Hi,
Have recently started experimenting with mailcow having used Zimbra for many years and am having trouble with DNS resolution by the acme container, which is preventing certs, which prevents ActiveSync.
mailcow VM is hosted on my own KVM server on a private IP (10.40.0.30), which acme keeps resolving autodiscover to. Whilst the mailcow VM uses my firewall as a DNS resolver, I don’t run a local DNS zone for that domain, so any DNS requests are satisfied by public DNS servers. So I don’t understand where acme is getting the 10.40.0.30 address from.
My knowledge of Docker is limited/poor, so I’m assuming there’s something I don’t understand going on with its DNS service.
The unbound container does resolve addresses correctly - is there a difference between how the acme and unbound cointainers handle DNS? How do I get the acme container to resolve as I’d expect? Any suggestions would be very greatfully received!
acme logs with resolution of autodiscover.sandfordit.co.uk to the host’s IP…
acme-mailcow-1 | Sat Apr 20 16:35:04 BST 2024 - Initializing, please wait...
acme-mailcow-1 | Sat Apr 20 16:35:04 BST 2024 - Using existing domain rsa key /var/lib/acme/acme/key.pem
acme-mailcow-1 | Sat Apr 20 16:35:04 BST 2024 - Using existing Lets Encrypt account key /var/lib/acme/acme/account.pem
acme-mailcow-1 | Sat Apr 20 16:35:04 BST 2024 - Detecting IP addresses...
acme-mailcow-1 | Sat Apr 20 16:35:24 BST 2024 - OK: 137.1.2.3, 0000:0000:0000:0000:0000:0000:0000:0000
acme-mailcow-1 | Sat Apr 20 16:35:24 BST 2024 - Found A record for autodiscover.sandfordit.co.uk: 10.40.0.30
acme-mailcow-1 | Sat Apr 20 16:35:24 BST 2024 - Cannot match your IP 137.220.65.28 against hostname autodiscover.sandfordit.co.uk (DNS returned 10.40.0.30)
acme-mailcow-1 | Sat Apr 20 16:35:24 BST 2024 - Found A record for autoconfig.sandfordit.co.uk: 10.40.0.30
acme-mailcow-1 | Sat Apr 20 16:35:24 BST 2024 - Cannot match your IP 137.220.65.28 against hostname autoconfig.sandfordit.co.uk (DNS returned 10.40.0.30)
acme-mailcow-1 | Sat Apr 20 16:35:24 BST 2024 - Found A record for gw.strutt.org.uk: 192.168.10.1
acme-mailcow-1 | Sat Apr 20 16:35:24 BST 2024 - Cannot match your IP 137.220.65.28 against hostname gw.strutt.org.uk (DNS returned 192.168.10.1)
acme-mailcow-1 | Sat Apr 20 16:35:24 BST 2024 - Cannot validate any hostnames, skipping Let's Encrypt for 1 hour.
acme-mailcow-1 | Sat Apr 20 16:35:24 BST 2024 - Use SKIP_LETS_ENCRYPT=y in mailcow.conf to skip it permanently.
acme container’s DNS resolution…
root@mailcow-test:/opt/mailcow-dockerized# docker compose exec acme-mailcow /bin/bash
981927058d5d:/# dig autodiscover.sandfordit.co.uk
; <<>> DiG 9.18.19 <<>> autodiscover.sandfordit.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7504
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;autodiscover.sandfordit.co.uk. IN A
;; ANSWER SECTION:
autodiscover.sandfordit.co.uk. 60290 IN CNAME mailcow-test.strutt.org.uk.
mailcow-test.strutt.org.uk. 153 IN A 10.40.0.30
;; Query time: 0 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Sat Apr 20 17:32:51 BST 2024
;; MSG SIZE rcvd: 112
981927058d5d:/# exit
unbound container’s DNS resolution…
root@mailcow-test:/opt/mailcow-dockerized# docker compose exec unbound-mailcow /bin/bash
6518d90b5a90:/# dig autodiscover.sandfordit.co.uk
; <<>> DiG 9.18.19 <<>> autodiscover.sandfordit.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26574
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;autodiscover.sandfordit.co.uk. IN A
;; ANSWER SECTION:
autodiscover.sandfordit.co.uk. 60272 IN CNAME mailcow-test.strutt.org.uk.
mailcow-test.strutt.org.uk. 60272 IN CNAME gw.strutt.org.uk.
gw.strutt.org.uk. 600 IN A 137.220.65.28
;; Query time: 7 msec
;; SERVER: 127.0.0.11#53(127.0.0.11) (UDP)
;; WHEN: Sat Apr 20 17:33:09 BST 2024
;; MSG SIZE rcvd: 129
6518d90b5a90:/#