DNS Internal Server Error

My YunoHost server

Hardware: Intel NUC (i5-4750r CPU), 16GB RAM, 256GB SSD
YunoHost version: 4.3.6 (stable)
I have access to my server : SSH, webadmin, direct access with keyboard
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

I previously had YuNoHost working on this system with a domain running nextcloud and a few other small apps. Everything was working fine and there were no issues. Recently started using pfSense and everything was fine with ports, still had access, etc. Starting having issues with port forwarding after messing with NAT for some other devices, so I reverted to a self signed cert as part of my trouble shooting. Once I got port forwarding fixed again (verified with canyouseeme) I switched back to a Let’s Encrypt cert. Since then, I get a weird DNS error on my domain in the webadmin (I’ve also updated DNS records in Google Domains since starting to use pfSense - like I said, this set up was working just last week including pfSense). The error shows up when I go to Domains > “domain” > DNS. I have tried simply rebooting, restarting nginx, running sudo yunohost app ssowatconf, anything I can think of. I’m capable of editing files through command line, writing code, running commands, etc. (software engineer - just not my area of expertise…).

Edit: I should also add that I also cannot connect to my domain now since I get a self signed cert error: Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT. This is after a few days and rebooting the server, clearing cache, trying different browsers. But generating certs with Let’s Encrypt completes successfully.

Error: "500" Internal Server Error
Action: "POST" /yunohost/api/domains/msimone.dev/dns/push?dry_run
Error Message: Unexpected server error
Traceback:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/moulinette/interfaces/api.py", line 492, in process
    ret = self.actionsmap.process(arguments, timeout=30, route=_route)
  File "/usr/lib/python3/dist-packages/moulinette/actionsmap.py", line 599, in process
    return func(**arguments)
  File "/usr/lib/moulinette/yunohost/domain.py", line 544, in domain_dns_push
    return domain_dns_push(domain, dry_run, force, purge)
  File "/usr/lib/moulinette/yunohost/log.py", line 419, in func_wrapper
    result = func(*args, **kwargs)
  File "/usr/lib/moulinette/yunohost/dns.py", line 700, in domain_dns_push
    client = LexiconClient(query)
  File "/usr/lib/python3/dist-packages/lexicon/client.py", line 75, in __init__
    self.provider = provider_class(self.config)
  File "/usr/lib/python3/dist-packages/lexicon/providers/googleclouddns.py", line 75, in __init__
    if self._get_provider_option("auth_service_account_info").startswith("file::"):
AttributeError: 'NoneType' object has no attribute 'startswith'

Sounds like a bug inside the lexicon library we’re using, not much we can do except building a fresher version of the lib someday. In the meantime, just don’t try to use the autoDNS conf with Google cloud DNS

How do I enable/disable autoDNS? I don’t remember doing anything to set that up unless it’s the default. Whenever I go to the DNS configuration page I get the error and the page doesn’t load on the webadmin

Just looked at the autoDNS thing you mentioned - DNS for my domain is managed through Google Domains, and the only thing that has changed since things stopped working is my public IP changed, but that was updated prior to things not working. It seems like the Let’s Encrypt cert is being created but not applying correctly to the domain server side? Errors I keep getting say that the server has a self signed cert but that shouldn’t be the case.

I seem to have fixed remote connectivity to the domain, and it seems unrelated to the DNS issue? All I did to fix remote connections was disable secure connections to pfSense. I’m not sure how the site worked initially after pfSense was setup as that was on by default.

Speculation: could it have to do with hairpinning / NAT reflection? It has to do with reaching LAN devices from inside the LAN on their public IP.
Maybe pfSense is proxying in one way or another, did you experiment with reverse proxies on pfSense?

Anyway, great that it works now :slight_smile:

Welcome to the forum by the way!

1 Like

NAT reflection seems to still be an issue as I can’t access the domain on LAN unfortunately. I marked this as solved since my initial goal was achieved. I’m admittedly quite a noob when it comes to pfSense and setting up a lot of networking stuff. Still learning what everything does and why things work the way they do.

Disabling NAT reflection (is that what I’d even want to be doing?) for ports 80 and 443 didn’t seem to fix LAN access to the domain. And obviously if I use the local IP in a domain override it will just take me to the webadmin page…

EDIT: Got it! Enabling NAT + Proxy for NAT reflection in the port forward settings allows me to connect to the domain on LAN now as well.

1 Like

Great! Thanks for sharing the solution :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.