Hairpin NAT not working – could this be related to DNS changes I made for email delivery at my registrar?
-
Hi!
For a couple of hours now, both the Cloudron admin interface and the email services have been unavailable for me, but all apps seems to be running just fine.
Just before this happened, I was trying to add some changes to the DNS for the same domain name as I use for my Cloudron to solve some mail delivery problems.
When I ran
cloudron-support --troubleshootand got an error message about Hairpin NAT not working and that the admin domain could not be loaded.
So I went into my registrars DNS configuration and removed the TXT entry I had added for my.<cloudron.domain>, even though I couldn't understand why that would have an impact on the admin interface or email services.
But when I did, both admin interface and email became accessible again. Good. But I still get the Hairpin DNS error and FAIL for loading dashboard admin when troubleshooting from my servers terminal.
Can someone explain what's going on here?
- How could SPF records have an impact on the services?
- And how could they become available again, yet cloudron-support claming there is a problem with Hairpin NAT?
-
Hairpinning is a feature in your router. I’m not sure if that’s a thing with a vps at a hosting provider.
Go into your router and look for hairpin toggle.
-
J joseph marked this topic as a question
-
@thoresson are you self hosting at home? If so, what router (brand/model) do you have?
-
@thoresson also, have you opened up ports 80 and 443 in the router?
You need to assign those ports to the server ip (both ipv4 and ipv6 if you have that).
Then, activate dynamic dns in your cloudron dashboard to make sure it auto-updates when your ip changes.
-
Not sure which nameserver provider you are using, but I remember that back in the day it was possible to screw up the zonefile, rendering all DNS records broken. But generally try to put the TXT record back and then just try to resolve the dashboard domain using your nameserver explicitly (to avoid caching). This should work, if not, please contact your nameserver provider about that.
