status check errors for secondary domain when using external DNS with @, www A records at different IP

melato commented 3 years ago

Description

If I use external DNS for a mailinabox secondary domain and set the @ and www A/AAAA records to a different IP than the mailinabox IP (MX) then mailinabox shows errors in the status page about.

Steps to reproduce

Go to control panel, "Mail & Users" -> Users.
Add a mail address for a new domain (or subdomain) that is on external DNS
Setup the DNS records for that domain, as Main-In-A-Box wants them, except for NS and (@, www A/AAAA). You can also skip TLSA, SSHFP.
Go to System -> TLS (SSL) certificates
Provision the TLS certificates for that domain, by pressing the Provision button. (This gets rid of some errors/warnings).
Add the _mta-sts TXT record in the external DNS. (Mail-In-A-Box did not show this record earlier).
Go back to the Status Page

Result

The Status page shows three errors (not warnings).

The nameservers set on this domain are incorrect.
This domain should resolve to your box's IP address
www.{DOMAIN}: This domain should resolve to your box's IP address

Expected Result

There should be no errors. There could be warnings.

Workaround

I can get rid of the errors, by setting the A record in Custom DNS, even though I'm not using the Mail-In-A-Box DNS nameserver:

Go to control panel, System -> Custom DNS
Set the A record for the secondary domain
Go back to the Status Page
Result: There are now warnings: ? The nameservers set on this domain at your domain name registrar should be... ? Web has been disabled for this domain because you have set a custom DNS record. ? A redirect from 'www.{DOMAIN}' has been disabled for this domain because you have set a custom DNS record on the www subdomain. ? This domain's DNSSEC DS record is not set. (This also appeared before).

melato commented 3 years ago

The workaround works because the status page checks for custom DNS settings of the @ A record uses this code: management/status_checks.py:

# Get the list of domains that we don't serve web for because of a custom CNAME/A record.
domains_with_a_records = get_domains_with_a_records(env)

management/web_update.py:

def get_domains_with_a_records(env):
    domains = set()
    dns = get_custom_dns_config(env)
    for domain, rtype, value in dns:
        if rtype == "CNAME" or (rtype in ("A", "AAAA") and value not in ("local", env['PUBLIC_IP'])):
            domains.add(domain)
    return domains

Perhaps a solution would be for get_domains_with_a_records to do a DNS query for the A record, instead of looking for custom DNS settings.

There is a related enhancement request: #404

ttimpe commented 3 years ago

Please, finally fix this. I've been using MIAB since the beginning and assuming that I want it to handle all of my DNS for all of my domains is just a little too much. Give me per-domain checkboxes or radioboxes. 🔘Just mail, contacts, calendar 🔘Website hosting (root domain and www should resolve to this server) 🔘Have MIAB be the primary nameserver for this domain

This would remove a lot of clutter on the status check dashboard.

JoshData commented 3 years ago

Really not interested in having folks demand that other contributors add new features, so I blocked @ttimpe.

mail-in-a-box / mailinabox