I need to enable a secondary DNS

I need to add a secondary dns for my webmin dns, so that an external server can provide secondary dns; I have added the secondary's IP as per the screenshot, but it appears still not to work. Please advise. Many thanks

Status: 
Active

Comments

To clarify, I want to apply this to all existing domains in web min, so that the external dns can poll the info from webmin.

I have set up the secondary web min on a fps, but it doesn't seem to be working - how do I check what is going on?

Also can someone remind me of the cli tool to test dns on a particular name server for domain xyz.com Thanks

I meant on a VPS not FPS, sorry - typo!

Having Webmin hosted on an FPS would be interesting, maybe we should talk to Jamie about that :-)

For performing DNS tests, I use "dig". You can use it like the following to test a particular DNS entry at a given nameserver:

dig a test.domain.tld @my.nameserver.tld

That would look up the 'A' record for test.domain.tld using the nameserver my.nameserver.tld.

Let us know what you discover while doing that, and we can assist in sorting all that out!

Hi

The main Virtualmin server is ns1.orangehandhosting.com where I have followed the instructions to set up a slave dns server on webmin at ns3.orangehandhosting.com

Bind is running on ns3, and the zone file has populated with the zones from ns1, but when I dig ns3 @ns3 I get:

<>> DiG 9.7.3-P3 <<>> a ns3.orangehandhosting.com @ns3.orangehandhosting.com ;; global options: +cmd ;; connection timed out; no servers could be reached

transcript as follows:

$ dig a ns3.orangehandhosting.com @ns1.orangehandhosting.com

; <<>> DiG 9.7.3-P3 <<>> a ns3.orangehandhosting.com @ns1.orangehandhosting.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26706 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available

;; QUESTION SECTION: ;ns3.orangehandhosting.com. IN A

;; ANSWER SECTION: ns3.orangehandhosting.com. 38400 IN A 198.144.178.154

;; AUTHORITY SECTION: orangehandhosting.com. 38400 IN NS host3a.orangehandhosting.com. orangehandhosting.com. 38400 IN NS host3.orangehandhosting.com.

;; ADDITIONAL SECTION: host3.orangehandhosting.com. 38400 IN A 92.60.120.131 host3a.orangehandhosting.com. 38400 IN A 92.60.120.132 host3a.orangehandhosting.com. 38400 IN A 92.60.120.131

;; Query time: 20 msec ;; SERVER: 92.60.120.131#53(92.60.120.131) ;; WHEN: Tue May 15 19:17:10 2012 ;; MSG SIZE rcvd: 148

$ dig a ns3.orangehandhosting.com @198.144.178.154

; <<>> DiG 9.7.3-P3 <<>> a ns3.orangehandhosting.com @198.144.178.154 ;; global options: +cmd ;; connection timed out; no servers could be reached

Any ideas??

but the zone file at ns3 is populated from ns1, but dig to ns3 fails - it is listed as a name server and is a glue record....

These are the records at the first named name server: What is wrong??

What output do you receive if you log into NS3, and run this command:

netstat -an | grep :53

That will show which interfaces BIND is listening on.

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 ::1:53 :::* LISTEN
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 ::1:53 :::*

It looks like BIND is set to only listen on the local interface on NS3.

So it'd just be a matter of tweaking the BIND config to tell it to listen on all interfaces, rather than just one.

If you'd like a hand with that, let us know what distro/version is being used on NS3.

Yes please - BIND 9.7.3 on Centos - I wouldn't know where to start!!!

Okay, can you paste in the contents of your /etc/named.conf file? That should give us some clues as to why it's only listening on the local interfaces.

options { directory "/etc"; pid-file "/var/run/named.pid"; forwarders { 92.60.120.131; }; };

zone "." { type hint; file "/etc/db.cache"; };

