BIND template substitution variables

The documentation here seems to be out of date and full of broken links, the latter presumably due to the Drupal upgrade. It doesn't, for example, include the ${IP6} substitution variable for an IPv6 IP address that I discovered through trial and error.

But what I'm really looking for is information on creating my own template for BIND in a Server Template. Virtualmin seems to need a full template like this if I don't like its default zone file:

$ttl 38400
@ IN SOA ns1.example.net. hostmaster.example.net. (
1456884310
10800
3600
604800
38400 )
@ IN NS ns1.example.net.
@ IN NS ns2.example.net.
domain.com. IN A 1.2.3.4
www.domain.com. IN A 1.2.3.4
ftp.domain.com. IN A 1.2.3.4
m.domain.com. IN A 1.2.3.4
localhost.domain.com. IN A 127.0.0.1
webmail.domain.com. IN A 1.2.3.4
admin.domain.com. IN A 1.2.3.4
mail.domain.com. IN A 1.2.3.4
domain.com. IN MX 5 mail.domain.com.
domain.com. IN AAAA 2600:1234::5678:4321:9876:xxxx
www.domain.com. IN AAAA 2600:1234::5678:4321:9876:xxxx
ftp.domain.com. IN AAAA 2600:1234::5678:4321:9876:xxxx
m.domain.com. IN AAAA 2600:1234::5678:4321:9876:xxxx
webmail.domain.com. IN AAAA 2600:1234::5678:4321:9876:xxxx
admin.domain.com. IN AAAA 2600:1234::5678:4321:9876:xxxx
mail.domain.com. IN AAAA 2600:1234::5678:4321:9876:xxxx
autoconfig.domain.com. IN A 1.2.3.4
autoconfig.domain.com. IN AAAA 2600:1234::5678:4321:9876:xxxx

However, variables like the contact address ("hostmaster.example.net" here), the serial number, TTLs, etc. are all defined elsewhere in Virtualmin or Webmin, so what substitution variables do I use so that those values are inserted instead of a literal "1456884310" for the serial number, or a literal "hostmaster.example.net"? I already know about these:

  • ${DOM}
  • ${IP}
  • ${IP6}

However, I'm specifically looking for the substitution variables for values in the SOA record and TTL values ... these parts:

$ttl 38400
@ IN SOA ns1.example.net. hostmaster.example.net. (
1456884310
10800
3600
604800
38400 )

Anyone have any ideas? I haven't found what looks like a complete and current list anywhere. Thanks.

Craig

Status: 
Closed (fixed)

Comments

Howdy -- so my initial thought here, is that the default zones are actually pretty good... I believe I recall from your Forum post that you prefer cnames. The default zones work quite well though, and it can be some work to revamp the whole thing.

However, we'll gladly help out in changing those if you'd prefer. Here are some thoughts on your questions --

I don't believe there are substitution records for the TTL values, however, Jamie would need to verify that to be certain. I believe those numbers would need to be hard coded in your template.

I also believe I recall Jamie saying that there is a substitution variable for any of the parameters in the files located in "/etc/webmin/virtual-server/domains/".

That is, within the files in that directory are lines that look like this:

PARAMETER=VALUE

So there should be variables named after all those "PARAMETER" names.

For "hostmaster.example.net", what you could do is something like this:

hostmaster.${DOM}

And for "ns1.example.net", you would usually just enter your primary nameserver there (so perhaps you'd keep ns1.example.net, rather than using ns1.{DOM}, since ns1.{DOM} isn't typically defined as a nameserver).

For the serial number itself, you could create that using the variables ${CURRENT_YEAR}, ${CURRENT_MONTH}, and ${CURRENT_DAY}.

Are there any others that I missed?

Hi Eric,

Thanks for your reply. I prefer CNAMEs because they greatly simplify the sometimes hectic process of trying to get clients to log into the correct servers, especially as we try to avoid placing everything on one server for security, safety and redundancy reasons. I'll spare you and everyone else the details of my thinking though -- and I understand why A records are often preferred -- but that is my preference.

Anyway, I took another look at it and what I've done is list a bunch of records such as ...

www.${DOM}. IN CNAME ${DOM}.

... in the "BIND DNS records for new domains" textarea, and instead of selecting "Use only the records above" as I did previously I've selected the "Add above to automatically generated records" radio button and deselected the "Address records for new domains" options below that that I don't like that create A records. This way Virtualmin should be able to generate a syntactically correct zone file with default SOA and TTL values, just using my defined records and only a couple of default records.

I'm just going through the server template I'm creating right now and will be able to report of my success (or failure) shortly, I hope.

