[GH-ISSUE #3388] Issue with get_authoritative_server Function Failing for DKIM Check #1845

New issue

Closed

opened 2026-02-27 11:19:26 +03:00 by kerem · 6 comments

kerem commented 2026-02-27 11:19:26 +03:00

Owner

Copy link

Originally created by @jerems6 on GitHub (Dec 22, 2024).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/3388

Impacted versions

• OS Type: Ubuntu
• OS Version: 24.04
• Database Type: PostgreSQL
• Database version: 16.6
• Modoboa: 2.3.4
• Installer used: Yes
• Webserver: Nginx

Steps to reproduce

1. Install modoboa using installer
2. Add a domain, with DKIM enabled, default Key selector (modoboa) and Key length 2048
3. Generate DKIM key via the command libe /srv/modoboa/env/bin/python /srv/modoboa/instance/manage.py modo manage_dkim_keys ("generate key" was not available via the web UI after the fresh installation)
4. Add TXT record on the DNS server: modoboa._domainkey.mydomain.com (v=DKIM1;k=rsa;p=XXXXX)
5. Wait up to 48 hours
6. Run the command the check the DKIM: /srv/modoboa/env/bin/python /srv/modoboa/instance/manage.py modo check_mx

Current behavior

DKIM status showes "No record found"

Expected behavior

DKIM status shows record found

Proposed Fix

The get_authoritative_server function in Modoboa fails to retrieve the authoritative server during a DKIM check. The issue arises when querying with the domain like "modoboa._domainkey.mydomain.com". An exception is raised with "_domainkey.mydomain.com" of type dns.resolver.NXDOMAIN.

The function should handle dns.resolver.NXDOMAIN exceptions in addition to dns.resolver.NoAnswer, ensuring the logic continues with the domain's parent in such cases.

The issue occurs because dns.resolver.NXDOMAIN is not caught by the except block. This leads to the function halting prematurely instead of continuing to the parent domain.

github.com/modoboa/modoboa@2cb6ccebfa/modoboa/admin/lib.py (L208)

The except block should also handle dns.resolver.NXDOMAIN to ensure the function works correctly.

New line suggested:
except (dns.resolver.NoAnswer, dns.resolver.NXDOMAIN) as e:

Originally created by @jerems6 on GitHub (Dec 22, 2024). Original GitHub issue: https://github.com/modoboa/modoboa/issues/3388 # Impacted versions * OS Type: Ubuntu * OS Version: 24.04 * Database Type: PostgreSQL * Database version: 16.6 * Modoboa: 2.3.4 * Installer used: Yes * Webserver: Nginx # Steps to reproduce 1. Install modoboa using installer 2. Add a domain, with DKIM enabled, default Key selector (modoboa) and Key length 2048 3. Generate DKIM key via the command libe `/srv/modoboa/env/bin/python /srv/modoboa/instance/manage.py modo manage_dkim_keys` ("generate key" was not available via the web UI after the fresh installation) 4. Add TXT record on the DNS server: modoboa._domainkey.mydomain.com (v=DKIM1;k=rsa;p=XXXXX) 5. Wait up to 48 hours 6. Run the command the check the DKIM: `/srv/modoboa/env/bin/python /srv/modoboa/instance/manage.py modo check_mx` # Current behavior DKIM status showes "No record found" # Expected behavior DKIM status shows record found # Proposed Fix The `get_authoritative_server` function in Modoboa fails to retrieve the authoritative server during a DKIM check. The issue arises when querying with the domain like "modoboa._domainkey.mydomain.com". An exception is raised with "_domainkey.mydomain.com" of type dns.resolver.NXDOMAIN. The function should handle dns.resolver.NXDOMAIN exceptions in addition to dns.resolver.NoAnswer, ensuring the logic continues with the domain's parent in such cases. The issue occurs because dns.resolver.NXDOMAIN is not caught by the except block. This leads to the function halting prematurely instead of continuing to the parent domain. https://github.com/modoboa/modoboa/blob/2cb6ccebfa0224ef8a3e392ac130e637edf9e4b3/modoboa/admin/lib.py#L208 The except block should also handle dns.resolver.NXDOMAIN to ensure the function works correctly. New line suggested: `except (dns.resolver.NoAnswer, dns.resolver.NXDOMAIN) as e:`

kerem 2026-02-27 11:19:26 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-02-27 11:19:27 +03:00

Author

Owner

Copy link

@tonioo commented on GitHub (Jan 16, 2025):

Why does the resolution fail if you properly declared your record?

