Which DNS records in custom DNS configuration page

cmonty14 · December 28, 2023, 1:28pm

Hello,
after setting up first Mail-in-a-Box server I wonder which DNS records in Control Panel > Custom DNS are essential, recommended or optional?

I’m running a webhosting service at Netcup and I have a long list of DNS settings there, but many are not applicable in Mail-in-a-Box.

Can you please advise.

THX

KiekerJan · December 28, 2023, 2:17pm

If you have a new Mail-in-a-Box server, there should be no entries under Custom DNS. This is used if you want to let the MiaB DNS server provide additional DNS records (e.g. I have a TXT record for google-site-verification).
Perhaps you mean External DNS? This is only needed if you are using Netcup’s DNS servers to provide the DNS records needed for MiaB. For each record it is indicated whether it is Required, Recommended or Optional. You should at least take care of the Required records.

cmonty14 · December 28, 2023, 3:14pm

Actually I was referring to Custom DNS.
E.g. I couldn’t create

Host: @
Type: A-record
Destination: [IP]

However, this is obsolete in the meantime because Netcup support confirmed that a .de domain requires 2 (custom) nameservers with 2 different IPs.
And this makes usage of ns1.box.mydomain.example and ns2.box.mydomain.example running on same server not applicable.
And this means I must switch to external DNS for Mail-in-a-Box.

KiekerJan · December 28, 2023, 3:29pm

That is one possibility. An alternative is using a secondary dns server, see for a tutorial on that. There are a number of DNS providers that offer secondary dns, e.g. https://freedns.afraid.org/
I find it easier to use a secondary DNS, because I don’t have to enter all DNS records that MiaB needs.

cmonty14 · December 28, 2023, 3:33pm

Agree.
This solution is more elegant and reduces manual effort for maintaining DNS records required by MiaB.

Many thanks!!!

cmonty14 · December 29, 2023, 1:15pm

I have registered an account with https://freedns.afraid.org/ and configured service “Backup DNS”.

However I get an error in log:
xfer-in: error: transfer of '[mydomain.example](https://freedns.afraid.org/secondary/index.php?limit=mydomain.example)/IN' from [MiaB_IP]#53: failed while receiving responses: REFUSED

I think this is related to this:
To use this, you must enter your domain, and your primary nameserver’s hostname. In order for this to work, your domain must allow AXFR transfers from 69.65.50.192 or 2001:1850:1:5:800::6b , and be delegated to ns2.afraid.org at your parent DNS servers.

Can you please advise how to fix this?

KiekerJan · December 29, 2023, 1:50pm

For this you need to go to the Custom DNS page, and in the field Hostname (under Using a secondary nameserver) fill in: ns2.afraid.org xfr:69.65.50.192 xfr:2001:1850:1:5:800::6b

The ns2.afraid.org tells MiaB that you want to use that server as secondary DNS. The xfr: entries tell MiaB that those IP addresses are allowed to obtain the DNS data from your box.
I think the xfr: entries are not needed for PUCK Free Secondary DNS Service because the hostname puck.nether.net resolves to the same ip address that is used to do the AXFR transfers.

cmonty14 · December 29, 2023, 2:08pm

Only after applying this modification the log in https://freedns.afraid.org/ is green and I’m able to add secondary nameserver in Netcup DNS settings.
Now I need to wait until all DNS records maintained in MiaB are synched globally.

Many thanks for your great support!

cmonty14 · December 30, 2023, 9:30am

I have removed a DNS A-record from MiaB Custom DNS.
Checking updated serial number 2023123000 confirms this modification.

The documenation for secondary DNS hosting in https://freedns.afraid.org/ says:
"[…] the changes you make on your primary nameserver will automatically be transferred to ns2.afraid.org.

DNS “notifies” are accepted. Make sure when you update your zone to also update your serial on your own DNS server, (if notifies are enabled on your DNS server) it will send ns2.afraid.org a notify (be sure to list it in the parent SOA records) which will cause ns2.afraid.org to immediately download your latest zone file."

However checking the logs shows:
Last successful transfer
2023-12-29 05:51:37 (19 hours ago)

What is potentially causing this issue?

Please note that I maintained 2 nameservers in Netcup’s DNS zone control panel, however none is available in public DNS.

THX

KiekerJan · December 30, 2023, 11:47am

I actually don’t see any updates in the freedns.afraid.org log either. But if I do a dig <...> @ns2.afraid.org it does show the updates. What happens if you request the DNS record from the afraid.org dns server? e.g. dig <domain> SOA @ns2.afraid.org

system · January 6, 2024, 11:47am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.