Submitted by orangehand on Thu, 05/03/2012 - 12:34
I need to add a secondary dns for my webmin dns, so that an external server can provide secondary dns; I have added the secondary's IP as per the screenshot, but it appears still not to work. Please advise. Many thanks
Status:
Active
Comments
Submitted by orangehand on Thu, 05/03/2012 - 12:36 Comment #1
To clarify, I want to apply this to all existing domains in web min, so that the external dns can poll the info from webmin.
Submitted by andreychek on Thu, 05/03/2012 - 13:11 Comment #2
Howdy -- are you looking to setup a slave DNS server -- with an existing server acting as the primary, and this other Webmin server as the secondary?
If that's what you're looking to do, there are instructions for setting that up here:
https://www.virtualmin.com/documentation/dns/slave-configuration
Submitted by orangehand on Tue, 05/15/2012 - 02:09 Comment #3
I have set up the secondary web min on a fps, but it doesn't seem to be working - how do I check what is going on?
Also can someone remind me of the cli tool to test dns on a particular name server for domain xyz.com Thanks
Submitted by orangehand on Tue, 05/15/2012 - 02:10 Comment #4
I meant on a VPS not FPS, sorry - typo!
Submitted by andreychek on Tue, 05/15/2012 - 10:48 Comment #5
Having Webmin hosted on an FPS would be interesting, maybe we should talk to Jamie about that :-)
For performing DNS tests, I use "dig". You can use it like the following to test a particular DNS entry at a given nameserver:
dig a test.domain.tld @my.nameserver.tldThat would look up the 'A' record for test.domain.tld using the nameserver my.nameserver.tld.
Let us know what you discover while doing that, and we can assist in sorting all that out!
Submitted by orangehand on Tue, 05/15/2012 - 13:58 Comment #6
Hi
The main Virtualmin server is ns1.orangehandhosting.com where I have followed the instructions to set up a slave dns server on webmin at ns3.orangehandhosting.com
Bind is running on ns3, and the zone file has populated with the zones from ns1, but when I dig ns3 @ns3 I get:
<>> DiG 9.7.3-P3 <<>> a ns3.orangehandhosting.com @ns3.orangehandhosting.com ;; global options: +cmd ;; connection timed out; no servers could be reached
transcript as follows:
$ dig a ns3.orangehandhosting.com @ns1.orangehandhosting.com
; <<>> DiG 9.7.3-P3 <<>> a ns3.orangehandhosting.com @ns1.orangehandhosting.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26706 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; WARNING: recursion requested but not available
;; QUESTION SECTION: ;ns3.orangehandhosting.com. IN A
;; ANSWER SECTION: ns3.orangehandhosting.com. 38400 IN A 198.144.178.154
;; AUTHORITY SECTION: orangehandhosting.com. 38400 IN NS host3a.orangehandhosting.com. orangehandhosting.com. 38400 IN NS host3.orangehandhosting.com.
;; ADDITIONAL SECTION: host3.orangehandhosting.com. 38400 IN A 92.60.120.131 host3a.orangehandhosting.com. 38400 IN A 92.60.120.132 host3a.orangehandhosting.com. 38400 IN A 92.60.120.131
;; Query time: 20 msec ;; SERVER: 92.60.120.131#53(92.60.120.131) ;; WHEN: Tue May 15 19:17:10 2012 ;; MSG SIZE rcvd: 148
$ dig a ns3.orangehandhosting.com @198.144.178.154
; <<>> DiG 9.7.3-P3 <<>> a ns3.orangehandhosting.com @198.144.178.154 ;; global options: +cmd ;; connection timed out; no servers could be reached
Any ideas??
here is a tip
http://www.intodns.com/orangehandhosting.com
Submitted by orangehand on Wed, 05/16/2012 - 11:44 Comment #8
but the zone file at ns3 is populated from ns1, but dig to ns3 fails - it is listed as a name server and is a glue record....
Submitted by orangehand on Wed, 05/16/2012 - 11:47 Comment #9
These are the records at the first named name server: What is wrong??
Submitted by andreychek on Wed, 05/16/2012 - 11:49 Comment #10
What output do you receive if you log into NS3, and run this command:
netstat -an | grep :53That will show which interfaces BIND is listening on.
