Jump to content
Froxlor Forum
  • 0

NameServer config and DKIM signing for email.


steve_adams
 Share

Question

I have 2 stand alone nameservers, ns1.radicalcomputingconcepts.com and ns2.radicalcomputingconcepts.com. The DNS is delegated from godaddy to these two NS. Both physical servers are running Froxlor. NS1 is also hosting mail. I am trying to configure both machines with Bind9 on Ubuntu 20.04 to act as the functional NS for domains hosted on either machines.

1) Do I need to add domains in both Froxlor control panels for radicalcomputingconcepts.com? I'm not hosting a site here at all...only DNS and mail.

2) How do I configure NS2 to point to NS1 for a particular domain? for instance keystonedesign.com is on the NS1 server. Do I need to install the domain on NS2 as well and edit the DNS manually to point it to the NS1 server?

3) How do I configure the DKIM email signing (mail is only sent from NS1) for resolution from NS2? Manually edit the DNS record?

Link to comment
Share on other sites

14 answers to this question

Recommended Posts

  • 0

1) no, the nameserver domain does not need to be added to froxlor

2) you might want to read docs about master/slave - the second NS does not need to be a froxlor server (froxlor only does MASTER)

3) if you have your NS set up correctly there is no need to edit dns records on ns2 manually...you basically want ns2 to get new zones and updates automatically from ns1 ...again, read about master/slave

Link to comment
Share on other sites

  • 0

could you please point me to a link regarding master/slave configuration?

When configuring the mail server, if I do not list the nameserver as a domain (which is also the mail server) where can I edit the DNS records to add DKIM, DMARC, and SPF?

Link to comment
Share on other sites

  • 0
6 minutes ago, steve_adams said:

could you please point me to a link regarding master/slave configuration?

If you want to run your own nameserver...google for that kind of stuff is the LEAST you should be able to do on your own...you won't learn anything if i just tell you what to do...you need to understand what and more importantly - why - you do it.

7 minutes ago, steve_adams said:

When configuring the mail server, if I do not list the nameserver as a domain (which is also the mail server) where can I edit the DNS records to add DKIM, DMARC, and SPF?

did you even check out the settings and dns editor in froxlor?! come on...

Link to comment
Share on other sites

  • 0

I've been running my own NS for a couple of decades with DJBDNS on both these machines. However, with Google's increasing the DKIM bit length to 2048, djbdns will no longer contain the length of the records. Since I was running Froxlor since beta I was aware of the Nameserver settings and the DNS editor is fairly new. Yes...I have checked the settings. The issue I'm having is that the server name (radicalcomputingconcepts.com) cannot be listed as a domain from within Froxlor so I can't edit the zone to add DMARC. DKIM, SPF for mail.radicalcomputingconcepts.com for which all the domains within froxlor send mail through. This is the only domain for which I have PTR

Link to comment
Share on other sites

  • 0
13 minutes ago, steve_adams said:

The issue I'm having is that the server name (radicalcomputingconcepts.com) cannot be listed as a domain from within Froxlor

So, you have set this Domain as froxlor system Hostname? If yes, why Not Just use froxlor.radicalcomputingconcepts.com so you can add radicalcomputingconcepts.com as domain

Link to comment
Share on other sites

  • 0

Ok, I'm still having issues with the DKIM signing. I'm successfully issuing the keys and can dig dkim21._domainkey.mail.radicalcomputingconcepts.com txt but the emails are not getting signed? postfix conf?

Link to comment
Share on other sites

  • 0

I installed open-dkim since dkim-filter was removed from the apt sources list for Debian some time ago. I've dug pretty deep in the Froxlor docs, forums, and issues and not found any conclusive configuration solutions for open-dkim. Please advise.

Link to comment
Share on other sites

  • 0

Basically, froxlor generates a keyfile for each Domain, and you will have to Tell the Service how to use Them. There are soke Threads for opendkim Here. Rspamd should also have Options to make it Work.

Dkim config Templates are Not maintained that much as it depends on the Nameserver Feature which Not many people use.

 

Link to comment
Share on other sites

  • 0

Ok, I'm getting closer. My issue is twofold:

1) postfix was indeed not configured correctly. The main.cf milters were set to 'smtpd_milters = inet:localhost:8891' and 'non_smtpd_milters = inet:localhost:8891' rather than 'smtpd_milters = local:opendkim/opendkim.sock' and 'non_smtpd_milters = local:opendkim/opendkim.sock'

2) the dkim-keys.conf generated by Froxlor in /etc/postfix/dkim and the domains file also generated there do not conform to open-dkim's intended format for the /etc/opendkim/signing.table and /etc/opendkim/keys.table as pointed to via the /etc/opendkim.conf file.

In regard to number 2 above, has anyone contributed a template to construct these two tables??...I assume this file would be lib/Froxlor/Cron/Dns/DnsBase.php

I'm using opendkim: OpenDKIM Filter v2.11.0

Link to comment
Share on other sites

  • 0

I managed to resolve my issue by manually configuring Rspamd to inject the keys Froxlor created.

I realize it's a low priority as there are few people as stubborn as I am when it comes to running a DNS server and hosting my own mail server, but it would be nice to incorporate opendkim and rspamd configurations into Froxlor. 

I am extremely grateful to the Froxlor community for the present solution. I'd like to contribute these feature requests myself; however, I'm reluctant because I don't think you'd want me sticking my dirty novice hands into the community food bowl!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...