems to be saying is, if my primary nameserver has 100 domains, I only have to provide my primary nameserver once to the secondary nameserver, and case closed.

Setting up Secondary DNS for Mail-in-a-Box - AnyDomain LLC
If you have other domains for which DNS is being handled by Mail-in-a-Box, you need to repeat the ‘Add a domain’ step for each one.

To quote from the article, no, I think have to do it 100 times on the primary and secondary, which means 200 times if I’m adding to the primary and secondary.

alento · April 12, 2025, 3:14pm

It does appear that is what he said, though I think that he was referring to the MiaB side by mistake. You do indeed need to notify the Secondary DNS provider of each new domain in most every situation that I am aware of.

I had considered offering a service that would handle this without the need to add each domain individually. Would you be interested in such a service as now I can see the need for it?

Most users have 1-3 domains, not 100.

KiekerJan · April 12, 2025, 3:17pm

Domain your top-level domain, e.g. example.com
Primary NS ip address or name of your mail in a box, e.g. 1.2.3.4 or ns1.box.example.com

You’re correct, I read your statement too quickly. You indeed need to register each domain once (usually at the time you add it to the Mail in a Box). After that, all changes are synchronized, so you don’t need to maintain it.

miaber · April 12, 2025, 3:26pm

Alright no worries, secondary DNS aside, do you guys see any downsides if I were to come up with a script to copy DNS records?

P.S. puck remains inaccessible

alento · April 12, 2025, 3:43pm

Isn’t the zone file download provided by MiaB sufficient?

It appears that the entire internet in his world has vanished.

miaber · April 12, 2025, 4:23pm

Yes it probably is, in fact I will use the API to GET all records instead.
What I meant was, are there any security issues or will it not work etc.

miabuser · April 13, 2025, 11:32am

Why not just use a proper secondary so that AXFR can handle the zone transfers automatically?

If for some reason you don’t want to use a secondary name server provider, you could also set up your own: Guide: How to setup NSD as a secondary nameserver for Mail-in-a-Box

I mean, theoretically, you could use a custom script to push the records to a secondary server, or even maintain them completely manually, but the whole process is much more error-prone that way. Also, every time you change a record or add a new one, you’d have to make sure that your script detects the changes and pushes them to the secondary server, or you’d have to make the changes manually.

A third option would be not to use DNS on Mail-in-a-Box at all, and instead use an external DNS provider, such as your registrar’s, which usually already provides several secondary DNS servers for free. Frankly, I would prefer this solution over a manual or semi-automated custom scripting solution any day