Submitted by orangehand on Wed, 05/16/2012 - 11:56 Comment #11
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 ::1:53 :::* LISTEN
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 ::1:53 :::*
Submitted by andreychek on Wed, 05/16/2012 - 12:09 Comment #12
It looks like BIND is set to only listen on the local interface on NS3.
So it'd just be a matter of tweaking the BIND config to tell it to listen on all interfaces, rather than just one.
If you'd like a hand with that, let us know what distro/version is being used on NS3.
Submitted by orangehand on Wed, 05/16/2012 - 12:18 Comment #13
Yes please - BIND 9.7.3 on Centos - I wouldn't know where to start!!!
Submitted by andreychek on Wed, 05/16/2012 - 12:32 Comment #14
Okay, can you paste in the contents of your
/etc/named.conffile? That should give us some clues as to why it's only listening on the local interfaces.Submitted by orangehand on Wed, 05/16/2012 - 12:52 Comment #15
options { directory "/etc"; pid-file "/var/run/named.pid"; forwarders { 92.60.120.131; }; };
zone "." { type hint; file "/etc/db.cache"; };
zone "finchassociates.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/finchassociates.com.hosts"; }; zone "familyaffairsblog.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/familyaffairsblog.com.hosts"; }; zone "0.in-addr.arpa" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/0.rev"; }; zone "enjoyableit.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/enjoyableit.co.uk.hosts"; }; zone "gracelandsyard.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/gracelandsyard.com.hosts"; }; zone "unlimiteddreamedia.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/unlimiteddreamedia.com.hosts"; }; zone "orangehandhosting.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/orangehandhosting.co.uk.hosts"; }; zone "nickharvey.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/nickharvey.co.uk.hosts"; }; zone "bsvhsc.org.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/bsvhsc.org.uk.hosts"; }; zone "marykaywilmers.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/marykaywilmers.net.hosts"; }; zone "parridys.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/parridys.co.uk.hosts"; }; zone "guystansfeldarchitects.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/guystansfeldarchitects.com.hosts"; }; zone "positiveconsumer.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/positiveconsumer.co.uk.hosts"; }; zone "huntingsilver.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/huntingsilver.co.uk.hosts"; }; zone "frithstreetgallery.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/frithstreetgallery.com.hosts"; }; zone "andymartinassociates.com.disabled" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/andymartinassociates.com.disabled.hosts"; }; zone "orangehand.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/orangehand.com.hosts"; }; zone "sitehistory.org" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/sitehistory.org.hosts"; }; zone "heartaches.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/heartaches.co.uk.hosts"; }; zone "255.in-addr.arpa" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/255.rev"; }; zone "3xarc.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/3xarc.com.hosts"; }; zone "10starmedia.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/10starmedia.co.uk.hosts"; }; zone "nstjh.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/nstjh.com.hosts"; }; zone "wrigglevalleythoroughbreds.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/wrigglevalleythoroughbreds.co.uk.hosts"; }; zone "sarnay.com.disabled" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/sarnay.com.disabled.hosts"; }; zone "jervois.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/jervois.com.hosts"; }; zone "10starentertainment.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/10starentertainment.com.hosts"; }; zone "willwhitedesign.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/willwhitedesign.com.hosts"; }; zone "gracelands.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/gracelands.net.hosts"; }; zone "sportingsilver.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/sportingsilver.co.uk.hosts"; }; zone "indiaknight.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/indiaknight.com.hosts"; }; zone "23arc.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/23arc.com.hosts"; }; zone "barnabywoodwork.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/barnabywoodwork.co.uk.hosts"; }; zone "carolynseymour.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/carolynseymour.co.uk.hosts"; }; zone "gracelandscafe.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/gracelandscafe.com.hosts"; }; zone "nicktucker.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/nicktucker.net.hosts"; }; zone "10star.tv" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/10star.tv.hosts"; }; zone "2dogroom.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/2dogroom.com.hosts"; }; zone "hostingforheroes.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/hostingforheroes.co.uk.hosts"; }; zone "janetmadden.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/janetmadden.co.uk.hosts"; }; zone "annietobin.