The Virtualmin guide to dual nameservers with BIND from start to finish.

9 posts / 0 new
Last post
#1 Tue, 12/20/2016 - 03:23
litonfiredesign
litonfiredesign's picture

The Virtualmin guide to dual nameservers with BIND from start to finish.

The Virtualmin guide to dual nameservers with BIND from start to finish.

From a fresh install I have found this is the best procedure to setup a slave DNS at the time of creating your virtualmin server. This is from a fresh install of virtualmin on two separate servers. One will act as the primary to host websites, the other as a slave DNS server to be a secondary nameserver.

For this walkthrough I will be referring to DNS1 as simply DNS and DNS2 as DNS2, this is cleaner. But it's truly your preference, You say tomato I say tomato. Good.

STEP ONE *Go to the registrar at which the domain you intend to use for your nameservers ( or overall server ) is located, put in the two IPs to the two servers with the relative dns name ie. DNS IP: 00.00.00.00, DNS2 IP: 00.00.00.00 (each registrars process is different) Google search add nameserver to (registrar_name)

A NOTE: Of course, the IP addresses that you use for setting up DNS and DNS2 should be the IP addresses of the Servers at which your two installations of Virtualmin will reside, DNS (1) IP should be the one that you are hosting your sites from ( does not have to be, but is nicer ) DNS2 should be the IP of the server you are running with Virtualmin ( or only webmin ) for your secondary nameserver. This second server is strictly to be used for a redundant source of data as a nameserver. ( you could probably use it for storage too but not to host websites ) This secondary server will be synced up with your primary DNS (1) server with DNS BIND and will copy all of your DNS zones to it when you create or delete "Virtual servers" in Virtualmin.

STEP TWO *If you add the nameserver for a particular domain, example: bigjoestires.com, you will then want to point that same domain to those new nameservers, so if you make dns.bigjoestires.com and dns2.bigjoestires.com nameservers at godaddy, then you must set the new nameservers for bigjoestires.com in the "point to nameserver" area of your registrar, essentially, the domain must point to itself. This will then take away your DNS options on that registrar ( if they offer them ) and that task will then be pointed toward your new nameservers ( which you are now going to host yourself )

CREATING NAMESERVERS AT GODADDY https://www.godaddy.com/help/add-my-own-host-names-as-nameservers-12320

A QUICK RUNDOWN *Lets say your domain is going to be, bigjoestires.com and you plan to use dns.bigjoestires.com and dns2.bigjoestires.com, you have already purchased two VPS servers and have installed on both servers a copy of "Virtualmin" ( I recomend virtualmin on both, the interface is nice and if your new to Webmin / Virtualmin like me, it will be easier to navigate one interface ) Now on your primary hosting server, you are going to want to name that server dns.bigjoestires.com as the servername. (The servername of your actual VPS), you can check it with the command "hostname" on Centos7 in ssh, you can change it with this line ( hostnamectl set-hostname your.newhost.name ) Be sure to change "your.newhost.name" to whatever your full address is going to be with your registrar for the primary nameserver, or edit the file ( vi /etc/hostname ) You don't have to, it can actually be anything ( and some hosts name it for you ) but its easier in the long run if you can name it that. ( and cleaner ) but virtualmin has steps in their system to override this if you cannot do this part for some reason. Now, this server will be the one you put your websites on, so make sure it's the better of the two. ( if they are any different ). As for the other server, respectively name it after your second Nameserver, This server will only be used to "Bind" to your primary server, so being that is the case, we will name it ( as a servername, signed in as root or a sudo user into ssh ) dns2.bigjoestires.com. VERY IMPORTANT: I have noticed that some server hosts that force you to pick a "servername" when you create your server with them, will force the servername back to whatever you set with them after a system reboot so it is in your best interest to have them set the servername for you if their "backstage" does not allow you to change it from their end yourself. This will keep any faults from happening that will mess with your nameservers quality. This can be tested by setting your servername with ( hostnamectl set-hostname your.newhost.name ) doing a check of your new hostname with command ( hostname ) if its not there, restart the hostname with ( systemctl restart systemd-hostnamed ) then check again with command ( hostname ). Now if it's there, to make sure that a reboot doesnt reset it, do a server reboot with command ( reboot ) as I stated above, some servers will force reset your servername, "Interserver.net" is one of those. If it resets to whatever you chose when you setup your account with them, submit a ticket to your server host and ask them to set it to the appropriate name for you so this won't happen if your system is rebooted. ( this is not 100% necessary as Virtualmin allows you to set this in their user interface, which I will get into later, but if you are anal about your stuff like me, then you will probably want to do this, so I am providing this knowledge for those people )

