Which DNS records in custom DNS configuration page

after setting up first Mail-in-a-Box server I wonder which DNS records in Control Panel > Custom DNS are essential, recommended or optional?

I’m running a webhosting service at Netcup and I have a long list of DNS settings there, but many are not applicable in Mail-in-a-Box.

Can you please advise.


If you have a new Mail-in-a-Box server, there should be no entries under Custom DNS. This is used if you want to let the MiaB DNS server provide additional DNS records (e.g. I have a TXT record for google-site-verification).
Perhaps you mean External DNS? This is only needed if you are using Netcup’s DNS servers to provide the DNS records needed for MiaB. For each record it is indicated whether it is Required, Recommended or Optional. You should at least take care of the Required records.

Actually I was referring to Custom DNS.
E.g. I couldn’t create

Host: @
Type: A-record
Destination: [IP]

However, this is obsolete in the meantime because Netcup support confirmed that a .de domain requires 2 (custom) nameservers with 2 different IPs.
And this makes usage of ns1.box.mydomain.example and ns2.box.mydomain.example running on same server not applicable.
And this means I must switch to external DNS for Mail-in-a-Box.

That is one possibility. An alternative is using a secondary dns server, see for a tutorial on that. There are a number of DNS providers that offer secondary dns, e.g. https://freedns.afraid.org/
I find it easier to use a secondary DNS, because I don’t have to enter all DNS records that MiaB needs.

This solution is more elegant and reduces manual effort for maintaining DNS records required by MiaB.

Many thanks!!!

I have registered an account with https://freedns.afraid.org/ and configured service “Backup DNS”.

However I get an error in log:
xfer-in: error: transfer of '[mydomain.example](https://freedns.afraid.org/secondary/index.php?limit=mydomain.example)/IN' from [MiaB_IP]#53: failed while receiving responses: REFUSED

I think this is related to this:
To use this, you must enter your domain, and your primary nameserver’s hostname. In order for this to work, your domain must allow AXFR transfers from or 2001:1850:1:5:800::6b , and be delegated to ns2.afraid.org at your parent DNS servers.

Can you please advise how to fix this?

For this you need to go to the Custom DNS page, and in the field Hostname (under Using a secondary nameserver) fill in: ns2.afraid.org xfr: xfr:2001:1850:1:5:800::6b

The ns2.afraid.org tells MiaB that you want to use that server as secondary DNS. The xfr: entries tell MiaB that those IP addresses are allowed to obtain the DNS data from your box.
I think the xfr: entries are not needed for PUCK Free Secondary DNS Service because the hostname puck.nether.net resolves to the same ip address that is used to do the AXFR transfers.

Only after applying this modification the log in https://freedns.afraid.org/ is green and I’m able to add secondary nameserver in Netcup DNS settings.
Now I need to wait until all DNS records maintained in MiaB are synched globally.

Many thanks for your great support!

I have removed a DNS A-record from MiaB Custom DNS.
Checking updated serial number 2023123000 confirms this modification.

The documenation for secondary DNS hosting in https://freedns.afraid.org/ says:
"[…] the changes you make on your primary nameserver will automatically be transferred to ns2.afraid.org.

DNS “notifies” are accepted. Make sure when you update your zone to also update your serial on your own DNS server, (if notifies are enabled on your DNS server) it will send ns2.afraid.org a notify (be sure to list it in the parent SOA records) which will cause ns2.afraid.org to immediately download your latest zone file."

However checking the logs shows:
Last successful transfer
2023-12-29 05:51:37 (19 hours ago)

What is potentially causing this issue?

Please note that I maintained 2 nameservers in Netcup’s DNS zone control panel, however none is available in public DNS.


I actually don’t see any updates in the freedns.afraid.org log either. But if I do a dig <...> @ns2.afraid.org it does show the updates. What happens if you request the DNS record from the afraid.org dns server? e.g. dig <domain> SOA @ns2.afraid.org

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.