<!-- gh-comment-id:2595052918 --> @tonioo commented on GitHub (Jan 16, 2025): Why does the resolution fail if you properly declared your record?

kerem commented 2026-02-27 11:19:27 +03:00

Author

Owner

Copy link

@Spitfireap commented on GitHub (Jan 16, 2025):

Perhaps @arthru if you could enlight us with your DNS knowledge ? :D

<!-- gh-comment-id:2595222394 --> @Spitfireap commented on GitHub (Jan 16, 2025): Perhaps @arthru if you could enlight us with your DNS knowledge ? :D

kerem commented 2026-02-27 11:19:27 +03:00

Author

Owner

Copy link

@arthru commented on GitHub (Jan 16, 2025):

NXDOMAIN happens when a name could not be resolved

it can happen when asking a NS record for "modoboa._domainkey.mydomain.com"

based on reading this issue, the proposed fix looks good to me, but I did not test it myself

<!-- gh-comment-id:2595779468 --> @arthru commented on GitHub (Jan 16, 2025): NXDOMAIN happens when a name could not be resolved it can happen when asking a NS record for "modoboa._domainkey.mydomain.com" based on reading this issue, the proposed fix looks good to me, but I did not test it myself

kerem commented 2026-02-27 11:19:27 +03:00

Author

Owner

Copy link

@Spitfireap commented on GitHub (Jan 16, 2025):

Thanks @arthru.

@jerems6 are you able to open a PR ?

<!-- gh-comment-id:2596419315 --> @Spitfireap commented on GitHub (Jan 16, 2025): Thanks @arthru. @jerems6 are you able to open a PR ?

kerem commented 2026-02-27 11:19:27 +03:00

Author

Owner

Copy link

@stale[bot] commented on GitHub (Apr 25, 2025):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

<!-- gh-comment-id:2829161830 --> @stale[bot] commented on GitHub (Apr 25, 2025): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

kerem commented 2026-02-27 11:19:27 +03:00

Author

Owner

Copy link

@stovesy commented on GitHub (Jun 16, 2025):

The above changed fixed the issue I was having...

<!-- gh-comment-id:2976589167 --> @stovesy commented on GitHub (Jun 16, 2025): The above changed fixed the issue I was having...

kerem referenced this issue 2026-02-27 12:10:24 +03:00

[PR #1845] [MERGED] New management command to import LDAP accounts. #2311

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

fix/sievefilters-allow-email-in-rule-name

dependabot/npm_and_yarn/frontend/axios-1.15.0

translations_04c0b653215cb5fa48ab101eae1a1917_ja_JP

translations_5d93982e9fd6dab991db4faf93ce9ded_ja_JP

fix/login-issue-3995

fix/sievefilters-issues

add-vitepress-openapi

2974-dmarc-empty-email

2.3.x

updated-doc-2.3.0

feature/OIDC

delete-all-alarms

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_af_ZA

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ar

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ca

1.x

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_sk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_tr

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_es_ES

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_uk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_zh_CN

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_de_DE

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_da_DK

1.8.x

1.7.x

1.6.x

1.4.x

1.3.x

1.2.x

2.8.2

2.8.1

2.8.0

2.7.2

2.7.1

2.7.0

2.6.5

2.6.4

2.6.3

2.6.2

2.6.1

2.6.0

2.5.1

2.5.0

2.4.11

2.4.10

2.4.9

2.4.8

2.4.7

2.4.6

2.4.5

2.4.4

2.4.3

2.4.2

2.4.1

2.4.0

2.3.6

2.3.5

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.3.0-beta.4

2.3.0-beta.3

2.3.0-beta.2

2.3.0-beta.1

2.2.4

2.2.3

2.2.2

2.2.1

2.2.0

2.1.2

2.1.1

2.1.0

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

2.0.0-beta.3

2.0.0-beta.2

2.0.0-beta.1

1.17.0

1.16.1

1.16.0

1.15.0

1.14.0

1.13.1

1.13.0

1.12.2

1.12.1

1.12.0

1.11.1

1.11.0

1.10.7

1.10.6

1.10.5

1.10.4

1.10.3

1.10.2

1.10.1

1.10.0

1.9.1

1.9.0

1.8.3

1.8.2

1.8.1

1.8.0

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.3

1.6.2

1.6.1

1.6.0

1.5.3

1.5.2

1.5.1

1.5.0

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.5

1.3.4

1.2.2

1.3.3

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.2.0-rc2

1.2.0-rc1

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.1

1.0.0

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8.8

0.8.7

0.8.6.1

0.8.6

0.8.5

0.8.4

0.8.3

0.8.3-rc1

0.8.2

0.8.1

0.8

0.8-rc2

0.8-rc1

0.7.2

0.7.1

0.7

0.6.1

0.6

0.5

0.3

0.2

0.1

Labels

Clear labels   

bug

  

bug

  

dependencies

  

design

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

feedback-needed

  

help-needed

  

help-needed

  

installer

  

invalid

  

looking-for-sponsors

  

modoboa-contacts

  

new-ui

  

new-ui

  

pr

  

pull-request

Mirrored from GitHub Pull Request

  

pyconfr

  

python

  

question

  

security

  

stale

  

webmail

  

wontfix

No labels

bug

bug

dependencies

design

documentation

duplicate

enhancement

enhancement

enhancement

feedback-needed

help-needed

help-needed

installer

invalid

looking-for-sponsors

modoboa-contacts

new-ui

new-ui

pr

pull-request

pyconfr

python

question

security

stale

webmail

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/modoboa-modoboa#1845

No description provided.