A RECAP *OK so far we have setup the nameservers with our registrar ( not all registrars provide this option ), pointed our domain name bigjoestires.com to our newly created nameserver by setting the nameservers on that very same domain name to point to dns.bigjoestires.com and dns2.bigjoestires.com. This essentially means in layman's terms, that we logged into (godaddy) for example, clicked on our domain "bigjoestires.com", whent to the "names" section at the bottom, set the nameservers to their IP addresses ( IP's of each server), whent back up to the "nameservers" section just below godaddys DNS pointer tool and changed the nameservers on "bigjoestires.com" to our newly created nameservers addresses. Now lets setup the servers in virtualmin so that they present themselves to the internet as nameservers and the data they produce will be accepted.

BEFORE STEP THREE If you have not setup your servers yet, after install, do so now, after you log in for the first time, set everything up with the "Post install wizard" make sure to set your servername here to suit your nameserver for that location. When you do so, there is a checkbox to ignore that the address is not resolvable via the web, this should be checked because your system is not up and running yet and it will not be able to resolve the nameserver that is yet to be set up. So ignore that and move on. All the other settings are on you, based on what you need your server to do.

ATTENTION: If you could not set your server names (hostname) for the actual server itself for some reason or another as mentioned above in ( A QUICK RUNDOWN follow these steps. *On your "Primary server", travel to ( Virtualmin > System Settings > Server Templates ) Click on "Default Settings", click the dropdown box, go to BIND DNS domain, Look for "Master DNS server hostname" and uncheck "Automatic" and select the "Hostname" option that allows you to type in your primary Nameservers name. So for our example this would be "dns.bigjoestires.com" Since you are running BIND, you to not need to add anything to "Additional manually configured nameservers." ALSO *Set your hostname in ( Webmin > Networking > Network Configuration ) on both servers. ( Do not touch anything else here )

STEP THREE At this point you may not have firewall up and running, but if you do, you must first log into your secondary server or dns2.bigjoestires.com server ( the one that is just for your extra nameserver ) and travel to ( Webmin > Networking > Linux Firewall ) and open up ports ( If protocol is TCP and destination port is 10001:10010 and state of connection is NEW ) and ( If protocol is UDP and destination port is 10001:10010 and state of connection is NEW ) so that BIND can talk from your Primary server dns.bigjoestires.com to your secondary server dns2.bigjoestires.com without being blocked out. Also if firewall is running you will need to open ports ( If protocol is UDP and destination port is 53 and state of connection is NEW ) and ( If protocol is TCP and destination port is 53 and state of connection is NEW ) so that the world can find your nameserver and receive the information from it about your zones.

NOTE: You will need to also open up ports: ( If protocol is UDP and destination port is 53 and state of connection is NEW ) and ( If protocol is TCP and destination port is 53 and state of connection is NEW ) on your primary server or "DNS1" server, this is because these are the ports used for nameservers and you need both servers to allow data through there.

STEP FOUR Lets BIND. Ok to connect them is pretty easy now that our firewall is opened up on our secondary server dns2.bigjoestires.com, Lets go log into our primary server at dns.bigjoestires.com and connect them. Once in the primary server again, travel to ( Webmin > Webmin > Webmin Servers Index ) and click "Register a new server" Pay close attention to this part. Since your nameservers are not functioning yet (since we have not created the virtual server and pointed the IPs yet in Virtualmin) you will have to use the IP address here. Simply put in the IP address for your secondary server in "Hostname or IP address" Port: 10000 select the OS of your secondary server, SSL SERVER? Probably YES, because this is setup with install (usually) of Virtualmin and login to your server will be from a self signed Cert and that counts here. Description: Leave as is, Link type, "Login Via Webmin with username and password". Make fast RPS calls? YES.

  • "Hostname or IP address": ( USE IP ADDRESS TO SECONDARY SERVER )
  • Port: 10000
  • OS: (whatever your distro is on server #2)
  • SSL SERVER? (Most likely yes since this is setup with install of Virtualmin may be no in some cases)
  • Description: Leave as is,
  • Link type, "Login Via Webmin with username and password"
  • Make fast RPS calls? YES

Once this is setup, Navigate to ( Webmin > Servers > Bind DNS Server ) and click on "Cluster Slave Servers", Here you will see the IP address to your secondary server. ie. IP to DNS2. Select it ( should be only option ) and set the following.

