Update broke mailinabox

fuess · August 26, 2014, 7:33pm

So I pulled master since a long time to get all the latest improvements. But it broke my mailinabox. In /admin status checks report DNS issues like:

Nameserver glue records are incorrect. The ns1.box.fuess.nl and 
ns2.box.fuess.nl nameservers must be configured at your domain name registrar as having the IP address 149.210.177.248. They currently 
report addresses of [Not Set]/[Not Set]. It may take several hours for public DNS to update after a change.

And:

This domain must resolve to your box's IP address (149.210.177.248) in public DNS but it currently resolves to [Not Set]. It may take several hours for public DNS to update after a change. This problem may result from other issues listed here.

This was all working before. I’m at commit 43fe2fe
What’s wrong here?

JoshData · August 26, 2014, 8:17pm

Sounds like nsd4/bind aren’t playing nicely and bind isn’t running, resulting in dns lookup failures.

On the box, does dig @localhost google.com work?

I’d also just try rebooting.

fuess · August 26, 2014, 8:46pm

Yep already tried rebooting. dig’s output:

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22404
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 4, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.            IN    A

;; ANSWER SECTION:
google.com.        300    IN    A    74.125.136.102
etc.
etc.

JoshData · August 26, 2014, 9:06pm

Uh then I don’t know. dig indicates that’s working. Something may be weird in the Python code doing DNS checks then.

fuess · August 30, 2014, 3:00pm

Hmm, this seems to be the same problem as here: Adding extra domain doesn’t work, except that rebooting doesn’t help.

syslog is full of:

Aug 30 16:42:24 box named[11994]: error (connection refused) resolving 'box.fuess.nl/A/IN': 149.210.177.248#53
Aug 30 16:42:24 box named[11994]: error (connection refused) resolving 'box.fuess.nl/A/IN': 149.210.178.61#53
Aug 30 16:42:24 box named[11994]: error (connection refused) resolving 'fuess.nl/NS/IN': 149.210.177.248#53
Aug 30 16:42:24 box named[11994]: error (connection refused) resolving 'fuess.nl/NS/IN': 149.210.178.61#53

for the domains I’m managing.

Looks like named and nsd are conflicting again. What to do? I would really like mailinabox running smooth again

some extra info:

$ sudo lsof -i :53
COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
named   11994     bind   20u  IPv4  34681      0t0  TCP localhost:domain (LISTEN)
named   11994     bind  512u  IPv4  34680      0t0  UDP localhost:domain 
nginx   21879 www-data   10u  IPv4  47205      0t0  UDP box.fuess.nl:48809->google-public-dns-a.google.com:domain 

=======
$ sudo netstat -tulpn | grep :53
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      11994/named     
udp        0      0 127.0.0.1:53            0.0.0.0:*                           11994/named
=======
$ sudo netstat -tulpn

gives no mentions of nsd running.

sudo service nsd stop

results in:

stop: Unknown instance:

Stopping bind9 and then starting nsd results in (in syslog):

Aug 30 16:57:09 box nsd[22217]: can't bind udp socket: Invalid argument
Aug 30 16:57:09 box nsd[22217]: server initialization failed, nsd could not be started

Any help is greatly appreciated!

JoshData · August 30, 2014, 3:14pm

I think the problem is here:

Aug 30 16:57:09 box nsd[22217]: can’t bind udp socket: Invalid argument

Can you paste /etc/nsd/nsd.conf (you can omit the zone parts)?

fuess · August 30, 2014, 3:18pm

$ cat /etc/nsd/nsd.conf

server:
  hide-version: yes

  # identify the server (CH TXT ID.SERVER entry).
  identity: ""

  # The directory for zonefile: files.
  zonesdir: "/etc/nsd/zones"
  ip-address: 149.210.177.248
  ip-address: fe80::5054:ff:fedc:ed52

Don’t know that 2nd ipv6 address. It’s not the one I entered during setup.

JoshData · August 30, 2014, 3:38pm

It’s the machine’s IPv6 address on the local network, which is auto-detected (in setup/functions.sh) by running:

ip -6 -o route get 2001:4860:4860::8888 | sed “s/.* src ([^ ])./\1/”

It should match something in the output of ifconfig.

If it is a valid local IPv6 address, I don’t know why nsd won’t bind to it. IPv6 is weird.