That said, an authoritative list of substitution variables would still be nice, as the contents of /etc/webmin/virtual-server/domain-template (assuming that was what you were referring to, as there is no /etc/webmin/virtual-server/domains/) are clearly not complete, just to use the one example I discovered of "${IP6}".

Out of curiosity though, how would I create an SOA record using the client's own email address? If I just enter ...

${DOM}. IN SOA ns1.example.net. ${EMAILTO}.

... in the "BIND DNS records for new domains" textarea, Virtualmin is going to complain that my syntax is incorrect (presumably because it wants all of the times following that inside curly brackets), not to mention that fact that even if Virtualmin didn't complain this would result in an SOA record with an @ sign in it, which isn't correct.

I guess what is becoming clear is that I'm being difficult and wondering if there's a way for me to build an entire zone file based on substitution variables. Perhaps there isn't, and I should just accept that. :)

Craig

Hmm, I don't have a domain-template directory on my system here (Jamie would be able to offer more input on what that is). You should have a "/etc/webmin/virtual-server/domains" dir though... though that could be due to there not being any domains yet.

That directory contains the data for all the domains that have been added so far... one file per domain.

Out of curiosity though, how would I create an SOA record using the client's own email address? If I just enter ...

You're correct, even if you used EMAILTO, there would still be an @ symbol in the zone file.

I'll offer that Virtualmin creates a hostmaster@domain.tld alias any time a domain is created. It's an alias that points to the Virtual Server owner's email account. So were you to use "hostmaster.${DOM}", that's an address that should exist.

Jamie may have some additional input on this, we'll see... he's on vacation in New Orleans at the moment, so he's not as available as he normally is (none of us ever leave our PC's entirely, for better or worse, so he'll be checking in soon :-)

Oh, I'm breaking my own rule here by mixing up topics, but I wanted to offer you something that may offer you some additional assistance.

While it's hard to say "I'll be available on this day at this exact time", I try to be available on IRC throughout the day to respond to questions. While I do my best to help everyone who has a question, I also try to go the extra mile for Virtualmin Pro customers.

That can be a good way to go over a few quick things. I appreciate that while the support tracker here works, sometimes one just needs a quick answer to a simple problem. And that's an informal place where I help out, along with others in the community.

That would also be a good place to meet up to discuss options in the Account Plans or Server Templates that you were asking about previously.

You can access that on irc.freenode.org, channel "#virtualmin". I use the same nick there, "andreychek" (my last name).

Just thought I'd toss that idea out in case it might interest you!

Hi Eric,

Thanks for your feedback. I've been pretty busy over the last 24 hours getting this server online and live, so my apologies for my slow response.

You're right, the /etc/webmin/virtual-server/domains directory did appear only after I started creating domains on the server, and the files in there do appear to contain a comprehensive list of possible substitution variables.

Seeing as I'm not hosting email on this server, the default behaviour of creating a hostmaster@domain.tld alias doesn't really help me. I create RFC 2142 addresses on my own domains, but it's too much to create them on all of our clients' domains. I used to lie awake at night thinking about that, but I don't any more. :) The only exception is abuse@, which I do create on certain domains.

However, I did run into either a bug, or perhaps an unintended violation (on my part) of a DNS RFC I haven't read. (I don't know and I don't have time to look it up right now.) Under "Webmin | Servers | BIND DNS Server | Zone Defaults" I had the email address "cp.hostmaster@example.com" (using my own real domain, of course) entered in the "Default email address" field. When I set up my first domain, Virtualmin created a zone file with the following in the SOA record:

"cp/.hostmaster.example.com."

Yes, with the quotation marks and backslash and all, although on my real domain of course. (The forum software removes the backslash between "cp" and the dot, so I have replaced it with a forward slash so that something is plainly visible.) As a result, BIND would not restart and I had to manually edit the zone file.

Is this a Virtualmin bug -- escaping the dot in the left hand side and then enclosing the whole thing in quotation marks -- or have I unintentionally violated some DNS RFC by including a dot in the LHS of my email address? I've never run into this before on any nameserver, BIND or otherwise.

Thanks for the IRC information. I'll keep that in mind but I think I'm essentially through the fire where I was hoping to have a hand to guide me to help me get through it quicker. The server is online with live domains, and now it's mostly a matter of tying up lose ends and transferring domains from the older servers that this one is replacing.

Craig

Jamie, does this look like a Virtualmin bug to you? In particular this part Craig described here:

However, I did run into either a bug, or perhaps an unintended violation (on my part) of a DNS RFC I haven't read. (I don't know and I don't have time to look it up right now.) Under "Webmin | Servers | BIND DNS Server | Zone Defaults" I had the email address "cp.hostmaster@example.com" (using my own real domain, of course) entered in the "Default email address" field. When I set up my first domain, Virtualmin created a zone file with the following in the SOA record:

"cp/.hostmaster.example.com."

