search

mail-in-a-box / mailinabox

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
https://mailinabox.email/
Creative Commons Zero v1.0 Universal
13.98k stars 1.44k forks source link

Please restore/add old DS record #2009

Open benkhouya opened 3 years ago

benkhouya commented 3 years ago

I tried to use the DS entries proposed by mailinabox but none of them work for me, could you please restore (or add) the old DS entry. Thank you!

PS. I'm afraid to make the whole web service inaccessible, by updating the DS information at the registrar level, especially in a production environment.

myfirstnameispaul commented 3 years ago

Option 7 is the old DS record.

myfirstnameispaul commented 3 years ago

Also, there is an RFC that explains why it is permitted to have more than one DS record, and it is to facilitate DNSSEC migration. So you can leave your old record while adding new records, and per RFC it should work.

However, some registrars don't like following RFCs, so YMMV.

benkhouya commented 3 years ago

Option 7 is not available with the installation of the latest version 0.53

benkhouya commented 3 years ago

Unfortunately I manage DNSSEC using Cloudflare, and the generated DS entry is not editable.

CF uses : Digest Type: SHA256 Algorithm: 13

Screenshot : https://ibb.co/TkY526S

myfirstnameispaul commented 3 years ago

Please update to the latest version of Mail-in-a-Box.

benkhouya commented 3 years ago

I just did it again (the update) and I don't have option 7 with the latest version 0.54

Screenshot : https://ibb.co/jbbs8pM

myfirstnameispaul commented 3 years ago

There should be more options, but based on your screenshot of the Cloudflare page, if your goal is to use Cloudflare as your domain name server, then you need to add the DS record to your registrar's records, nothing to do with MiaB.

benkhouya commented 3 years ago

I manually added the DS entry in the DNSSEC settings of my registrar, but when I do the same at the DNS level with Cloudflare it returns an error. Impossible to move forward.

DNS Validation Error (Code: 1004) DS record must have a corresponding NS record at [DOMAIN].

I never had this problem before in several servers, using previous versions of MiaB. (before this DS input update)

myfirstnameispaul commented 3 years ago

I am not clear under what conditions using Cloudflare as your name server would require any DS records from MiaB.

For problems related to Cloudflare, their support forums usually provide prompt responses.

benkhouya commented 3 years ago

Thanks for your answers, I hope the next version will fix the missing display of option 7 in the DS settings.

myfirstnameispaul commented 3 years ago

So far, this is the only report I have found of such problem. Without more details on your issue, it is unlikely to to be addressed.