I have always had my dns setup like mentioned in the virtialmin FAQ:
Can I run DNS on another machine?
While BIND must run on the Virtualmin server, it does not have to be publically accessible and you can use the Webmin:Servers:BIND DNS Server:Cluster Slave Servers feature to sync up any number of slave servers to your master Virtualmin server automatically. You can then firewall your Virtualmin servers name server port from all clients except the slaves, and your Virtualmin name server will be lightweight (because it doesn't work very hard) and extremely secure (because no one can talk to it except your slave name servers).
However I recently discovered an issue with that. I was only putting my slave servers on domains and just letting the virtualmin box be the master server that all domains sync up with. The problem is that virtualmin adds the master zone to the DNS so dns reports show an error. I really don't want dns requests to be made to the virtualmin box, only the slave boxes. How do I configure virtualmin so that the SOA is properly set, and the only ns records showing in the dns zones are my slave zones?
Comments
Submitted by andreychek on Mon, 11/09/2009 - 11:18 Comment #1
There's two things you may want to look at -- both are in System Settings -> Server Templates -> Default -> BIND DNS Domain.
First, take a look at the "Master DNS server hostname" option. It defaults to your Virtalmin server's hostname, but you can set it to anything you like.
Second, if you don't have the proper NS records setup, you may also want to take a peek at "Additional manually configured nameservers", where you can add additional servers there when you want additional NS records setup.
Submitted by izoox on Mon, 11/09/2009 - 11:28 Comment #2
I have my slave servers setup using the "Cluster Slave Servers" so they are automatically added. If I set the Master DNS server hostname to one of my slaves, it puts two entries for that server in the zone.
However, I thought the SOA was the name of the server that created the zone, or that master zone. Does it have to be accessible? What I really want is for the slave servers to be the only NS records listed. Am I off base?
Submitted by JamieCameron on Mon, 11/09/2009 - 12:42 Comment #3
By default, Virtualmin always adds an NS record for the master server. However, you can completely customize the DNS template to have only the records you want at System Settings -> Server Templates -> Default -> BIND DNS Domain -> BIND DNS records for new domains , making sure to select "Only use records above".
Submitted by izoox on Mon, 11/09/2009 - 22:48 Comment #4
Where can I find the default template for example's sake?
Submitted by JamieCameron on Mon, 11/09/2009 - 23:24 Comment #5
It would be like :
$ttl 3700@ IN SOA ns.yourdomain.com. root.yourdomain.com (
1257830551
10800
3600
604800
38400 )
@ IN NS ns.yourdomain.com.
@ IN A $IP
www IN A $IP
ftp IN A $IP
m IN A $IP
localhost IN A 127.0.0.1
webmail IN A $IP
admin IN A $IP
mail IN A $IP
@ IN MX 5 mail.$DOM.
@ IN TXT "v=spf1 a mx a:$DOM ip4:$IP ?all"
Submitted by izoox on Tue, 11/10/2009 - 15:29 Comment #6
Great. Thanks, I think I have it all figured out now. You guys are a huge help!
Any idea when 3.75 is releasing :) I am waiting expectantly...
Submitted by JamieCameron on Tue, 11/10/2009 - 15:38 Comment #7
I'd say a week at most ..
Jamie, this is bug-like, if the Virtualmin server is still being used in the NS records when both the "Master..." and "Additional..." name servers are filled in. It shouldn't be listed at all if the user has gone to the trouble to specify what the master and additionals should be.
Updating the Server Template is asking way too much of the user (and I've been documenting it without that step for ages assuming it just worked that way). Server Templates are awesome, but a user that just wants a central set of DNS servers should never have to see them.
Submitted by JamieCameron on Wed, 11/11/2009 - 02:31 Comment #9
Yeah, it is kind of bogus that you have to create a whole template for this ... I'll add an option to not add an NS record for the Virtualmin system.
Submitted by izoox on Fri, 11/20/2009 - 12:23 Comment #10