DNSSEC - DS Record configuration for Mail in a Box server

Hi everyone.
I have a Mail in a Box server running the email service for a domain I own (we can call it domain2).
The MiaB server isn’t dedicated to domain2. It was created for another domain (say domain1) and is just an email “infrastructure provider” for domain 2.
For instance my domain2 mx record refer to box.domain1.com.
domain2 is ‘behind’ Cloudflare.
I could not get my previous registar to create a DS record that would work and I saw that DS records for Cloudflare domains are set automatically so… I transferred domain2 here.
I followed the instruction for DNSSEC setup and a DS record was created but MiaB still reports:

This domain’s DNSSEC DS record is incorrect. The chain of trust is broken between the public DNS system and this machine’s DNS server. It may take several hours for public DNS to update after a change. If you did not recently make a change, you must resolve this immediately (see below).

Has anyone solved a similar issue?

Thank you,

What is your domain? Or rather, what are your domains?

box.demimot.com is the MiaB domain
anonymazed.com is the domain behind cloudflare
Thank you!

anonymazed.com has a valid DNSSEC configuration.

box.demimot.com doesn’t have DNSSEC enabled. While not optimal, this shouldn’t cause you any problems.

Are you experiencing any problems other than that you see this warning?

Are you experiencing any problems other than that you see this warning?

I don’t know. Does it matter for DNSSEC to ‘work’ whether my server believes it is legit or not?

Does DNSresolve for the sender if they use a DNS validating resolver? If it does, mail will be sent.

1 Like

Yes. And I can send/receive emails @anonymazed.com.
It seems it doesn’t change much having DNSSEC enabled or not… Thank you all

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.