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/annietobin.com.hosts"; }; zone "nickharvey.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/nickharvey.com.hosts"; }; zone "orangehandmail.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/orangehandmail.co.uk.hosts"; }; zone "maxcad.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/maxcad.co.uk.hosts"; }; zone "dinamistry.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/dinamistry.co.uk.hosts"; }; zone "landseer.it" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/landseer.it.hosts"; }; zone "malvernmedia.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/malvernmedia.co.uk.hosts"; }; zone "orangehand.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/orangehand.net.hosts"; }; zone "johngoldman.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/johngoldman.co.uk.hosts"; }; zone "davidogilvy.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/davidogilvy.co.uk.hosts"; }; zone "dorsetfudgepackers.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/dorsetfudgepackers.co.uk.hosts"; }; zone "timrice.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/timrice.co.uk.hosts"; }; zone "mellyrees.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/mellyrees.com.hosts"; }; zone "nutt.tv" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/nutt.tv.hosts"; }; zone "allett.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/allett.net.hosts"; }; zone "rodogrady.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/rodogrady.co.uk.hosts"; }; zone "jgballardestate.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/jgballardestate.com.hosts"; }; zone "claphamroad.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/claphamroad.co.uk.hosts"; }; zone "loftcafe.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/loftcafe.co.uk.hosts"; }; zone "127.in-addr.arpa" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/127.rev"; }; zone "enjoyableit.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/enjoyableit.com.hosts"; }; zone "nicktucker.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/nicktucker.com.hosts"; }; zone "troddan.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/troddan.co.uk.hosts"; }; zone "cmharvey.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/cmharvey.co.uk.hosts"; }; zone "piphornestudio.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/piphornestudio.com.hosts"; }; zone "followinghounds.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/followinghounds.co.uk.hosts"; }; zone "shootingsilver.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/shootingsilver.co.uk.hosts"; }; zone "followhounds.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/followhounds.co.uk.hosts"; }; zone "stansfeld.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/stansfeld.com.hosts"; }; zone "knatchbull.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/knatchbull.net.hosts"; }; zone "evadon.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/evadon.co.uk.hosts"; }; zone "fishingsilver.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/fishingsilver.co.uk.hosts"; }; zone "orangehandhosting.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/orangehandhosting.com.hosts"; }; zone "showchoirchallenge.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/showchoirchallenge.co.uk.hosts"; }; zone "natshire.org.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/natshire.org.uk.hosts"; }; zone "the-badger.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/the-badger.net.hosts"; }; zone "10starentertainment.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/10starentertainment.co.uk.hosts"; }; zone "beaballardmedia.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/beaballardmedia.com.hosts"; }; zone "lucygoldman.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/lucygoldman.com.hosts"; }; zone "orangehand.eu" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/orangehand.eu.hosts"; }; zone "guystansfeld.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/guystansfeld.com.hosts"; }; zone "portobello.tv" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/portobello.tv.hosts"; }; zone "beaballard.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/beaballard.com.hosts"; }; zone "jgballardestate.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/jgballardestate.co.uk.hosts"; }; zone "cavigioli.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/cavigioli.com.hosts"; }; zone "nottinghill.tv" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/nottinghill.tv.hosts"; }; zone "sirtimrice.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/sirtimrice.co.uk.hosts"; }; zone "orangehanddesign.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/orangehanddesign.co.uk.hosts"; }; zone "enjoyableit.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/enjoyableit.net.hosts"; }; zone "macgod.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/macgod.co.uk.hosts"; }; zone "petitgas.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/petitgas.net.hosts"; }; zone "xxii.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/xxii.com.hosts"; }; zone "beastallnorth.