PTR4 Record says Not Set

skeats

I had to remove my server to new hardware as the server died. I took my full back of Cloudron and set it back up again and to fix the issue with Godaddy and the API Keys from not working, I had to create a new file called custom.conf in the Unbound.conf.d folder to get it working again with a restart of unbound.service using the Unbound documentation. Now, I am having the issue with the PTR4 saying it is not setup. When I did a PTR check for my IP, it comes back with my.domain.net.

I did do the following:

host -t PTR <IP address> 127.0.0.1 and it failed with:
communications error to 127.0.0.1#53: Connection refused
communications error to 127.0.0.1#53: Connection refused
No servers could be reached.

Then I did the following:
host -t PTR <IP Address> 8.8.8.8 and passed with:
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:
<IP Address>.in-addr.arpa domain name pointer my.domain.net

Since that passes, what is going on with my Cloudron instance? Seems it does not want to talk.

I noticed when I log into the Ubuntu CLI, I do a sudo ufw status, it is inactive. Could that be the issue?

When I setup the new server, I used the same internal IP as the old server and all of my Firewall rules are setup the same as before for Ports 80, 443, 25, 587, and 993.

How do we go about fixing this?

james

The PTR4 and PTR6 record need to be set in the server setting of your provider not your DNS provider.
See => https://docs.cloudron.io/email/#ptr-record

joseph

@skeats said in PTR4 Record says Not Set:

host -t PTR <IP address> 127.0.0.1 and it failed with:

host -t PTR <IP address> 127.0.0.150 is the correct way to test after Cloudron 8. Unbound has moved to 127.0.0.150 and there is nothing at 127.0.0.1 anymore

skeats

I did the check with 127.0.0.150 and got the following error:
Using domain server:
Name: 127.0.0.150
Address: 127.0.0.150#53
Aliases:
Host <IP Address>.in-addr.arpa not found: 2(SERVFAIL)

skeats

@james I know about that document for PTR Records, but I called my ISP, since my server is self hosted, and they confirmed that the record is set and is showing correctly. They said since on MXtoolbox, that it shows properly, the issue is with Cloudron. This is why I put in the ticket. What is going on with Unbound to not recognize the PTR record from my ISP.

skeats

@joseph I also noticed that the unbound is stuck in restarting status and will not fully start. Here are the logs for the last 2 minutes:

May 22 13:52:29 cloudron systemd[1]: unbound.service: Deactivated successfully.
May 22 13:52:29 cloudron systemd[1]: Stopped unbound.service - Unbound DNS Resolver.
May 22 13:52:29 cloudron systemd[1]: unbound.service: Consumed 4.835s CPU time, 9.9M memory peak, 0B memory swap peak.
May 22 13:52:29 cloudron systemd[1]: Starting unbound.service - Unbound DNS Resolver...
May 22 13:52:29 cloudron unbound[569109]: [569109:0] notice: init module 0: subnetcache
May 22 13:52:29 cloudron unbound[569109]: [569109:0] notice: init module 1: validator
May 22 13:52:29 cloudron unbound[569109]: [569109:0] notice: init module 2: iterator
May 22 13:52:29 cloudron unbound[569109]: [569109:0] info: start of service (unbound 1.19.2).
May 22 13:52:29 cloudron systemd[1]: Started unbound.service - Unbound DNS Resolver.
May 22 13:52:29 29+00:00 cloudron unbound[569109]: [569109:0] info: service stopped (unbound 1.19.2).
May 22 13:52:29 cloudron systemd[1]: Stopping unbound.service - Unbound DNS Resolver...
May 22 13:52:29 cloudron unbound[569109]: [569109:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
May 22 13:52:29 cloudron unbound[569109]: [569109:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
May 22 13:52:29 cloudron systemd[1]: unbound.service: Deactivated successfully.
May 22 13:52:29 cloudron systemd[1]: Stopped unbound.service - Unbound DNS Resolver.
May 22 13:52:29 cloudron systemd[1]: Starting unbound.service - Unbound DNS Resolver...
May 22 13:52:29 cloudron unbound[569124]: [569124:0] notice: init module 0: subnetcache
May 22 13:52:29 cloudron unbound[569124]: [569124:0] notice: init module 1: validator
May 22 13:52:29 cloudron unbound[569124]: [569124:0] notice: init module 2: iterator
May 22 13:52:30 cloudron systemd[1]: Started unbound.service - Unbound DNS Resolver.
May 22 13:52:30 cloudron unbound[569124]: [569124:0] info: start of service (unbound 1.19.2).
May 22 13:52:30 cloudron unbound[569124]: [569124:0] info: service stopped (unbound 1.19.2).
May 22 13:52:30 cloudron systemd[1]: Stopping unbound.service - Unbound DNS Resolver...
May 22 13:52:30 cloudron unbound[569124]: [569124:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
May 22 13:52:30 cloudron unbound[569124]: [569124:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
May 22 13:52:30 cloudron systemd[1]: unbound.service: Deactivated successfully.
May 22 13:52:30 cloudron systemd[1]: Stopped unbound.service - Unbound DNS Resolver.
May 22 13:52:30 cloudron systemd[1]: Starting unbound.service - Unbound DNS Resolver...
May 22 13:52:30 cloudron unbound[569147]: [569147:0] notice: init module 0: subnetcache
May 22 13:52:30 cloudron unbound[569147]: [569147:0] notice: init module 1: validator
May 22 13:52:30 cloudron unbound[569147]: [569147:0] notice: init module 2: iterator
May 22 13:52:30 cloudron unbound[569147]: [569147:0] info: start of service (unbound 1.19.2).
May 22 13:52:30 cloudron systemd[1]: Started unbound.service - Unbound DNS Resolver.
May 22 13:52:30 cloudron unbound[569147]: [569147:0] info: service stopped (unbound 1.19.2).
May 22 13:52:30 cloudron systemd[1]: Stopping unbound.service - Unbound DNS Resolver...
May 22 13:52:30 cloudron unbound[569147]: [569147:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
May 22 13:52:30 cloudron unbound[569147]: [569147:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
May 22 13:52:30 cloudron systemd[1]: unbound.service: Deactivated successfully.
May 22 13:52:30 cloudron systemd[1]: Stopped unbound.service - Unbound DNS Resolver.
May 22 13:52:30 cloudron systemd[1]: Starting unbound.service - Unbound DNS Resolver...
May 22 13:52:30 cloudron unbound[569164]: [569164:0] notice: init module 0: subnetcache
May 22 13:52:30 cloudron unbound[569164]: [569164:0] notice: init module 1: validator
May 22 13:52:30 cloudron unbound[569164]: [569164:0] notice: init module 2: iterator
May 22 13:52:30 cloudron unbound[569164]: [569164:0] info: start of service (unbound 1.19.2).
May 22 13:52:30 cloudron systemd[1]: Started unbound.service - Unbound DNS Resolver.

