Trying to understand DNS settings and a lot of problems

Hi there,

I would be very grateful if someone could help me and/or point me to the right direction.

I just installed MIAB in a separate server at Linode. Well, I had to run the setup twice because of a 500 Internal Server Error I really don’t understood.

After that I get to finish the setup and add my admin username with its respective password.

But my main problem is being the DNS. I have my domain registered at Google Domains. I have two servers at Linode: one for the website and one for MIAB.

At Google Domains I’ve created two “A” entries (at the “default” section) pointing to the IP of the webserver (domain.com and www.domain.com), and the website is loading fine.

Now I started creating registries for the server where MIAB is installed (also inside the “default” section).

I’ve added the glue records at Google Domains, as below:

ns1.box.domain.com ==> Server IP IPv4 ==> Server IP IPv6

ns2.box.domain.com ==> Server IP IPv4 ==> Server IP IPv6

And yet within the “default” DNS settings within Google Domains I’ve created two “NS” entries, as below:

ns1.box.domain.com ==> NS ==> 1 hour ==> ns1.box.domain.com

ns2.box.domain.com ==> NS ==> 1 hour ==> ns2.box.domain.com

Well, somethings are really strange, and I am really lost now, once MIAB still displaying some errors, as below:

Nameserver glue records are incorrect. The ns1.box.domain.com and ns2.box.domain.com nameservers must be configured at your domain name registrar as having the IP address “IPADDRESS”. They currently report address of [Not Set]/[Not Set]. It may take several hours for public DNS to update after a change.

And:

This domain must resolve to your box’s IP address (IPV4 ADDRESS / IPV6 ADDRESS) in public DNS but it currently resolves to [Not Set] / [Not Set]. It may take several hours for public DNS to update after a change. This problem may result from other issues listed above.

And if I dig my box domain, for example (box.domain.com) it returns the following in the authority section:

domain.com. 300 IN SOA ns-cloud-b1.googledomains.com. cloud-dns-hostmaster.google.com. 16 21600 3600 259200 300

Obs: why Google Domains servers above?

And for ns1.box.domain.com, for example, dig don’t displays an authority section.

Well, I am really lost here, and would love to count with your help, please.

Hi there!

So, guys, sorry for posting again .

But I really need some help, and would love to count with some advice or suggestion here.

First thing, I’ve added in Mail in a Box, in the “Custom DNS” section, the below entries, pointing to the IP of the server where the website is hosted (different than the one I have MIAB):

domain.com	A	SERVER_IP
www.domain.com A SERVER_IP

I think I am almost reaching what I need. Well, I changed things at Google Domains, but maintaining the glue records, as below:

ns1.box ==> IPv4 ==> IPv6
ns2.box ==> IPv4 ==> IPv6

But from now on I’ve changed from “default name servers” to “custom name servers”.

Here I have added the following:

ns1.box.domain.com
ns2.box.domain.com

And now if I run dig domain.com +trace +additional | grep ns1.box.domain.com I obtain the following output:

domain.com.           172800  IN      NS      ns1.box.domain.com.
ns1.box.domain.com.   172800  IN      A       SERVER_IP_IPV4
ns1.box.domain.com.   172800  IN      AAAA    SERVER_IP_IPV6
couldn't get address for 'ns1.box.domain.com': failure
dig: couldn't get address for 'ns1.box.domain.com': no more

I still don’t understanding the “could’t get address…” above.

But, if I run dig +norec @a.gtld-servers.net. domain.com the below output is the result:

; <<>> DiG 9.18.1-1ubuntu1.3-Ubuntu <<>> +norec @a.gtld-servers.net. domain.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62280
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domain.com.                  IN      A

;; AUTHORITY SECTION:
domain.com.           172800  IN      NS      ns1.box.domain.com.
domain.com.           172800  IN      NS      ns2.box.domain.com.

