Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a checkbox for external DNS usage. #404

Open
cooperaj opened this issue May 21, 2015 · 12 comments
Open

Add a checkbox for external DNS usage. #404

cooperaj opened this issue May 21, 2015 · 12 comments
Labels
enhancement

Comments

@cooperaj
Copy link

Adding a checkbox to the external DNS page that says "Yes I've done this" or something of that ilk would mean that you could squash the error/warning messages on the status page.
@apeman76
Copy link
Contributor

Would love to see this aswell

@JoshData JoshData mentioned this issue Dec 7, 2015
Closed
@JoshData JoshData mentioned this issue Jan 2, 2016
Closed
@aspdye aspdye mentioned this issue Jan 3, 2016
Closed
@JoshData JoshData mentioned this issue Jan 18, 2016
Open
@guyzmo guyzmo mentioned this issue Jan 24, 2016
Closed
@itslukej
Copy link

Would like to see this, I mainly use mailinabox for the mail itself.. not the dns. Perhaps a option when adding the domain to use the nameservers/dns?

@bronson
Copy link
Contributor

bronson commented Oct 1, 2016

I don't quite see the point to this... The first day you set up your external DNS, sure, you get a bunch of warnings. After that, it should be quiet, no?

(unless you're changing your settings a lot, which seems weird)

@itslukej
Copy link

itslukej commented Oct 1, 2016

@bronson: Some of us don't use mailinabox for the external DNS

@bronson
Copy link
Contributor

bronson commented Oct 1, 2016

@itslukej I hear it, that's why I'm trying to fix #649.

I'm just trying to understand what happens without this checkbox. It seems like you get one email with a bunch of warnings that you can ignore, then things are quiet? Or is it worse than that?

@cooperaj
Copy link
Author

cooperaj commented Oct 1, 2016

No, it's more that when using external dns, every visit to the status page
tells you you've configured everything wrong and it's all broken. Therefore
masking anything that might actually be broken since you ignore it all.

A tick box to turn off those checks would make the status page a while lot
more meaningful.

On Sat, 1 Oct 2016, 16:12 Scott Bronson, [email protected] wrote:

@itslukej https://github.com/itslukej I hear it, that's why I'm trying
to fix #649 #649.

I'm just trying to understand what happens without this checkbox. It seems
like you get one email with a bunch of warnings that you can ignore, then
things are quiet? Or is it worse than that?


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#404 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAYbUhC46oi90w_xzzT7xS3Texa58mZkks5qvnhugaJpZM4EjbPw
.

@bronson
Copy link
Contributor

bronson commented Oct 1, 2016

It's mostly warnings, isn't it? At least, it is on my page, but no doubt we have different configurations.

Personally, I don't mind the warnings because they're mostly correct -- yes it WOULD be better if I added the DKIM keys. :) I would not be happy to see a page full of errors of course.

Just trying to picture how this issue would be implemented... What would this checkbox do? Silence all DNS-related errors, or just some of them? Silence the warnings too? Maybe it would just prevent DNS checks from being performed at all?

@itslukej
Copy link

itslukej commented Oct 1, 2016

#687 Might be a good fix for this, allowing you to select if you want to use DNS with each domain.

@JoshData JoshData mentioned this issue Oct 2, 2016
Closed
@bronson
Copy link
Contributor

bronson commented Oct 5, 2016

I'd like to fix this but I still don't see what the checkbox should do. Prevent all DNS status checks from being run? Or just prevent any status check that emits an error? And maybe suppress status checks that result in warnings as well?

@biermeester
Copy link
Contributor

I'm using an external DNS server, and I see the following 'errors' that are not errors:

For my Miab server: box.{mydomain}.{tld}

✖ The DNSSEC 'DS' record for {mydomain}.{tld} is incorrect. See further details below.

? Nameserver glue records (ns1.box.{mydomain}.{tld} and ns2.box.{mydomain}.{tld}) should be configured at your domain name registrar as having the IP address of this box ({box ip address}). They currently report addresses of [Not Set]/[Not Set]. If you have set up External DNS, this may be OK.

For every other domain that my box is handling email for:

{somedomain}.{tld}

✖ This domain's DNSSEC DS record is incorrect. The chain of trust is broken between the public DNS system and this machine's DNS server. It may take several hours for public DNS to update after a change. If you did not recently make a change, you must resolve this immediately by following the instructions provided by your domain name registrar and provide to them this information:

✖ The nameservers set on this domain are incorrect. They are currently {external DNS1}; {external DNS2}; {external DNS3}. Use your domain name registrar's control panel to set the nameservers to ns1.box.{mydomain}.{tld}; ns2.box.{mydomain}.{tld}.

✖ This domain should resolve to your box's IP address (A {box ip address}) if you would like the box to serve webmail or a website on this domain. The domain currently resolves to {some ip address} in public DNS. It may take several hours for public DNS to update after a change. This problem may result from other issues listed here.

www.{somedomain}.{tld}

✖ This domain should resolve to your box's IP address (A {box ip address}) if you would like the box to serve webmail or a website on this domain. The domain currently resolves to {some ip address} in public DNS. It may take several hours for public DNS to update after a change. This problem may result from other issues listed here.

Those last two 'errors' are not really the result of using an external DNS server, of course. But I would not really consider them errors either.

Anyway, these are the 'errors' I think we could do without when explicitly opting for an external DNS server.

@hraban
Copy link

hraban commented Feb 28, 2018
edited
Loading

In addition, mailinabox doesn't detect external DNSSEC properly. I've set it up through cloudflare and my registrar; external DNSSEC validation tools say it's OK, but miab says the config is wrong. It expects its own keys in there, apparently.

It adds noise to the status page, which obscures real errors.

(see also #615)

@stsievert
Copy link

👍 I'm a new MIAB user, and am ignorant on DNS. I had to set up MIAB with external DNS because my personal website is setup through gitlab pages. It took me a couple hours to use DNSSEC with MIAB. Specifically, I took these steps:

  1. I enabled DNSSEC through Cloudflare, but then canceled it after a couple hours because the warning message said "resolve this issue immediately".
  2. This weekend, I decided to sit down and figure it out. I eventually filed an issue on Cloudflare's community forum asking how to use the DS record MIAB recommends with Cloudflare's DNSSEC (https://community.cloudflare.com/t/adding-ds-record-to-cloudflare-domain/242500).
  3. Their response is the only reason I'm okay with the red check mark about DNSSEC on the status check page.

Customizing the status page warnings for an external DNS would have saved me a couple hours this weekend.

@stsievert stsievert mentioned this issue Feb 8, 2021
Open
@melato melato mentioned this issue May 14, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@bronson @hraban @cooperaj @JoshData @biermeester @stsievert @itslukej @apeman76