Workaround for .CA

Thanks for this great MTA: Mail-in-a-Box …

Here’s my contribution:

If you are having trouble setting up a .CA domain with mail-in-a-box due to nameserver requirements or Registrar not being able to assign ( .CA Policy Violation - please see nameserver requirements at CIRA ):

-Don’t bother arguing with your Registrar
-Create glue records from your Registrar ( and
-Use an external DNS service such as Route 43 or even aws LightSail (nearly free), create a DNS zone and you will receive a list of nameservers you can use.
-In your registrar, even though there are glue records, change the NameServer of to the nameservers you were granted at Route 43 LightSail ( or any other external DNS ).
-Login to mail-in-box admin and go into ‘External DNS’ … You will need to manually create the listed records into the external DNS ( in my case LightSail ) -this is literally coping and pasting. Just please note that if the TXT record is over 255 chars you will need to break it down in different lines, no longer than 255 char each line -in some external DNS services you might need to wrap each line with double quotes.

That’s it. The alternative is getting the .CA nameserver requirements right with your registrar but that can be tiresome.

Thanks !

1 Like

Hi @nessuno I’d like to make a couple of notes to what you have posted.

I would consider this to be an alternative method of handling DNS rather than a ‘Workaround’ as there is not really any workaround involved - you are simply using External DNS. DNS provided by another provider than your MiaB instance.

There is one issue that should be noted in your text. Even though you are recommending to use an external DNS provider, you are still specifying the creation of Glue Records. I suggest that glue records not be created at all if the domain is not going to host name servers. Usually, there is no problem with creating and not using them, but in some rare cases it can cause an issue - so it is best to avoid any chance of that happening.

1 Like

Hi Alento, thanks.
By using the authority emit granted to the registrar (ex: godaddy) by the registry (ex: Donuts dot co or a country registry) or “glue”, one assures that “rare cases” are covered without the need of extra external DNS steps ( that are not otherwise listed in the ‘External DNS’ text ).
This is true for many ccTLDs ( and some gTLDs too ) , DNSEC and can also cause lots of red flags in dns reporting tools as well as domain ownership flows (ex: google domains, square ).
The reason I used the word ‘workaround’ is precisely because the author clearly does not want to give room for supporting anything beyond, and I respect that. Alternatives are usually supported but not workarounds. By not using the Registrar’s auth’s emith, this workaround becomes inconsistent with the ‘External DNS’ generated text.
So yes, I agree with you, better to create them.

Hi @nessuno

I am somewhat lost and confused by your response in this thread as you are using terminology that I am not familiar with … for example:

I am not sure what you intended message is… and then at the end, you stated that:

When I actually said that:

So I am trying to determine exactly what you were trying to convey with this statement:

I suspect that you are saying that the ‘workaround’ (using external DNS servers) somehow makes things inconsistent with the information generated and shown on the corresponding page in the admin area – the truth is that the only way they would be inconsistent is if the records were entered incorrectly to the DNS provider.

Having glue records on a domain in no way ensures consistency - that is the primary (master) name servers job.

And lastly …

“Rare cases” (as I originally intended its use) refers to mainly human error - one example would be when a name servers IP address and the glue record is not updated accordingly. Which extra external DNS steps are you referring to, and in which cases?

Rare cases … I do not think we are talking about the same thing, it seems you have the need to talk about something you do not really understand.

I could tell you details for each TLD.

With all due respect… if you really want to talk SLD.TLD message me privately, you seem to be extremely confused by how TLDs actually work. Look up SOA and different requirements from ICANN towards ccTLDs versus gTLDs and then perhaps you will understand.

delete my post if you find it so offensive. I was trying to give it back as I noticed people really query this up ( re dot CA ) -but arrogance predominates the open source.

all the best.

Seemingly that is so. You have not responded to the actual questions for if I have provided incorrect information, I would prefer to be corrected. Instead, you urge me to discuss this in private. Sorry, not interested.

I asked you to explain or define your term emit or emite whichever way it is correctly spelled … and you have not.
I asked you what you were intending to convey as you are contradicting yourself.
And in the other thread, I asked you ‘How’ referring to how what you stated works, but you’ve not responded.

So clearly, this conversation is over as you seem to want to infer that I am clueless, but are unable to enlighten me, unless it is done privately.

Please do not bother to reply. Have a good day.

You could try to use for the name servers instead? The admin panel will show a couple errors, but should otherwise work.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.