Dear MIABers,
Yesterday I’ve got a strange e-mail notification from MIAB nightly check-ups saying:
The nameservers set on this domain are incorrect. They are currently [Not Set]. Use your domain name registrar’s control panel to set the nameservers to…
This domain’s DNS MX record is not set. It should be ‘10 box.mydomain.tld’. Mail will not be delivered to this box…
This domain should resolve to your box’s IP address (A IP_ADDRESS…
Concerned, because I have not done any changes and everything was working fine since I’ve migrated a while ago…
I’ve done usual checks right away using “dig @8.8.8.8 mydomain.tld”, "dig +trace mydomain.tld and checked “dig mx mydomain.tld” records and send an e-mail to confirm a delivery - everything looked fine but still “System Status Checks” was showing these errors… so I left it for a day… but today I’ve got the same thing again. So I’ve scrubbed the logs for clues and only relevant errors I could find was this:
/var/log/syslog:Apr 2 15:06:56 box named[29xxx]: validating @0x7f3e7432xxxx: mydomain.tld DNSKEY: verify failed due to bad signature (keyid=20589): RRSIG has expired
/var/log/syslog:Apr 2 15:06:56 box named[29xxx]: validating @0x7f3e7432xxxx: mydomain.tld DNSKEY: no valid signature found (DS)
/var/log/syslog:Apr 2 15:06:56 box named[29xxx]: error (no valid RRSIG) resolving mydomain.tld/DNSKEY/IN’: box.ipv4address#53
Then I’ve searched here the MIAB forums and found JoshData suggestion that this could be not updated keys as error suggested.
I’ve tied to run the script to do the update:
$ sudo tools/dns_update
Incorrect username or password
So I’ve checked the bash script and it was doing simple DNS update via MIAB DNS API but instead using user: password was using API key instead:
#!/bin/bash POSTDATA=dummy if [ "$1" == "--force" ]; then POSTDATA=force=1 fi curl -s -d $POSTDATA --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/dns/update
I’m running MIAB form ver.0.25 now I’m on 0.26b - I’ve rebooted after the upgrades. I’ve done that twice since the upgrade, offtopic: but I’m still notified that there is a new version?..
So I’ve issued the same command but using my username and password instead API.key:
curl -s -d dummy --user "admin@mydomain.tld:myadminpass" http://127.0.0.1:10222/dns/update
The response was a happy one:
updated DNS: after this all back to normal in “System Status Checks”.
So my question is really how one can update the API.key generated initially from a terminal?
/var/lib/mailinabox/api.key. Does changeing the admin password regenerates that as well?
Cheers,