Steps to MiaB going live

Help with Setup/Upgrade
1

I am moving along with my MiaB setup at klovia.htt-consult.com. Only customizations are netplan static IPv4 (and no IPv6), set-timezone, and install locate. I am staying away from other customizations…

My domain is htt-consult.com with name.com as my Registrar. They are still pointing to my old DNS server of onlo.htt-consult.com and I can’t switch this until MiaB DNS is doing a couple things.

I have one system on a VLAN who’s DNS is being served by klovia so I have a test site. I can access all hosts currently configure by MiaB defaults and what I have set up in Custom DNS. I have created one user, rgm@test.htt-consult.com which has added MX records for test.htt-consult.com. I have used imapsync.lamiral to move that user’s email from my current mail server at z9m9z; I had to open port 143 on klovia to use this tool.

So now onto a set of questions so I can take the next steps:

  1. DNS on klovia is not providing name resolution for the rest of the Internet. What do I have to do for this?

  2. I have 2 subdomains to first move to MiaB: test and labs. I need for the current DNS, onlo, to point to klovia. Are the following “all” I need to add to my current DNS for mail to be directed to klovia:

test.htt-consult.com. IN MX 10 klovia.htt-consult.com.
test.htt-consult.com. IN TXT “v=spf1 mx -all”
labs.htt-consult.com. IN MX 10 klovia.htt-consult.com.
labs.htt-consult.com. IN TXT “v=spf1 mx -all”

  1. Once I switch a system to be using klovia for its DNS, until I can migrate mail@htt-consult.com (my main users!), I would need klovia’s DNS MX records to point to z9m9z.htt-consult.com. Is that possible?

  2. I have 2 secondary DNS servers. I THINK adding them is straight-forward, but I need to talk to their admin for the switch over. What SOA timer controls updates to those servers?

  3. The MiaB setup has www.htt-consult.com mapping to klovia. I currently run this on host medon.htt-consult.com, and I don’t want to change this. Also htt-consult.com currently maps to medon. I would like to change these, but I think that may cause big problems with other services on klovia, like https://htt-consult.com/admin, but I can live with klovia.htt-consult.com - Mail-in-a-Box Control Panel. Again, is it possible for www.htt-consult.com to be a different host than MiaB?

  4. For some 10 years, my users have used webmail.htt-consult.com to access Roundcube. This is done with rewrite runs in my web server. I don’t look forward to retraining them. Is this possible with MiaB, or am I stuck with the /mail part of the Roundcube URL?

questions 1-4 are critical. 5 is needed/desired. 6 would be nice.

thank you

2
  1. Set the nameserver at name.com to klovia. You’ll probably also need to set a glue record for klovia there.
  2. I think for delivery you only need the MX records. If you want to send mail it’s recommended to set the other mail specific entries (spf, dkim etc). This is not needed if you already did #1
  3. You can try, it’s possible to override mailinabox dns entries with custom ones. I’m noy entirely overseeing the implications
  4. Not sure what timer is involved. I thinx it works by axfr notifications
  5. I think it is, I don’t have it readily available. Search the forum :wink:
  6. Possible. First create an email adress (can be an alias) @webmail.htt… Then you can create a yaml file that will take care of forwarding. (agaon don’t know the syntax top of mind, have to look it up)
3
  1. I can’t do that until I KNOW that DNS on klovia will handle what I need. And I can’t do that until I migrate the bulk of my users that are in htt-consult.com, currently served from z9m9z. That makes switching a flag day. I can’t do that.

I guess I am “use” to a nameserver having the option of being authoritative for its domain and caching for everything else.

I just got a response from a colleague that had a big hand in ISC and BIND, but now does not use it. Rather NSD. But he said:

“nsd is authoritative only. For recursive service you need something like unbound. One can definitely run both on the same box if one is careful, but they’ll need to be on different addresses or ports, and you’ll need to pay careful attention to resolv.conf setting. If absolutely necessary, one can even configure such a combo to provide bind9-like mix of authoritative and recursive on a single address and port, but that’s usually a bad idea so only if really needed.”

Wow! I am getting a bit of an education here. I lived in my small DNS corner for decades.

I trust him on such matters; it has been his job for many-a-year1. So how does MiaB and its clients resolve FQDNs? Do you use some public resolver, perhaps your registrar’s? This kind of turns the whole DNS lookup around. It seems like MiaB just serves its zone to its registrar and it and clients need a “real” DNS resolver source?

  1. I got that working now for test.htt-consult.com. I can now setup labs and get a good test of migration AND have a real test for Thunderbird accessing MiaB before moving the bulk of my users.

  2. Is important if I am going to avoid a flag day of switching DNS AND email for htt-consult.com mail uses.

I just added a custom DNS MX record of

htt-consult.com IN MX 5 z9m9z.htt-consult.com.

But will this “always” work over the priorty 10 of klovia? How long will MiaB wait on priority 5 before moving down to 10? I will do a simple test with the sendmail command from that system on the klovia DNS subnet.

  1. is figured out. I had some old cruft hanging around for a few months that was messing me up.

5 & 6 can wait…

thanks

4
  1. Bad news, in a sense that NSD is only an Authoritative nameserver, and does not provide recursive lookups for fully supporting clients. I have thought a bit about your instructions, and realize that for someone installing MiaB on a cloud service, they would never have an issue with this. Someone (like me!) installing it locally has to know this little tidbit. It means that for all my local systems, that I have to use some DNS server other than MiaB. For right now I will use the one AT&T has configured in their gateway here. I will look into Unbound and see what it takes to run it (and not on the MiaB system).

I have successfully moved the one user in subdomain labs.htt-consult.com. I can’t shut off the current server’s postfix. What I did was first remove the MX records for labs. Then moved the emails (took ~2hr) and logged into the moved account with Thunderbird. I had to change from using STARTTLS to TLS which meant I also had to open port 465 on my internal firewall box. Changes noted to help out other users…

  1. It will take some time to migrate all users on my domain. I don’t have to switch DNS until the users are all on MiaB. THEN switch DNS to some outside nameserver and change my registrar to point to MiaB. Not too bad of a task.

5&6 still to be done.

  1. I really do not like the current RoundCube look-and-feel. I showed it to my daughter (one of my domain users) and she said yuck. And that it looks just like Outlook at work; which sounds bad for the home team to change to something like it was back on release 1.0.6.

If anyone has tips on “fixing” how Roundcube looks. It is NOT opening emails in another tab, eventhough I have selected that config option.

So I it looks like I will make the move. Most likely finished by end of next week. With a few loose ends.

Always something…

5

All mail has been moved for old to new server.
Postfix turned off on old server.
Old (but current on Internet) DNS now has updated MX records and mail is arriving to accounts on new server.

ERGO EMail is moved and now live!

I am going to need to find an alternative to RoundCube. They really lost it with the user experience by mimicking Outlook. Unless there is a way that others have found. No response on the RoundCube user list.

I can spin up a server on another box just for reading mail for those that don’t use Thuderbird. But after I move DNS.

Moving DNS will be later today. I have to update my registrar and secondaries. Will update here when done.