Submitted by aaronstpierre on Wed, 08/21/2013 - 20:54 Pro Licensee
Hi,
I just happened to run the check-connectivity script and get the following error:
Status: 1 errors Error1: nsip : Nameserver mismatch : None of the nameservers match this system
I've set things up so that the virtualmin server is not listed as a nameserver.
Just curious if I could turn this off so that I don't get the error?
It's really not a big deal since I know that things are setup right but there really isn't a way for the script to know :)
Thanks!
Status:
Closed (fixed)
Comments
Submitted by JamieCameron on Wed, 08/21/2013 - 23:23 Comment #1
Are your domains setup so that the Virtualmin system is a "hidden primary" nameserver? Or is Virtualmin not actually doing the real DNS hosting at all?
Submitted by aaronstpierre on Thu, 08/22/2013 - 06:17 Pro Licensee Comment #2
Morning Jamie!
Yes I'm running a hidden primary. So the virtualmin server is updating the zones and then pushing out to the slaves which the world sees as ns1 and ns2.
Submitted by JamieCameron on Thu, 08/22/2013 - 12:05 Comment #3
Ok, I can see why the connectivity check would be failing in this case.
The tricky part to fix this would be determining a way for Virtualmin to figure out the difference between a hidden primary setup, and one where the sysadmin has really not setup their DNS registration properly.
Submitted by aaronstpierre on Thu, 08/22/2013 - 12:59 Pro Licensee Comment #4
I'm a bit confused with connectivity-lib.pl
foreach my $f ("dns", "web", "ssl", "mail") { push(@params, [ $f, $d->{$f} ]); }
There I can see that "dns" is one of the tests that are going to be performed but I can't find the code that actually does a DNS test...
I've searched long and hard to find the error messages too. I must be missing something...
Would it not be possible to look at 'cluster slave servers' and see the hosts that are used there and verify that one of them is in the SOA?
In my case I have ns1 and ns2 and all of my zones look something like this:
$ORIGIN . $TTL 3600 ; 1 hour domedomain.com IN SOA ns1.****.com. domain.****.com. ( 1376360334 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 38400 ; minimum (10 hours 40 minutes) ) NS ns1.****.com. NS ns2.****.com. A 1.1.1.1
I'm guessing right now you are comparing the host that is listed in the SOA and seeing if that is the name of the current virtualmin host that is running the connectivity check.
I'm also guessing that my idea isn't possible since if it were you would have already implemented it, or it's just not a sound idea to begin with :)
Submitted by JamieCameron on Thu, 08/22/2013 - 23:41 Comment #5
Actually, most of the logic for checking the DNS is done on our server. The next release of Virtualmin will fix this issue though, by sending secondary NS IPs to the server, and then ensuring that at least one of those is in an NS record.
Submitted by aaronstpierre on Fri, 08/23/2013 - 14:16 Pro Licensee Comment #6
Ahhh OK that makes total sense.
Sweet! Thanks a lot for the help and the explanation!
Submitted by Issues on Fri, 09/06/2013 - 16:11 Comment #7
Automatically closed -- issue fixed for 2 weeks with no activity.