;; ADDITIONAL SECTION:
ns1.box.domain.com.   172800  IN      A       SERVER_IP_IPV4
ns1.box.domain.com.   172800  IN      AAAA    SERVER_IP_IPV6
ns2.box.domain.com.   172800  IN      A       SERVER_IP_IPV4
ns2.box.domain.com.   172800  IN      AAAA    SERVER_IP_IPV6

;; Query time: 0 msec
;; SERVER: 2001:503:a83e::2:30#53(a.gtld-servers.net.) (UDP)
;; WHEN: Fri Feb 17 14:54:49 -03 2023
;; MSG SIZE  rcvd: 169

For the above I think things are almost right. Or not?

But, why do Mail in a Box still displaying that errors, as below?

"Nameserver glue records are incorrect. The ns1.box.domain.com and ns2.box.domain.com nameservers must be configured at your domain name registrar as having the IP address SERVER_IP. They currently report addresses of [Not Set]/[Not Set]. It may take several hours for public DNS to update after a change."

"	

This domain must resolve to your box's IP address (SERVER_IP_IPV4 / SERVER_IP_IPV6) in public DNS but it currently resolves to [Not Set] / [Not Set]. It may take several hours for public DNS to update after a change. This problem may result from other issues listed above."

I think I am beginning to reach something here. But things still don’t working, so I would be extremely grateful if someone could help me.

It sounds like you’ve done much more than necessary. A few things:

• a default MIAB install has everything (except the glue records) done by your box. MIAB provides a DNS server that gives out details for domain.com, box.domain.com, ns1.box.domain.com, www.domain.com, etc. Your domain registrar hosts a record saying “ask ns1.box.domain.com”, they host your the glue record saying “ns1 is at 1.2.3.4”, and everything else is provided by your box.

• if you must host your domain records somewhere else (google), then it’s a “external” installation. Provide only what is given in the install instructions. The admin page provides a (big) list of DNS records that should be copied to the external DNS provider.

• having a different web server on the same domain might have confused things. I would completely ignore the other web server initially, and get MIAB working. (You’ll loose web access to the web server while you do this.) Only when MIAB is happy, think about adding records for the other web server.

• I believe you can point www.domain.com to whatever you want, using the “Custom DNS” settings in MIAB, after MIAB is working. That would be the easy way to do things.

• If you have a small, static website, you can put it onto your MIAB box and it is hosted by MIAB. This only works for static websites that can be hosted by MIAB’s nginx install - html only, not php, etc. Don’t try to run scripts and things - unless you really know what you’re doing, and even then it’s likely a bad idea.

I have used this method for all the domains hosted on my box. It works very well.

Hi @andrew ,

Thank you very much.

But, really, having two servers on the same domain confused things.

Well, I am really lost here. Now I have that glue records at Google Domains and deleted the entries within MIAB (at Custom DNS section).

At Google Domains, also, I am using Custom Name Servers section, and there I added the two nameservers (ns1 and ns2.box.domain.com).

If I understood correctly, this is everything I should do?

I am really forgetting for now the other server, where I have the website, and focusing only the server where MIAB is running.

But things still going wrong. MIAB still saying that there are no glue records set, that the domain is not resolving to the IP, that the nameservers set on the domain are incorrect, etc.

Well, thank you very much for all help, and sorry for posting so many times.

But I am really lost now, and would love to count with your help one more time.

I am kind of lost now between what you have done and what you have not done. From what I saw, save for DNS lookup “errors” being reported by MiaB, you were well on your way … then you changed things, but I got lost there.

So, if you want to PM me or update me here on what exact issues you currently face, I can try to help you. Or, it may be better to chat in real time on the MiaB Slack channel.

Hi @alento ,

So, really, I have done a lot of things. But still don´t getting things to work.

Well, what I have done now is the following (simple things, and I still don´t understand why MIAB is not working, once I done what the install guide asks):

At registrar (Google Domains)

• Glue records for ns1.box.domain.com and ns2.box.domain.com (+ IP);

• Custom name servers: ns1.box.domain.com and ns2.box.domain.com;

And now, within MIAB, I don´t have nothing more at “Custom DNS”.