zone "finchassociates.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/finchassociates.com.hosts"; }; zone "familyaffairsblog.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/familyaffairsblog.com.hosts"; }; zone "0.in-addr.arpa" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/0.rev"; }; zone "enjoyableit.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/enjoyableit.co.uk.hosts"; }; zone "gracelandsyard.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/gracelandsyard.com.hosts"; }; zone "unlimiteddreamedia.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/unlimiteddreamedia.com.hosts"; }; zone "orangehandhosting.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/orangehandhosting.co.uk.hosts"; }; zone "nickharvey.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/nickharvey.co.uk.hosts"; }; zone "bsvhsc.org.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/bsvhsc.org.uk.hosts"; }; zone "marykaywilmers.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/marykaywilmers.net.hosts"; }; zone "parridys.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/parridys.co.uk.hosts"; }; zone "guystansfeldarchitects.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/guystansfeldarchitects.com.hosts"; }; zone "positiveconsumer.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/positiveconsumer.co.uk.hosts"; }; zone "huntingsilver.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/huntingsilver.co.uk.hosts"; }; zone "frithstreetgallery.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/frithstreetgallery.com.hosts"; }; zone "andymartinassociates.com.disabled" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/andymartinassociates.com.disabled.hosts"; }; zone "orangehand.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/orangehand.com.hosts"; }; zone "sitehistory.org" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/sitehistory.org.hosts"; }; zone "heartaches.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/heartaches.co.uk.hosts"; }; zone "255.in-addr.arpa" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/255.rev"; }; zone "3xarc.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/3xarc.com.hosts"; }; zone "10starmedia.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/10starmedia.co.uk.hosts"; }; zone "nstjh.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/nstjh.com.hosts"; }; zone "wrigglevalleythoroughbreds.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/wrigglevalleythoroughbreds.co.uk.hosts"; }; zone "sarnay.com.disabled" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/sarnay.com.disabled.hosts"; }; zone "jervois.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/jervois.com.hosts"; }; zone "10starentertainment.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/10starentertainment.com.hosts"; }; zone "willwhitedesign.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/willwhitedesign.com.hosts"; }; zone "gracelands.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/gracelands.net.hosts"; }; zone "sportingsilver.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/sportingsilver.co.uk.hosts"; }; zone "indiaknight.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/indiaknight.com.hosts"; }; zone "23arc.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/23arc.com.hosts"; }; zone "barnabywoodwork.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/barnabywoodwork.co.uk.hosts"; }; zone "carolynseymour.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/carolynseymour.co.uk.hosts"; }; zone "gracelandscafe.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/gracelandscafe.com.hosts"; }; zone "nicktucker.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/nicktucker.net.hosts"; }; zone "10star.tv" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/10star.tv.hosts"; }; zone "2dogroom.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/2dogroom.com.hosts"; }; zone "hostingforheroes.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/hostingforheroes.co.uk.hosts"; }; zone "janetmadden.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/janetmadden.co.uk.hosts"; }; zone "annietobin.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/annietobin.com.hosts"; }; zone "nickharvey.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/nickharvey.com.hosts"; }; zone "orangehandmail.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/orangehandmail.co.uk.hosts"; }; zone "maxcad.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/maxcad.co.uk.hosts"; }; zone "dinamistry.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/dinamistry.co.uk.hosts"; }; zone "landseer.it" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/landseer.it.hosts"; }; zone "malvernmedia.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/malvernmedia.co.uk.hosts"; }; zone "orangehand.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/orangehand.net.hosts"; }; zone "johngoldman.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/johngoldman.co.uk.hosts"; }; zone "davidogilvy.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/davidogilvy.co.uk.hosts"; }; zone "dorsetfudgepackers.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/dorsetfudgepackers.co.uk.hosts"; }; zone "timrice.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/timrice.co.uk.hosts"; }; zone "mellyrees.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/mellyrees.com.hosts"; }; zone "nutt.tv" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/nutt.tv.hosts"; }; zone "allett.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/allett.net.hosts"; }; zone "rodogrady.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/rodogrady.co.uk.hosts"; }; zone "jgballardestate.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/jgballardestate.com.hosts"; }; zone "claphamroad.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/claphamroad.co.uk.hosts"; }; zone "loftcafe.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/loftcafe.co.uk.hosts"; }; zone "127.in-addr.arpa" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/127.rev"; }; zone "enjoyableit.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/enjoyableit.com.hosts"; }; zone "nicktucker.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/nicktucker.com.hosts"; }; zone "troddan.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/troddan.co.uk.hosts"; }; zone "cmharvey.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/cmharvey.co.uk.hosts"; }; zone "piphornestudio.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/piphornestudio.com.hosts"; }; zone "followinghounds.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/followinghounds.co.uk.hosts"; }; zone "shootingsilver.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/shootingsilver.co.uk.hosts"; }; zone "followhounds.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/followhounds.co.uk.hosts"; }; zone "stansfeld.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/stansfeld.com.hosts"; }; zone "knatchbull.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/knatchbull.net.hosts"; }; zone "evadon.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/evadon.co.uk.hosts"; }; zone "fishingsilver.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/fishingsilver.co.uk.hosts"; }; zone "orangehandhosting.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/orangehandhosting.com.hosts"; }; zone "showchoirchallenge.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/showchoirchallenge.co.uk.hosts"; }; zone "natshire.org.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/natshire.org.uk.hosts"; }; zone "the-badger.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/the-badger.net.hosts"; }; zone "10starentertainment.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/10starentertainment.co.uk.hosts"; }; zone "beaballardmedia.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/beaballardmedia.com.hosts"; }; zone "lucygoldman.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/lucygoldman.com.hosts"; }; zone "orangehand.eu" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/orangehand.eu.hosts"; }; zone "guystansfeld.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/guystansfeld.com.hosts"; }; zone "portobello.tv" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/portobello.tv.hosts"; }; zone "beaballard.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/beaballard.com.hosts"; }; zone "jgballardestate.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/jgballardestate.co.uk.hosts"; }; zone "cavigioli.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/cavigioli.com.hosts"; }; zone "nottinghill.tv" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/nottinghill.tv.hosts"; }; zone "sirtimrice.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/sirtimrice.co.uk.hosts"; }; zone "orangehanddesign.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/orangehanddesign.co.uk.hosts"; }; zone "enjoyableit.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/enjoyableit.net.hosts"; }; zone "macgod.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/macgod.co.uk.hosts"; }; zone "petitgas.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/petitgas.net.hosts"; }; zone "xxii.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/xxii.com.hosts"; }; zone "beastallnorth.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/beastallnorth.com.hosts"; }; zone "positiveconsumer.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/positiveconsumer.com.hosts"; }; zone "planet-positive.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/planet-positive.com.hosts"; }; zone "rubyred.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/rubyred.co.uk.hosts"; }; zone "catkinson.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/catkinson.co.uk.hosts"; }; zone "hostingforheroes.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/hostingforheroes.com.hosts"; }; zone "lbcasting.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/lbcasting.co.uk.hosts"; }; zone "lewisohn.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/lewisohn.net.hosts"; }; zone "lesleybeastallcasting.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/lesleybeastallcasting.com.hosts"; }; zone "beastallnorth.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/beastallnorth.co.uk.hosts"; }; zone "lasermonkey.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/lasermonkey.com.hosts"; }; zone "bsvh.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/bsvh.co.uk.hosts"; }; zone "jgballardestate.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/jgballardestate.net.hosts"; }; zone "localhost" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/localhost.hosts"; }; zone "riskregister.org" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/riskregister.org.hosts"; }; zone "showerdrop.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/showerdrop.com.hosts"; }; zone "huntingdiary.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/huntingdiary.co.uk.hosts"; };

