August 8, 2025Aug 8 Ok here's a weird one that I can't figure out how to fix without breaking other things. My server is part of a wireguard network, so it has an interface with a private IP, and my home network resolves the server hostname to the wireguard IP. Since this breaks access to the default vhost (i.e. Froxlor itself), I added the internal IP to the IPs and Ports. This seems to work fine. However..apparently Froxlor is for some reason adding that IP as an A record for the MX server, which is causing some mail filters to reject mail for my hosted domains. So basically mx.mydomain.com is resolving to all IPs added to froxlor, including the private one. Doing some quick testing as I'm writing this..and it seems that it's actually resolving *.mydomain.com to all the IPs in Froxlor..so the issue is even weirder than I thought. Any ideas/suggestions? If all else fails I can remove the IP from Froxlor..but then I have to access Froxlor by public IP instead of hostname (and click through the cert screaming at me for that..if it even allows me to access...). Thanks!
August 8, 2025Aug 8 13 minutes ago, techiem2 said: I added the internal IP to the IPs and Ports. that is primarily correct for the webserver configs to work properly 13 minutes ago, techiem2 said: However..apparently Froxlor is for some reason adding that IP as an A record for the MX server, which is causing some mail filters to reject mail for my hosted domains. you can specify MX servers in the settings...and also define the SPF record being generated 14 minutes ago, techiem2 said: Doing some quick testing as I'm writing this..and it seems that it's actually resolving *.mydomain.com to all the IPs in Froxlor depends on you domain configs, but generally, if configured as wildcard domains, then yes, the assigned ips for each domain are being added as A/AAAA records for *.domain.tld 15 minutes ago, techiem2 said: Any ideas/suggestions? being behind a NAT'ed server complicated things and the automatic dns zone generation does not consider whether it's a private IP or not. One would need to have an additional setting for private ips whether their nat'ed and if yes, what is the public ip top use correctly in DNS...this is currently not the case as from experience over the last 15 years, only a handful people actually run their own DNS server with froxlor. What you can do for now: "manually" (script/api) add A/AAAA records for the domain, if an A/AAAA record for a specific label (e.g. @, or www or *) exists, froxlor skips the automatic generation for that record-type
August 8, 2025Aug 8 Author 36 minutes ago, d00p said: that is primarily correct for the webserver configs to work properly you can specify MX servers in the settings...and also define the SPF record being generated Yeah, MX record is set to mx.mydomain.com. I have a site for just that so it would generate the ssl certs properly for that subdomain. 36 minutes ago, d00p said: depends on you domain configs, but generally, if configured as wildcard domains, then yes, the assigned ips for each domain are being added as A/AAAA records for *.domain.tld So that seems to be what it's doing, but for the base machine domain, which doesn't have a web domain profile since it's the default vhost that Froxlor is on..I don't see anywhere telling it to use wildcard for the default vhost domain..but maybe I'm missing something. 36 minutes ago, d00p said: being behind a NAT'ed server complicated things and the automatic dns zone generation does not consider whether it's a private IP or not. One would need to have an additional setting for private ips whether their nat'ed and if yes, what is the public ip top use correctly in DNS...this is currently not the case as from experience over the last 15 years, only a handful people actually run their own DNS server with froxlor. Interesting..I guess I'm the weird case then..not that that's surprising lol. In that case I'm guessing most people are using external DNS services and create all the DNS entries there before spinning up the web/email profiles in Froxlor? I do have a Cloudflare DNS account I'm using for a couple domains I use with an NPM instance..so I COULD start migrating other domains (or at least the base domain that's only used for the Froxlor vhost/ssh into the box/mx record/etc.) to that.. That might actually be the easiest solution since there's only a handful of actual records for that domain... 36 minutes ago, d00p said: What you can do for now: "manually" (script/api) add A/AAAA records for the domain, if an A/AAAA record for a specific label (e.g. @, or www or *) exists, froxlor skips the automatic generation for that record-type Hmm..since it's the base domain I'm not sure how to go about that apart from modifying the actual bind configs?
August 9, 2025Aug 9 Author Ok..Hopefully I have it.. I setup the base mydomain.com on Cloudflare with just the needed entries and switched the NS servers. After a while mxtoolbox was still showing the mx as the local ip..maybe because when looking up the mail domain on the local nameserver it was returning both the hostname and IP it had so the request wasn't going to Cloudflare to resolve mx? I went into Froxlor Virtualhost Settings and turned off Create bind-zone/config for system hostname, so now the only record the local DNS has for mydomain.com is the one specifically for mx.mydomain.com. I'll let that all bake overnight and see how mx lookups look in the morning.... I built out the mail domain in question in Cloudflare as well..but I think my friend is handling the registration for that one..so if needed I'll have to pester him to flip the nameservers, but hopefully these changes will take care of it so I won't need to do that yet.
August 9, 2025Aug 9 7 hours ago, techiem2 said: In that case I'm guessing most people are using external DNS services and create all the DNS entries there before spinning up the web/email profiles in Froxlor? Yes, that's pretty much the norm.
Create an account or sign in to comment