Yes, with the quotation marks and backslash and all, although on my real domain of course. (The forum software removes the backslash between "cp" and the dot, so I have replaced it with a forward slash so that something is plainly visible.) As a result, BIND would not restart and I had to manually edit the zone file.

Was it a forward slash, or backslash? Back is expected, because of the way the email address in that field is formatted.

Hi Jamie,

Thanks for your reply. Yes, a backslash. (As I said, the forum software removes a backslash, so I can't actually post the literal string here.) If a backslash is expected, why does BIND choke on it? I've never seen a backslash in a BIND zone file. And the quotation marks don't help either, of course.

Craig

This is the actual string Virtualmin creates in the SOA record of the zone file:

"cp\.hostmaster.example.com."

Including, as I say, the quotation marks, which shouldn't be there.

(Figured escaping the backslash when I post might allow it through. It did.)

Ok, so the problem is that in the SOA record, an email like user@domain.com has to be formatted like user.domain.com. This means that you can't just use ${EMAILTO} - instead you can use ${DNSEMAIL} which will be in the correct format.

Hi Jamie,

Yes, I understand how an email address is formatted in an SOA record. But why is Webmin/Virtualmin taking cp.hostmaster@example.net and turning it into (literally, quotation marks and all):

"cp\.hostmaster.example.net"

Isn't that a bug? Or is it intentional? Virtualmin is getting this address from the "Default email address" field at "Webmin | Servers | BIND DNS Server | Zone Defaults".

Craig

That is (as far as I know) the correct format. Is BIND rejecting it on your system?

Hi Jamie,

Thanks for your reply. I've never seen an SOA record with backslashes or quotation marks in it. With them, yes, BIND rejected the configuration and would not start. When I removed them manually, it started.

Before (failure):

@ IN SOA ns1.example.net. "cp\.hostmaster.example.net." (
2016030301
10800
3600
604800
38400 )

After (success):

@ IN SOA ns1.example.net. cp.hostmaster.example.net. (
2016030302
10800
3600
604800
38400 )

Craig

Surprising, because this was worked for me in the past. Which BIND version are you running there?

The trouble with using cp.hostmaster.example.net is that this could be equally interpreted as cp@hostmaster.example.net

Hi Jamie,

Thanks for your reply. Virtualmin reports BIND version 9.9.4, command line reports "9.9.4-RedHat-9.9.4-29.el7_2.2". This is (or was) a clean VPS with Virtualmin added (after doing nothing but a "yum update") from the installation script. I've made no changes to base configurations (except for ProFTPd) other than through Virtualmin and Webmin.

And yes, I'm aware of the ambiguity of such an address, and that's not unintentional on my part, to be honest. Call me paranoid, but there are enough ways for spammers to scrape addresses that direct email to my accounts without opening another one that is rarely used (in my experience) for legitimate purpose. I'm big on the "an ounce of prevention is worth a pound of cure" concept when it comes to spam avoidance.

The thing is, it's my assumption that the backslash and quotation marks should not be there and are being inadvertently introduced by the Virtualmin script that creates a virtual server. Am I wrong?

Craig

Interesting, it looks BIND's behavior changed between when I originally added support for this format and now - the backslash is fine, but the quotes aren't valid. This will be fixed in the next Webmin release.

Status: Active ยป Fixed

(That will be Webmin 1.800)

Jamie,

OK, I did a couple of tests, and it's possible I'm wrong on the backslash, and the piling of assumptions on top of assumptions probably doesn't help either.

I manually edited (through "Virtualmin | Server Configuration | DNS Records | Manually Edit Records") a zone file and introduced only a backslash and BIND accepted that. I then removed the backslash and added only quotation marks, and that failed.

So clearly you are correct (and I was wrong) about the backslash, but it's the quotation marks that are the problem. And going back to assumptions -- because I'm not analysing code -- I'm guessing that the script that creates the virtual server is perhaps introducing the quotation marks because of the backslash, as it doesn't add quotation marks if the contact address in Webmin doesn't have a dot in the LHS.

Hope that clarifies things.

Craig

Oops, sorry. We were writing and coming to the same conclusions at the same time. :)

Jamie, I should add that I appreciate this level of interaction with you. In my experience with certain other control panels -- mostly Plesk, but also cPanel to a more limited extent since I haven't used it that much -- you're mostly dealing with (essentially) PR people whose job it is to either ignore you and hope you go away, or respond with "Nothing to see here, move along, everything is fine!" That's an incredibly broad brush and a massive generalisation, but it's my observation for what it's worth.

Craig

And I should add Eric in there too, of course. :)