search

mail-in-a-box / mailinabox

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
https://mailinabox.email/
Creative Commons Zero v1.0 Universal
14.07k stars 1.44k forks source link

[feature req.] No check for NSD zone errors after integration of `custom.yaml` #1952

Open bjmuld opened 3 years ago

bjmuld commented 3 years ago

I just resolved an issue wherein I had unknowingly produced an invalid NSD zone configuration by using the custom.yaml feature for redirection. When MIAB processes the custom.yaml file, it creates several DNS records, including an A record. Prior to use of the custom.yaml solution, I had a webserver of my own doing redirects for that subdomain, and so I had a CNAME record pointing to that host for the same subdomain which led to conflicting A and CNAME records on the same subdomain which was causing NSD to choke.

As a result, NSD was still partially operational, but would not resolve a few (other) subdomains, and was failing DNSSEC signature checks ( #1940 ). Manual deletion of my CNAME record on the relevant subdomain resolved both issues.

Seems like this would be a good candidate for a "System Check?" Especially given how silent this was when it first started?

toth-dev commented 2 years ago

I ran into this issue as well. by manually creating CNAME and A records for the same subdomain in the Custom page of the admin page.

I got thoroughly confused, because dig +trace and https://dnschecker.org/ continued to return the correct records, but recursive resolvers failed because of the expired DNSSEC keys.