The config you have there should be okay -- what if you just restart BIND, does that help? You can do that with this command:

/etc/init.d/named restart

After that, what does this output:

netstat -an | grep :53

looks the same I think??:

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 ::1:53 :::* LISTEN
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 ::1:53 :::*

May I have some progress on this please? We seem to have been swapping emails for rather a long time!!

Thanks

We'd be happy to login to your system to see what is going wrong here .. but we'd need remote root SSH access.

If that's possible, please email me at jcameron@virtualmin.com

Hi Jamie - happy to give you root access, but can I sms you the password - not at all keen of putting it in email!!

You can SMS it to me at +1 408 646 3656

Thanks Main Virtualmin server is host3.orangehandhosting.com and slave webmin server is ns3.orangehandhosting.com

I will text you the pass

Got it - will login and take a look later today.

I think it is fixed now - I commented out the lines :

        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };

which make BIND only accept connections on localhost. Now it seems to be resolving just fine..

many thanks - is that a web min bug? I didn't do any CLI setup, just followed the instructions via the web interface...

Nick

It's more of a bug in the default BIND configuration... although a Virtualmin install should correct this.

Did this secondary system ever have Virtualmin on it?

It's more of a bug in the default BIND configuration... although a Virtualmin install should correct this.

Did this secondary system ever have Virtualmin on it?

No - it was a brand new server (a 6$ VPS by the way!!) with a standard install of Webmin and no other apps... Seems like it might be a bug??

Silly question - I presume I now need to add the web min server to the name server list for all the domains at their registrars??

What happens if the virtual min machine goes off line - will the web min server keep serving dns regardless? (that is what I wanted to achieve anyway, by way of redundancy)

I will look into adding some better detection of this case ... or at least documenting the slave setup better.

And yes, you should add the slave to the list of nameservers for your domains at the registrar. This way if either goes off line, the other will continue to serve DNS request (until the time-to-live for the zone expires, which is typically 1 day).

Thanks - if you need anything from me that would help, let me know!