Trouble setup with GlueRecords and AWS Lightsail StaticIP

Hi all,
I am a newbie with MIAB. I installed MIAB with a server on AWS Lighsail. I have an error about the GlueRecords set up and need your support, please.

What I have done:

  • My domain name is with Gandi. I set up DNS Glue Records ( --> 1.23.456.789, --> 1.23.456.789) and DNSSEC on their platform and using the external DNS pathway to point the DNS to AWS Lighsail for setup everything.
  • I already asked AWS to open Blocked Port 25 as well as asking for rDNS setup correctly with my StaticIP address.
  • All of the MIAB services such as mail, cloud, etc… running well.
  • The latest system checked show this:


  • All system services are running.
  • SSH disallows password-based login.
  • System software is up to date.
  • Mail-in-a-Box is up to date. You are running version v0.44.
  • System administrator address exists as a mail alias.
  • The disk has 33.82 GB space remaining.
  • System memory is 35% free.


  • Firewall is active.
  • Outbound mail (SMTP port 25) is not blocked.
  • IP address is not blacklisted by
  • The error shows up in the MIAB dashboard:

Nameserver glue records are incorrect. The and nameservers must be configured at your domain name registrar as having the IP address 1.23.456.789. They currently report addresses of [Not Set]/[Not Set]. It may take several hours for public DNS to update after a change.
This domain must resolve to your box’s IP address (1.23.456.789) in public DNS but it currently resolves to [Not Set]. It may take several hours for public DNS to update after a change. This problem may result from other issues listed above.

DNSSEC ‘DS’ record is set correctly at registrar.
The nameservers set on this domain are incorrect. They are currently [Not Set]. Use your domain name registrar’s control panel to set the nameservers to;
This domain’s DNS MX record is not set. It should be ‘10’. Mail will not be delivered to this box. It may take several hours for public DNS to update after a change. This problem may result from other issues listed here.

Please Note: I already set this DNS MX record with AWS Lightsail–> 10

I am not sure what I am doing wrong! Could someone please help? Thank you so much and very appreciated.

Kind regards,

Time …it takes time. How long has it been since the records were set?

If you will share your MiaB hostname (PM is ok) I can check the settings for you, but mainly you just need to allow at least 48-72 hours for propagation to fully occur.

1 Like

But wait … are you allowing MiaB to handle DNS for this domain, or is it being handled by AWS Route53?

1 Like

Thanks @alento. I am using AWS Lightsail DNS manager and point Gandi DNS to AWS, and it is more than 72 hours with glue records. I have private messaged you.

If you are not serving DNS on your domain, then there is no need for Glue records. So, there is no reason to enter them. You stated that you had though, and they are not showing up, which is odd. But the truth of the matter is that since you are using External DNS you do not need to complete that step in the setup. The status report is reporting correctly for that situation - if you do not require them the status report will show a warning or error.

If you install Mail in a Box or ANY email server on AWS Lightsail you will be unable to send emails to Microsoft email accounts including at and

This is due to a war between MS and AWS by which ALL of the IP addresses at AWS are listed as on the spam blacklist (Level 3) by the spam checking company that Microsoft uses to decide whether to allow emails through. The effect is Microsoft silently drops all emails from any email server on AWS lightsail instance.

If you pay for support from AWS, you will find that AWS state clearly that they have not been able to resolve this with the spam checking company who want AWS to pay $50 for every IP address and this must be done all at once not one IP address at a time.
The advice I got from AWS was to transfer my email servers off AWS and onto a different provider who offers IPs that are not on the spam list.

A challenge is that it is also necessary to find an ISP that allows you to change IP address (in case the one they offer you is already registered on spam blacklists) and that they open port 25.

Perhaps someone here on this forum can offer advice on a good ISP?

Best wishes,

1 Like

Dear Terry,
Thanks so much for this great information. I have finally solved the problem by just let Gandi domain serve all kind of DNS etc…

I have a little bit experience with these kind of spam.

Note: I agree with you that some of the email I expect to receive from my work email with Outlook spam rule. I expect to receive these email from friend and business contact, but for some reason unfortunately, I had to trace back to the spam box to get them!

We might need to wait for advice from other experts here.

Kind regards,

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.