So, the above are my current configurations. I would be more than happy in to count with your help.

P.S.: I don’t know if this is related to the issue, but MIAB displays an error when I try to access the page “External DNS”: “Something went wrong, sorry”.

And just to add some of the troubleshooting that I’ve done @ewsg576 by PM.

I’ve seen the Glue records and these look correct.

When trying to nslookup/dig against the servers IP it has no records for any of the domains ns1.box. or ns2.box. or box. or main domain.

nsd is running.

There are no zone files when running ls /etc/nsd/zones/
I think this is the smoking gun.

Re-running MIAB setup does not resolve the lack of zone files.

I don’t know if I should be directing that these Zone files should be manually created

I’ve asked @ewsg576 to jump on slack as it might be a little easier to resolve.

Just an FYI - there should be zone files for box.domain.com and domain.com (and any other domains known to MIAB) - 3 files for each (.txt .txt.ds and .txt.signed). They should have been created by the original install, and are recreated whenever you run mailinabox.

(It uses the email addresses that it has to make a list of domains. Hopefully ewsg576’s MIAB has at least an admin address setup.)

Hi again,

Sorry for my late reply.

Well, I was not able to see those zone files for box.domain.com and domain.com .

Even running sudo mailinabox again does not helps. I really don´t know what more I can do.

I can’t see why your box hasn’t generated zone files. Must be something quite unusual!?!

Your box must have at least one email address setup - it uses the email addresses to build stuff (zones, etc) for each domain. Did you create an address for yourself? (Not admin@domain.com, but a real user, like fred@domain.com - the install process asks for that initial user.)

So, I created an email (name@domain.com) address only for the first time I ran the install.

From that point I ran the install several times again but I was not asked for a new address.

How’s your zone files now?
ls /etc/nsd/zones/

I think there are no zone files, because the command had no output.

That all sounds quite strange. I would try: create another user (using the admin pages), then sudo mailinabox again, and see if any zones files have been created.

Another question - who is your provider and what Ubuntu image are you using? (Some providers spin-up their own custom images which have subtle differences from official Ubuntu Server!)

Well, I am really almost giving up.

I destroyed that server (at Linode) and created a new one.

From now on I started all over again. But, when installing MIAB, at the end of the installation in SSH a 500 Internal Error happened.

So I ran the install again, and now everything was fine.

But when trying to login in the admin area, I was told that there was no admin user, so I had to run that command to create a new admin user.

And, again, after get access to the admin area, the same errors, regarding glue records incorrect, nameservers incorrect, the same 500 Internal Server Error when trying to access the “external DNS” area, etc, etc.

I really don’t know what can I do more in order to have Mail in a Box running.

P.S.: sorry, I forgot this. My servers are at Linode, and I am using Ubuntu 22.04.

P.S. 2: I tried to create a new user, but again a 500 Internal Error happened. Running again the procedure and I was told that the user already exists.

One last question - when you are doing the initial install (when you run “curl … sudo -E bash” or mailinabox) one of the questions it asks starts

Your Email Address 
What email address are you setting this box up to manage?

What is your answer? What is that first email address that you enter?

I always enter the same address (name@domain.com).

I noticed that it asks for an email address only the first time I run the setup. The next times (with sudo mailbox) it does not asks for it.

Are you saying you really enter “name@domain.com”? What is the actual name and actual domain that you enter?

I suspect that you might have used a name that conflicts with the build-in aliases, which might cause the zones problems.

I am entering myname [at] mydomain.com . Always the same address, every time I run the setup again. But nothing works, unfortunately.

I noticed that 500 Internal Error during installation only in the last few ones. But don’t know what causes that. Maybe I could check the logs.

I would love if at least I could pick up the custom entries at “External DNS”, but this page also returns a 500 error and no entries are displayed (so I could try setting up things at external DNS manager).