mailinabox
mailinabox copied to clipboard
mail-in-a-box
status check errors for secondary domain when using external DNS with @, www A records at different IP
Description
If I use external DNS for a mailinabox secondary domain and set the @ and www A/AAAA records to a different IP than the mailinabox IP (MX) then mailinabox shows errors in the status page about.
Steps to reproduce
- Go to control panel, "Mail & Users" -> Users.
- Add a mail address for a new domain (or subdomain) that is on external DNS
- Setup the DNS records for that domain, as Main-In-A-Box wants them, except for NS and (@, www A/AAAA). You can also skip TLSA, SSHFP.
- Go to System -> TLS (SSL) certificates
- Provision the TLS certificates for that domain, by pressing the Provision button. (This gets rid of some errors/warnings).
- Add the _mta-sts TXT record in the external DNS. (Mail-In-A-Box did not show this record earlier).
- Go back to the Status Page
Result
The Status page shows three errors (not warnings).
- The nameservers set on this domain are incorrect.
- This domain should resolve to your box's IP address
- www.{DOMAIN}: This domain should resolve to your box's IP address
Expected Result
There should be no errors. There could be warnings.
Workaround
I can get rid of the errors, by setting the A record in Custom DNS, even though I'm not using the Mail-In-A-Box DNS nameserver:
- Go to control panel, System -> Custom DNS
- Set the A record for the secondary domain
- Go back to the Status Page
- Result: There are now warnings: ? The nameservers set on this domain at your domain name registrar should be... ? Web has been disabled for this domain because you have set a custom DNS record. ? A redirect from 'www.{DOMAIN}' has been disabled for this domain because you have set a custom DNS record on the www subdomain. ? This domain's DNSSEC DS record is not set. (This also appeared before).
The workaround works because the status page checks for custom DNS settings of the @ A record uses this code: management/status_checks.py:
# Get the list of domains that we don't serve web for because of a custom CNAME/A record.
domains_with_a_records = get_domains_with_a_records(env)
management/web_update.py:
def get_domains_with_a_records(env):
domains = set()
dns = get_custom_dns_config(env)
for domain, rtype, value in dns:
if rtype == "CNAME" or (rtype in ("A", "AAAA") and value not in ("local", env['PUBLIC_IP'])):
domains.add(domain)
return domains
Perhaps a solution would be for get_domains_with_a_records to do a DNS query for the A record, instead of looking for custom DNS settings.
There is a related enhancement request: #404
Please, finally fix this. I've been using MIAB since the beginning and assuming that I want it to handle all of my DNS for all of my domains is just a little too much. Give me per-domain checkboxes or radioboxes. 🔘Just mail, contacts, calendar 🔘Website hosting (root domain and www should resolve to this server) 🔘Have MIAB be the primary nameserver for this domain
This would remove a lot of clutter on the status check dashboard.
Really not interested in having folks demand that other contributors add new features, so I blocked @ttimpe.
