search

mail-in-a-box / mailinabox

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
https://mailinabox.email/
Creative Commons Zero v1.0 Universal
14.06k stars 1.44k forks source link

DNS not fully working #1649

Open bogao opened 5 years ago

bogao commented 5 years ago

For some reason some of my DNS records seems not working.

For instance: WORKING email.entropy.theinformation.cn CNAME eu.mailgun.org. NOT WORKING entropy.theinformation.cn CNAME information.myqnapcloud.com.

I have modified the NS records of theinformation.cn to my MIAB NS glue records.

Entries in /etc/nsd/zones/theinformation.cn.txt

Unrelated domains are omitted. @ IN SOA ns1.singular.lobachevsky.space. hostmaster.singular.lobachevsky.space. ( 2019100301 ; serial number 7200 ; Refresh (secondary nameserver update interval) 1800 ; Retry (when refresh fails, how often to try again) 1209600 ; Expire (when refresh fails, how long secondary nameserver will keep records around anyway) 1800 ; Negative TTL (how long negative responses are cached) ) entropy IN CNAME information.myqnapcloud.com. email.entropy IN CNAME eu.mailgun.org.

Response from DIG Online - Men & Mice

Querying entropy.theinformation.cn ;<<>> DiG 9.8.1-P1 <<>> @singular.lobachevsky.space entropy.theinformation.cn ANY +norecurse +m ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11395 ;; flags: qr aa; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0   ;; QUESTION SECTION: ;entropy.theinformation.cn. IN ANY   ;; ANSWER SECTION: entropy.theinformation.cn. | 1800 | IN | MX 10 mxa.eu.mailgun.org. |   entropy.theinformation.cn. | 1800 | IN | MX 10 mxb.eu.mailgun.org. |   entropy.theinformation.cn. | 1800 | IN | RRSIG MX 7 3 1800 20191102000000 ( |   20191002181549 48608 theinformation.cn. cshLWc4Tq2CbBoBnBtB2xoWy+cn25V8+5bgxVB4o66ai GiJBrqRrEGI/Ns9/DY8vtpMb5XUBvNRIvVxN99yWGquX gcSDYrD4pibH/COfIaBY1og1dxJ0zesE8pjiH37mhHiy cc0FhK1G9Os874b0mp+e6jgyQtwujS/dEqhG7lA= ) entropy.theinformation.cn. | 1800 | IN | RRSIG TXT 7 3 1800 20191102000000 ( |   20191002181549 48608 theinformation.cn. MHbrt5Z5LxXgUU1TG9B8z6mSTXjtvssrvJIC8OFRKCOV 7VDxI3L89aI+CcYaNJssMrTLpWQSI/mrrC2KWKBu8JSW nGeWREINu/vnNdT8fRGYHxK6nEdWvCpJJs+goPYtcqrE 4MAr9I1ZuHkVOQNxATTEsDlKXXsJUjwNz3T1gZA= ) entropy.theinformation.cn. | 1800 | IN | TXT "v=spf1 include:eu.mailgun.org ~all" |     ;; Query time: 100 msec ;; SERVER: 195.181.215.182#53(195.181.215.182) ;; WHEN: Fri Oct 4 13:21:08 2019 ;; MSG SIZE rcvd: 498

Querying email.entropy.theinformation.cn ; <<>> DiG 9.8.1-P1 <<>> @singular.lobachevsky.space email.entropy.theinformation.cn ANY +norecurse +m ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10511 ;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0   ;; QUESTION SECTION: ;email.entropy.theinformation.cn. IN ANY   ;; ANSWER SECTION: email.entropy.theinformation.cn. | 1800 | IN | CNAME eu.mailgun.org. |   email.entropy.theinformation.cn. | 1800 | IN | RRSIG CNAME 7 4 1800 20191102000000 ( |   20191002181549 48608 theinformation.cn. PRPzUphDCGOgiPWjyQfkdMfcj8Eb0YibNvL5WqWpEYuF t5mzjzN/oOCvn0vJ9uca51XBOE7vWfGxU8N92TtQkR7/ ZZfpJoqQMIVFm8SpCKuHA1LVxy00jIixfLp335c0ANb0 /zLOlLsUkKyj2Y2oDAVuQCDoAGQP0C2qI5KHYks= )   ;; AUTHORITY SECTION: theinformation.cn. | 1800 | IN | NS ns1.singular.lobachevsky.space. |   theinformation.cn. | 1800 | IN | NS ns2.singular.lobachevsky.space. |     ;; Query time: 103 msec ;; SERVER: 195.181.215.182#53(195.181.215.182) ;; WHEN: Fri Oct 4 13:30:26 2019 ;; MSG SIZE rcvd: 316

Clearly, both entries exist in the zone file but entropy.theinformation.cn. fails to appear in the DIG response.

ariejan commented 5 years ago

I ~'m having~ had the same issue. After I removed the A records for a domain and substituted CNAME records instead.

I discovered a utility named nsd-checkzone:

nsd-checkzone example.com /etc/nsd/zones/example.com.txt
[2019-10-31 09:26:33.075] nsd-checkzone[1943]: error: /etc/nsd/zones/example.com.txt:14: CNAME and other data at the same name
[2019-10-31 09:26:33.075] nsd-checkzone[1943]: error: /etc/nsd/zones/example.com.txt:15: CNAME and other data at the same name
[2019-10-31 09:26:33.075] nsd-checkzone[1943]: error: /etc/nsd/zones/example.com.txt:16: CNAME and other data at the same name

You cannot set a CNAME record on the root domain. After fixing that issue, nsd-checkzone reports the zone is okay and will reload the changed zone from file.

For reference see RFC 1034 section 3.6.2 which says:

If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different.

This means that example.com cannot have any other records, but as the root domain it will always have NS records at the very least, so hence the problem.

@bogao I suggest you check your zonefile for errors and fix any issues that arise. If the zone file is written correctly to disk, but is not picked up by nsd, there's likely to be an error in there.