Maybe the solution is to not have nsd listening on IPv6 addresses for now (in management/dns_update.py) I think it really only has to listen on the IPv4 address anyway since that’s the address used in our DNS settings for nameservers.

fuess · August 30, 2014, 3:54pm

Well, that command (ip -6…) returns this error:

sed: -e expression #1, char 20: invalid reference \1 on `s' command's RHS

The ipv6 address is in my ifconfig:

eth0      Link encap:Ethernet  HWaddr 52:54:00:dc:ed:52  
          inet addr:149.210.177.248  Bcast:149.210.177.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:fedc:ed52/64 Scope:Link

But not on the local network interface:

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host

But I really have no idea if that is OK or not.

Should I remove the ipv6 entry from nsd.conf for now?

fuess · August 30, 2014, 4:43pm

Ok, I removed the IPv6 address from nsd.conf and now everything works again. (until the next time I run start.sh probably)

JoshData · August 30, 2014, 5:04pm

Actually it’ll reset within the next 24 hours – it’s on a cron job.

Can you try plugging in fe80::5054:ff:fedc:ed52%eth0 (adds %eth0) into nsd.conf?

Seems like an IPv6 address isn’t actually always sufficient for opening a connection. http://stackoverflow.com/questions/12260003/connect-returns-invalid-argument-with-ipv6-adress

fuess · August 31, 2014, 8:30am

That seems to work I restarted nsd and the mailinabox service (to be sure) and everything works fine.

JoshData · August 31, 2014, 12:11pm

Great.

I committed a fix at https://github.com/mail-in-a-box/mailinabox/commit/cfffb38508fc85a1d2d3cd452a2086c2d9278373.

fuess · August 31, 2014, 12:15pm

Awesome, thanks! Will pull it.

almereyda · November 26, 2014, 12:05am

That explains why my machine broke after initially working.

I now had to add some lines (with customized paths in comparison to the source link) to /etc/nsd/nsd.conf to get it working again in my IPv4-only environment:

server:
  hide-version: yes

  # identify the server (CH TXT ID.SERVER entry).
  identity: ""

  # The directory for zonefile: files.
  zonesdir: "/etc/nsd/zones"
  ip-address: <<YOUR PUBLIC IP>>
  # ip-address: ::1 # note the manually disabled IPv6

remote-control:
  control-interface: 127.0.0.1

    # nsd server key file for remote control.
  server-key-file: "/etc/nsd/nsd_server.key"

    # nsd server certificate file for remote control.
  server-cert-file: "/etc/nsd/nsd_server.pem"

    # nsd-control key file.
  control-key-file: "/etc/nsd/nsd_control.key"

    # nsd-control certificate file.
  control-cert-file: "/etc/nsd/nsd_control.pem"

How can I make this change permanent?

I don’t know if

helped to solve

I also propose to give this thread a more meaningful title in relation to nsd.

JoshData · November 26, 2014, 1:46am

Let’s start a new thread. Can you paste your nsd.conf that Mail-in-a-Box creates so I can see what you changed?

fuess · December 10, 2014, 5:41pm

Hi, I keep having issues with ipv6 and nsd. The IPv6 address in nsd.conf doesn’t have the ‘%eth0’ anymore (since a long time by the way). And to get everything working I have to remove the ipv6 address (or add %eth0 but didn’t test that). Stop/starting nsd, bind9. Until of course the next day.

What to do?

JoshData · December 12, 2014, 1:16am

Can you paste your ipv6 address and any errors nsd has when starting? What’s the problem when the ipv6 address is there? Not every address needs %eth0, btw.

fuess · December 13, 2014, 11:25am

This is the ipv6:

2a01:7c8:aab5:271:b0ad:c3b0:1195:7526

What happens is that nsd is not running, so the box is not available to the outside world. Pingability says it can’t find A records for the domains I’m running. When I try to start it, the log says:

Dec 13 12:14:08 box nsd[27927]: can't bind udp socket: Cannot assign requested address
Dec 13 12:14:08 box nsd[27927]: server initialization failed, nsd could not be started
Dec 13 12:14:08 box kernel: [9084699.249470] init: nsd main process (27927) terminated with status 1
Dec 13 12:14:08 box kernel: [9084699.249484] init: nsd main process ended, respawning

I think that happens because named is already running on port 53:

$ sudo lsof -i :53
COMMAND   PID     USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
named   17474     bind   20u  IPv4 6286001      0t0  TCP localhost:domain (LISTEN)
named   17474     bind  512u  IPv4 6286000      0t0  UDP localhost:domain

So what I do to make fix it temporarily is:

Remove ipv6 from nsd.conf
Stop bind9
Start nsd
Start bind9

Then both nsd and bind9 are running on port 53.

JoshData · December 13, 2014, 1:53pm

Sorry, also paste ifconfig's output? (Just the relevant interface is fine.)