james

@skeats the not fully starting unbound service is the biggest culprit here.
The config for unbound is located in /etc/unbound/unbound.conf.d/cloudron-network.conf

# Unbound is used primarily for RBL queries (host 2.0.0.127.zen.spamhaus.org)
# We cannot use dnsmasq because it is not a recursive resolver and defaults to the value in the interfaces file (which is Google DNS!)

server:
        port: 53
        interface: 127.0.0.150
        interface: 172.18.0.1
        ip-freebind: yes
        do-ip6: yes
        access-control: 127.0.0.1 allow
        access-control: 172.18.0.1/16 allow
        cache-max-negative-ttl: 30
        cache-max-ttl: 300
        # enable below for logging to journalctl -u unbound
        # verbosity: 5
        # log-queries: yes

# https://github.com/NLnetLabs/unbound/issues/806
remote-control:
    control-enable: no

@skeats can you please check if port 53 is already in use?

Start with netstat - output from one of my systems:

netstat -tulpn | grep -i -E '.*:53\s+.*$'
tcp        0      0 127.0.0.150:53          0.0.0.0:*               LISTEN      835/unbound
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      656/systemd-resolve
tcp        0      0 127.0.0.54:53           0.0.0.0:*               LISTEN      656/systemd-resolve
tcp        0      0 172.18.0.1:53           0.0.0.0:*               LISTEN      835/unbound
tcp        0      0 188.245.165.100:53      0.0.0.0:*               LISTEN      1070/dockerd
udp        0      0 188.245.165.100:53      0.0.0.0:*                           1070/dockerd
udp        0      0 172.18.0.1:53           0.0.0.0:*                           835/unbound
udp        0      0 127.0.0.150:53          0.0.0.0:*                           835/unbound
udp        0      0 127.0.0.54:53           0.0.0.0:*                           656/systemd-resolve
udp        0      0 127.0.0.53:53           0.0.0.0:*                           656/systemd-resolve

Does yours look different? Is something else using port 53?

Also the lsof -i :53 command can give some insight:

lsof -i :53
COMMAND    PID            USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd-r  656 systemd-resolve   14u  IPv4   8685      0t0  UDP _localdnsstub:domain
systemd-r  656 systemd-resolve   15u  IPv4   8686      0t0  TCP _localdnsstub:domain (LISTEN)
systemd-r  656 systemd-resolve   16u  IPv4   8687      0t0  UDP _localdnsproxy:domain
systemd-r  656 systemd-resolve   17u  IPv4   8688      0t0  TCP _localdnsproxy:domain (LISTEN)
unbound    835         unbound    3u  IPv4   9391      0t0  UDP localhost:domain
unbound    835         unbound    4u  IPv4   9392      0t0  TCP localhost:domain (LISTEN)
unbound    835         unbound    5u  IPv4   9393      0t0  UDP my-DOMAIN-TLD:domain
unbound    835         unbound    6u  IPv4   9394      0t0  TCP my-DOMAIN-TLD:domain (LISTEN)
dockerd   1070            root   36u  IPv4  10659      0t0  TCP mail.DOMAIN.TLD:domain (LISTEN)
dockerd   1070            root   41u  IPv4  10660      0t0  UDP mail.DOMAIN.TLD:domain

Please check that and report back. Thanks.

Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Cloudron Forum

PTR4 Record says Not Set