search

deltachat / chatmail

chatmail service deployment scripts and docs
https://delta.chat/en/2023-12-13-chatmail
MIT License
130 stars 11 forks source link

DNS check should report all missing records at once #425

Open link2xt opened 1 day ago

link2xt commented 1 day ago

With the current repo state this happens, CNAME records during initial checks are reported one-by-one:

$ scripts/cmdeploy run
[ssh] login to c35.testrun.org
Collecting initial DNS settings........../bin/sh: 1: acmetool: not found
..
Missing MTA-STS CNAME record:
mta-sts.c35.testrun.org.   CNAME  c35.testrun.org.

After adding mta-sts:

$ scripts/cmdeploy run
[ssh] login to c35.testrun.org
Collecting initial DNS settings........../bin/sh: 1: acmetool: not found
..
Missing www CNAME record:
www.c35.testrun.org.   CNAME  c35.testrun.org.

Besides that, there is a /bin/sh: 1: acmetool: not found error that is printed in the middle of the output.

link2xt commented 1 day ago

Then:

$ scripts/cmdeploy dns
[ssh] login to c35.testrun.org
Collecting initial DNS settings..............
Check expected zone file entries...........................................
Please set required DNS entries at your DNS provider:

c35.testrun.org.                   MX 10 c35.testrun.org.
_mta-sts.c35.testrun.org.          TXT "v=STSv1; id="
opendkim._domainkey.c35.testrun.org. TXT "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqW20yzJWYSXG3P8Hh1ftuq8QIKcBgHPW+1o0WpQTUv49RtpTjGZp3mSK0i/omidMFD/MkuwZl8cRuShD3ogyUGOpihwnw9oLHuNg8WeyT9zKmIhw7CsNE00LM0rTmiKpyjsWp1kaPEW3MOOI/tuTqb/A+GmrxDB29zKGujfDPR0obKMW+Y84Pv/AdY/eYXv+vor" "Cq+lj7+dBAdIv7pK1zd27LfjKKYqN4PXGgRv7W/0O5VFdU+XHb7SUZ8WIB+KKPmdyk8D7UHFdzBxrgeOORSJ7C/vg5PbVzMRvr4rNwDLG5qsNrYKgMPeItBtxD6bFxDqSxa73kgFZ73ry9mVTowIDAQAB;s=email;t=s"

Once required DNS entries are set (again, only after rerunning):

WARNING: these recommended DNS entries are not set:

c35.testrun.org.                   TXT "v=spf1 a:c35.testrun.org ~all"
_dmarc.c35.testrun.org.            TXT "v=DMARC1;p=reject;adkim=s;aspf=s"
c35.testrun.org.                   CAA 0 issue "letsencrypt.org;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/2002437767"
_adsp._domainkey.c35.testrun.org.  TXT "dkim=discardable"
_submission._tcp.c35.testrun.org.  SRV 0 1 587 c35.testrun.org.
_submissions._tcp.c35.testrun.org. SRV 0 1 465 c35.testrun.org.
_imap._tcp.c35.testrun.org.        SRV 0 1 143 c35.testrun.org.
_imaps._tcp.c35.testrun.org.       SRV 0 1 993 c35.testrun.org.
link2xt commented 1 day ago

But well, at least with https://github.com/deltachat/chatmail/pull/424 DNS checks became reliable. Hopefully this does not break it somehow for other providers, who knows if there are some with broken SOA records.