@girish Thank you - now its working again.

@ajtatum Congrats on the success and all the learning! 😎

@Robin Yeah, I think what you did is the correct approach. Given that we don't have a "I know what I am doing button..." 🙂

@nebulon hey there, thanks for your reply, cloudron works now for me. maybe it was a dns propagation issue

@girish said in Cloudron often having problems with connection, "DNS_PROBE_FINISHED_NXDOMAIN", connection times out:

sudo nano /etc/hosts

thanks girish!!!

Just to note, it seems it was a timing issue, where the DNS in this case took longer than expected for full propagation.

I would be interested to know if someone does this outside of Cloudron for their existing business/personal use. Seems like a lot of work (and probably just easier to switch out your NS provider if they are flaky). We use route53 for cloudron.io and AFAIK it has never gone down.

@briankb-0 said in Root Domain Hosts Shopify Site Subs Are Cloundron:

What happens if I add the domain to Cloundron so I can use it to setup sub-domains for NodeBB and Ghost?

When you add a domain:

To validate credentials, the code will add a cloudrontestdns A record and remove this immediately. To configure the server to send emails: If there is an existing SPF record, it is edited to have a:my.my.domain.com . The SPF record essentially whitelists which servers can send email on behalf of the domain. This is NOT destructive, your existing SPF record is only amended. A DKIM record is added under <random>._domainkey.domain.com. This is used to sign/verify emails by mail servers. Because of the 'random' part, it won't conflict with any of your existing DKIM keys If there is no existing DMARC record, we create one with the value "v=DMARC1; p=reject; pct=100". This essentially is a strict DMARC policy not allowing anyone outside the SPF record to send emails on behalf of the domain.

Other than that, it is what @BrutalBirdie said. The bare/root domain is untouched. Cloudron only adds entries when you install apps. Also, if you had a root domain DNS entry already, it will warn you that it's in use, if you try to install an app on the root domain (it does this check for any subdomain).

@humptydumpty Err, I forgot that I already removed those last week as well - https://git.cloudron.io/cloudron/dashboard/-/commit/72ba61ad91d326c3f287a2f538809cc78afcfdc8 . So, this should be fixed in next release.

@gobenizzle see the unbound section of https://docs.cloudron.io/troubleshooting/#recovery-after-disk-full in case you hit the disk space issue.

@Mastadamus From the earlier screenshot you posted, the issue seems to be "Could not establish chain of trust". So, I would investigate that angle (which is DNSSEC related)

@nebulon Unfortunatelly not.

Just if anyone wants to contribute them self 😉

https://git.cloudron.io/cloudron/box/-/tree/master/src/dns

I figured it out. There was an issue in namecheap because after checking the ip adress in dnschecker it had two ip addresses: One was the server ip and the other from namecheap. Now there is only one available after chatting with them.

@jdaviescoates ah yes then this most likely was the issue with the unbound anchor file. See https://docs.cloudron.io/troubleshooting/#recovery-after-disk-full

@jodumont For apps that require multiple domains from the get-go i.e they require multiple domains at installations time, this is part of the next release (7.1) - https://forum.cloudron.io/topic/5982/what-s-coming-in-cloudron-7-1 .

Many (most?) apps can only handle being configured with a single domain. There is usually an APP_ORIGIN or equivalent setting that can only be set to one domain and is not an array. It is used by the app to set up CORS headers, generate static links, email links etc.

@meeksfamily06 Cloudron uses unbound and does not use systemd-resolved. You won't see any issues unless when trying to use the mail server (or maybe some apps like nextcloud might act strange when going to the apps section).

FWIW, a great DNS tool for checking on DNS propagation progress is here: https://dnschecker.org

@scooke yes, you can mix between Cloudron's automation and manual DNS changes. In fact, that's the normal and only mode of operation.

The automation is only adding and removing things that you would have to do normally outside Cloudron. For example, when you install an app, you have to setup A records. When you uninstall an app, you remove the A records. This is all the automation does. If you try to install an app in a location and there is already a DNS entry in your DNS provider, Cloudron will inform you of the same and let you 'overwrite' it or cancel the app installation.

Same goes for email stuff. It sets up things like DKIM/SPF records automatically. These are updated carefully to not collide with existing entries. The MX record is only touch if you enable incoming Cloudron Email. Even in that case, there is a checkbox to not update DNS.

@khadanja Is your idea to forward all queries ? The example config you pasted will only forward DNS queries for cloudron.lan (sic). You need the config in https://forum.cloudron.io/topic/5756/custom-dns-server-in-local-network/2 to forward all queries to your router.

@klfc556 does that domain contain any special characters? Also can you query the nameservers from your server if you are logged in via SSH?

This can be done for example with host -t NS example.com

@murgero I didn't say it wouldn't be accessible; it would, just through my proxies, that make sure to remove any information, that would help in disclosure.

You also miss an option with Intranets.

@klfc556 let's follow up at https://forum.cloudron.io/topic/5715/domain-setup-shows-queryns-eservfail

@brutalbirdie ok, thank you - I've got the idea!

If you like you can send us your domain name to support@cloudron.io and we can check if it's something on your side (i.e. some browser caching issue) or if we see it as well.

@girish Thanks, I thought maybe I set the DNS wrong but it must be the host then

Problem solved by install all three instances into one and bought a license from cloudron. Now it works 😉

@d19dotca Okay, that is a bit confusing, but I will only be able to figure it out once I try it.

I appreciate everyone's help and responses.