  • View on slaves to add zones to: "at top level"
  • Create secondary on slave when creating locally? YES
  • Create all existing master zones on slave? If you have already created "Virtual Server" then YES, If not, doesn't really matter
  • Name for NS record VERY IMPORTANT Since you used an IP address on the "Server index" setup, you will need to manually type in the NAMESERVER name for dsn2, so for our example, we would type in dns2.bigjoestires.com here, Will not create if you do not type second nameservers name here

IF YOU GET THE ERROR "Webmin is not using version 1.2 or later" here, then your ports are likely closed, please refer to STEP THREE.

STEP FIVE *Now, If all of that is functioning and it allowed you to connect. Awesome, almost done. Now we will want to travel to ( Virtualmin > Create Virtual Server ) and create a Virtual Server for your primary domain, for our example, we will create a Virtual Server for bigjoestires.com, what enabled features you want for this primary domain is entirely up to you, but you MUST have "setup DNS zone" checked. After you have created the new "Virtual Server" for bigjoestires.com, travel to ( Virtualmin > Server Configuration > DNS RECORDS ) and create two A-records, ( A - IPv4 Address ) One A record for dns.bigjoestires.com and another A record for dns2.bigjoestires.com. It is very important that these "A records" IP addresses match the location of each server and the respective nameserver addresses. So dns.bigjoestires.com should be the exact same IP address as server number one ( that you should currently be on ) and that should match what you set up as a nameserver with your registrar (for our example "godaddy" ). To further elaborate, on "godaddy" dns.bigjoestires.com nameserver is set to IP 12.34.56.78 so the ( A - IPv4 Address ) in virtualmin on the DNS settings for ( bigjoestires.com) "Virtual Server" should be for dns.bigjoestires.com at ( IPv4 address ) 12.34.56.78 and you should currently be logged into server dns.bigjoestires.com at IP address 12.34.56.78:10000. Now for your second A record or ( A - IPv4 Address ) creation you will want to obviously input the IP address for dns2.bigjoestires.com server ( whatever that may be ) when creating that ( A - IPv4 Address ) and make sure that its record name is respectivly named to match your secondary server.

By the time that you have gotten all of this done, you should now be propagating and if you're lucky will be able to start taking websites live immediately.

Hopefully this helps some people, I was lost within the menus of Virtualmin trying to work all of this out, Also being new to this is was hard for me to put the data all together from very technical data.

If I have missed anything , please let me know, If something is confusing, also let me know and I will add more details based on the responses to make it as straightforward (and correct) as possible.

Best regards, Kyle

Tue, 01/15/2019 - 10:29
manojnaikade

Is there a video/picture tutorial available of this by any chance?

Tue, 01/15/2019 - 11:32
litonfiredesign
litonfiredesign's picture

Sorry, no there is not that I am aware of. Its been a long time since I worked with virtualmin also, so I probably wouldnt be much help either. I found that in the long run, I was better off using others services for nameservers then managing my own, but was good to learn as a developer and ultimately why I did this. Good luck!

Tue, 01/15/2019 - 13:39 (Reply to #3)
manojnaikade

thank you :-) I am not a developer I am just trying to host my own webserver and nextcloud server from my old laptop using ubuntu server and Virtualmin. I succeeded in doing but since my router does support hairpinning, I can not access the webserver using domain name on my home network(LAN). So I thought to use split DNS, but it looks quite complicated process for a non-developer :D

Tue, 01/15/2019 - 20:52 (Reply to #4)
adamjedgar

Why would you need to hairpin at home? Could you just configure a network tunnel for that application? Outside users would still access via https as per normal

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

https://ajecreative.com.au

Wed, 01/16/2019 - 06:30
manojnaikade

I don't know how to do it. The google search to configure network tunnel didn't give a lead on how to do it in Virtualmin.

Thu, 01/17/2019 - 21:12
palomnik

Thank you for this guide. I followed it, and everything appeared to go well, but the second/slave server does not resolve by host name. I’m not sure why it doesn’t resolve

Thu, 01/17/2019 - 21:19
litonfiredesign
litonfiredesign's picture

I am glad that you guys are finding some use and interest in the post. I wish I could be of more help, but at this time I am not actively using virtualmin to host any nameservers. If I do again in the future, I will try to answer the questions here, others may also chime in with the answer to your question first.

Regards, Kyle

Fri, 04/12/2019 - 08:22
netizen

This is VERY good writeup. One question: How can we configure the system in a way that each new domain's zone is created in its own file instead of using one-flat file for ALL zones? Any clues?

Topic locked