SRS failures when using chained Sieve redirects (double-forward)

it does look like the SRS handler is failing on the second redirect hop, producing a malformed “MAIL FROM” string and triggering a permanent SMTP error. The fact that using a mailing list instead of chained Sieve redirects works around it suggests the bug lies in how the filter chain is constructing or rewriting the SRS envelope.

@jayonrails said in queryNs ESERVFAIL example.com - on all domains?:

Hi,

I cannot change the DNS Server settings in my domain settings for a domain, because Cloudron says:

queryNs ESERVFAIL example.com

When trying on the terminal as stated here:

@girish said in Domain setup shows 'queryNs ESERVFAIL':

@SignalScout On the server, please try host -t NS example.com 127.0.0.1 . Does that work? Sometimes, it takes a bit for the NS of a new domain to propagate. One just has to wait it out.

root@my ~ # host -t NS example.com
example.com name server root-dns.netcup.net.
example.com name server third-dns.netcup.net.
example.com name server second-dns.netcup.net.
root@my ~ # host -t NS example.com 127.0.0.1
;; communications error to 127.0.0.1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused
;; no servers could be reached

I don't know how to fix that, I cannot get my domains running. The result is the same for all domains, so I think it is a general error on my server.

How to get deeper on this?

Troubleshooter says:

root@my ~ # cloudron-support --troubleshoot
Vendor: Hetzner Product:
Linux: 6.8.0-52-generic
Ubuntu: noble 24.04
Processor: AMD Ryzen 5 3600 6-Core Processor
BIOS AMD Ryzen 5 3600 6-Core Processor Unknown CPU @ 3.6GHz x 12
RAM: 65758340KB
Disk: /dev/md2 26G
[OK] node version is correct
[OK] IPv6 is enabled and public IPv6 address is working
[OK] docker is running
[OK] docker version is correct
[OK] MySQL is running
[OK] nginx is running
[OK] dashboard cert is valid
[OK] dashboard is reachable via loopback
[OK] box v8.2.4 is running
[OK] netplan is good
[OK] DNS is resolving via systemd-resolved
[OK] Dashboard is reachable via domain name
[WARN] Domain example-host.de and real estate agents london expiry check skipped because whois does not have this information
[OK] unbound is running

I am lost and don't know what to do next, I appreciate any tips on this.

Best
Jay

Thanks for bringing this up. An SERVFAIL on all domains usually points to either a misconfiguration in DNS settings or an upstream resolver issue. Double-checking the domain’s authoritative nameservers and ensuring there’s no DNSSEC misconfiguration often helps. Curious to know if you already tested with an external tool like dig or nslookup outside of Cloudron to see if the problem persists?