Unable to modify DNS

Hi there,

I'm using Cloudmin Services and whatnot. DNS is on 2 separate DNS servers and there is the physical client machine with Virtualmin.

When I edit the virtual server and try to change any of these, DNS Options, DNS Records, DomainKey Options it seems to do nothing to the actual DNS records. They don't get updated from what I can see. It shows no errors and says it modified them but it didn't.

I can however log into the DNS servers themselves and edit the records manually there but it's really not very convenient to do that.

Seems like a bug to me somewhere, not sure what else it could be. Maybe it's due to the recent update to BIND?

Thanks!

Ryan

Status: 
Active

Comments

Seems like a Virtualmin bug. If you create a new domain, does it get added to the remote DNS server correctly?

The DNS records are added but no DKIM record or DMARC records and I can't seem to add them either.

Is BIND running in a chroot directory on the remote system?

Also, if you login to Webmin on the remote system and go to Servers -> BIND DNS Server -> some zone, can you see and edit records?

I'm not sure about the chroot, seems like maybe not. It should be however it was setup by default by Ubuntu 14.04 and Cloudmin/Virtualmin I suppose.

Yeah I can see records, and edit the ones which are master to that system. I can edit the records there actually and was able to add the DKIM key which shows . They seem like they can actually be edited within the Virtualmin virtual servers themselves but adding the DKIM key doesn't work, either through Virtualmin or manually. It will stay if I add it on the remote DNS server by editing the record there.

If I go to the Virtualmin virtual server and go to Server Configuration > DNS Options and click Yes for "DMARC record enabled?" it used to add a DMARC record to the DNS. Now it doesn't add the record but still looks like it worked fine with no errors.

If I go to Virtualmin > Email Messages > DomainKeys Identified Mail > and copy the key at the bottom under DNS records for additional domains I can paste this key into the DNS on the remote system and it saves. I can then go into the Virtualmin virtual server and edit DNS Records and see it there, I can even delete it through both selecting it and clicking Delete Selected Records or Manually Edit Records and deleting the line and saving. But when I go back and Manually Edit Records and try to add the line I just deleted it just won't be there when I save. If I try to create a new one using the button Create Record of Type and use a TXT record there it does not add it either.

So it seems a bit wonky to me. I don't see anything in any logs anywhere either.

Ok, I will do some more testing and update this ticket with details..

I think I've found the bug that causes this - the work-around until we do a new release is to edit the file /etc/webmin/bind8/config on both the Virtualmin system and the Cloudmin system, and change the line spf_record=1 to spf_record=0

Hi there,

I really appreciate you taking your time to try and fix this.

It looks like they were already set to spf_record=0 on my systems. I thought maybe that last webmin release may have included it so I tested but it still doesn't add DKIM or DMARC records in.

I think there were actually some weird bind issues from the start though, some I think I actually mentioned when I was setting everything up with Cloudmin in a giant thread I attempted to parse out into multiple different issues. I must have not did one on bind though.

I just noticed something else too which might be of some help. If I go into Virtualmin under a virtual server to Server Configuration > DNS Options and set SPF record enabled? to Yes it will save and it will add a SPF record. If I set it to no it will remove the SPF record. However if I do the same with DMARC it won't save it being set to Yes, it still shows as No when I come back to DNS Options. It still doesn't add any DMARC record though.

It does a very similar thing with not saving the options properly when I go to Email Messages > DomainKeys Identified Mail and add the domain under Additional domains to sign for. I also set Signing of outgoing mail enabled? to Yes and it doesn't save either of those. When I come back to that page it's still what it previously was.

So, it seems to me almost like it isn't properly saving all the options from various forms for some reason. These forms so far appear to include the DNS Create Record of Type button form, the DomainKeys Identified Mail form, and the DNS Options form. I'm worried there may be more like them which I haven't found too. Also note that it does save some of the options such as with the DNS Options form it saves all but the bottom 3 options, I cannot change those but I can change all the options above them. Those 3 options also seem to be slower to load on the page when the page loads.

Ok, it looks like there is another bug that breaks DMARC records. This will also be fixed in the next Cloudmin Services release.