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/beastallnorth.com.hosts"; }; zone "positiveconsumer.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/positiveconsumer.com.hosts"; }; zone "planet-positive.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/planet-positive.com.hosts"; }; zone "rubyred.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/rubyred.co.uk.hosts"; }; zone "catkinson.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/catkinson.co.uk.hosts"; }; zone "hostingforheroes.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/hostingforheroes.com.hosts"; }; zone "lbcasting.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/lbcasting.co.uk.hosts"; }; zone "lewisohn.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/lewisohn.net.hosts"; }; zone "lesleybeastallcasting.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/lesleybeastallcasting.com.hosts"; }; zone "beastallnorth.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/beastallnorth.co.uk.hosts"; }; zone "lasermonkey.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/lasermonkey.com.hosts"; }; zone "bsvh.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/bsvh.co.uk.hosts"; }; zone "jgballardestate.net" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/jgballardestate.net.hosts"; }; zone "localhost" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/localhost.hosts"; }; zone "riskregister.org" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/riskregister.org.hosts"; }; zone "showerdrop.com" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/showerdrop.com.hosts"; }; zone "huntingdiary.co.uk" { type slave; masters { 92.60.120.131; }; file "/var/named/slaves/huntingdiary.co.uk.hosts"; };
Submitted by andreychek on Wed, 05/16/2012 - 23:29 Comment #16
The config you have there should be okay -- what if you just restart BIND, does that help? You can do that with this command:
/etc/init.d/named restartAfter that, what does this output:
netstat -an | grep :53Submitted by orangehand on Thu, 05/17/2012 - 00:49 Comment #17
looks the same I think??:
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 ::1:53 :::* LISTEN
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 ::1:53 :::*
Submitted by orangehand on Sat, 05/19/2012 - 05:49 Comment #18
May I have some progress on this please? We seem to have been swapping emails for rather a long time!!
Thanks
Submitted by JamieCameron on Sat, 05/19/2012 - 11:33 Comment #19
We'd be happy to login to your system to see what is going wrong here .. but we'd need remote root SSH access.
If that's possible, please email me at jcameron@virtualmin.com
Submitted by orangehand on Sat, 05/19/2012 - 12:33 Comment #20
Hi Jamie - happy to give you root access, but can I sms you the password - not at all keen of putting it in email!!
Submitted by JamieCameron on Sat, 05/19/2012 - 13:50 Comment #21
You can SMS it to me at +1 408 646 3656
Submitted by orangehand on Sat, 05/19/2012 - 14:02 Comment #22
Thanks Main Virtualmin server is host3.orangehandhosting.com and slave webmin server is ns3.orangehandhosting.com
I will text you the pass
Submitted by orangehand on Sat, 05/19/2012 - 14:03 Comment #23
text sent!
Submitted by JamieCameron on Sat, 05/19/2012 - 15:04 Comment #24
Got it - will login and take a look later today.
Submitted by JamieCameron on Sat, 05/19/2012 - 18:49 Comment #25
I think it is fixed now - I commented out the lines :
listen-on port 53 { 127.0.0.1; };listen-on-v6 port 53 { ::1; };
which make BIND only accept connections on localhost. Now it seems to be resolving just fine..
Submitted by orangehand on Sun, 05/20/2012 - 00:47 Comment #26
many thanks - is that a web min bug? I didn't do any CLI setup, just followed the instructions via the web interface...
Nick
Submitted by JamieCameron on Mon, 05/21/2012 - 00:13 Comment #27
It's more of a bug in the default BIND configuration... although a Virtualmin install should correct this.
Did this secondary system ever have Virtualmin on it?
Submitted by JamieCameron on Mon, 05/21/2012 - 00:15 Comment #28
It's more of a bug in the default BIND configuration... although a Virtualmin install should correct this.
Did this secondary system ever have Virtualmin on it?
Submitted by orangehand on Mon, 05/21/2012 - 00:39 Comment #29
No - it was a brand new server (a 6$ VPS by the way!!) with a standard install of Webmin and no other apps... Seems like it might be a bug??
Silly question - I presume I now need to add the web min server to the name server list for all the domains at their registrars??
What happens if the virtual min machine goes off line - will the web min server keep serving dns regardless? (that is what I wanted to achieve anyway, by way of redundancy)
Submitted by JamieCameron on Mon, 05/21/2012 - 13:54 Comment #30
I will look into adding some better detection of this case ... or at least documenting the slave setup better.
And yes, you should add the slave to the list of nameservers for your domains at the registrar. This way if either goes off line, the other will continue to serve DNS request (until the time-to-live for the zone expires, which is typically 1 day).
Submitted by orangehand on Mon, 05/21/2012 - 13:56 Comment #31
Thanks - if you need anything from me that would help, let me know!