Most certainly a bug. See attached video file.
To reproduce:
1. Go to Virtualmin>System Settings>Server Templates>Default Settings>BIND DNS domain>BIND DNS records for new domains
Enter the following 2 lines (must be 2 separate lines):
${DOM}. IN CAA 0 issue "letsencrypt.org"
${DOM}. IN CAA 0 issuewild ";"
Click the Save button.
Go to Virtualmin > Email Settings > DomainKeys Identified Mail
Change Signing of outgoing mail enabled? to Yes
Selector for DKIM record name field enter: 2019.
Make sure the domain 'mydomain.com' is included
Click the Save button.Run the following:
virtualmin create-domain --domain "mydomain.com" --pass "123abc123" --desc "The server for" --unix --dir --dns --mail --web --webalizer --ssl --logrotate --mysql --spam --virus --webmin --virtualmin-awstats --virtualmin-dav --limits-from-plan --mysql-pass "123abc123" --skip-warnings
When the command is finished, check /var/lib/bind/mydomain.com.hosts
You will see this line in /var/lib/bind/mydomain.com.hosts:
mydomain.com. IN CAA 0 issue "letsencrypt.org"mydomain.com. IN CAA 0 issuewild ";"
This line will cause errors in BIND when it is restarted and the DNS zone for mydomain.com will not be loaded.
The reason is because the 2 CAA lines should be on separate lines in the hosts file.
NOTE:
I have accessed this file while the command create-domain was running and noticed that as soon as the file is created, the lines in question were actually on 2 separate lines like this:
$ttl 38400
@ IN SOA ns1.maindom.com. root.ns1.maindom.com. (
1562258223
10800
3600
604800
38400 )
@ IN NS ns1.maindom.com.
@ IN NS ns2.maindom.com.
mydomain.com. IN A 184.309.48.129
www.mydomain.com. IN A 184.309.48.129
ftp.mydomain.com. IN A 184.309.48.129
m.mydomain.com. IN A 184.309.48.129
localhost.mydomain.com. IN A 127.0.0.1
webmail.mydomain.com. IN A 184.309.48.129
admin.mydomain.com. IN A 184.309.48.129
mail.mydomain.com. IN A 184.309.48.129
mydomain.com. IN MX 5 mail.mydomain.com.
mydomain.com. IN TXT "v=spf1 a mx a:mydomain.com ip4:184.309.48.129 ip4:184.309.48.129 ip6:fe80::428:24ff:fe27:dcb5 ?all"
mydomain.com. IN CAA 0 issue "letsencrypt.org"
mydomain.com. IN CAA 0 issuewild ";"
By the time the command progressed to the DKIM section, the file was broken. So the problem happens near DKIM processing:
$ttl 38400
@ IN SOA ns1.maindom.com. root.ns1.maindom.com. (
1562258224
10800
3600
604800
38400 )
@ IN NS ns1.maindom.com.
@ IN NS ns2.maindom.com.
mydomain.com. IN A 184.309.48.129
www.mydomain.com. IN A 184.309.48.129
ftp.mydomain.com. IN A 184.309.48.129
m.mydomain.com. IN A 184.309.48.129
localhost.mydomain.com. IN A 127.0.0.1
webmail.mydomain.com. IN A 184.309.48.129
admin.mydomain.com. IN A 184.309.48.129
mail.mydomain.com. IN A 184.309.48.129
mydomain.com. IN MX 5 mail.mydomain.com.
mydomain.com. IN TXT "v=spf1 a mx a:mydomain.com ip4:184.309.48.129 ip4:184.309.48.129 ip6:fe80::428:24ff:fe27:dcb5 ?all"
mydomain.com. IN CAA 0 issue "letsencrypt.org"mydomain.com. IN CAA 0 issuewild ";" <<<<<<<<<<<<<<<< BUG
2019._domainkey.mydomain.com. IN TXT ( "v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUVSS6Mx6DZeZ"
"Z8nIXG2xm9qQCWP6Rj9uJOsC5mf5D8CFRWwkfNlUlSrv/1icwUJIxmVFMfsKlcwM7BJq/302tOaNwi2y"
"4PI8ZKzlvz1HOwMX2hV+RW0UPNiEBNO/BZHaiYUBuMNeTpAlTSzeb4JZCCTiNko/idr47h4H8FKf6YM1"
"vgsOe/EosBR5rb54LaDfLyurYbNePKnS58cfrH8bh8ODkKjn0u5Sf15VPDD9Bcv3wuWMGZzWbOMQQGQk"
"TIqBHgcmD9B2lo3Eg5cNtNXU421XVx/T9s0MXdda/Ag8cvSiLV6ALIkUTc1kyrGFl8KYuHttq2QY4BxX"
"PuZhw6L5QIDAQAB" )
Comments
Submitted by Rory Bremner on Thu, 07/04/2019 - 12:37 Comment #1
Submitted by Rory Bremner on Thu, 07/04/2019 - 12:39 Comment #2
Submitted by Rory Bremner on Thu, 07/04/2019 - 12:41 Comment #3
Submitted by JamieCameron on Thu, 07/04/2019 - 20:32 Comment #4
Is that ";" actually part of the CAA record? Normally BIND treats them as a line ending..
Submitted by Rory Bremner on Thu, 07/04/2019 - 21:12 Comment #5
Yes it is. It basically means 'disabled'
Submitted by JamieCameron on Fri, 07/05/2019 - 05:10 Comment #6
Ok, looks like the issue is that CAA records aren't supported properly in Virtualmin yet. This is on our TODO list and so we'll update this ticket when it's fixed.
Submitted by Rory Bremner on Fri, 07/05/2019 - 06:22 Comment #7
Bear in mind that this bug may not be restricted to CAA. Have you tried it with 2 lines which include other directives?
Thanks
Submitted by Rory Bremner on Wed, 07/10/2019 - 18:28 Comment #8
Submitted by JamieCameron on Sat, 07/13/2019 - 09:37 Comment #9
The CAA record type is the only one I've seen that includes a ; in the value
Submitted by Rory Bremner on Tue, 07/16/2019 - 09:04 Comment #10
Hi Jamie I see you are on the ball )))
Submitted by JamieCameron on Mon, 07/22/2019 - 00:56 Comment #11
Ok, I found the bug that causes this - it will be fixed in the next Virtualmin release.
Or you can apply this patch : https://github.com/virtualmin/virtualmin-gpl/commit/f220f566c5182e892437...
Submitted by Rory Bremner on Wed, 07/31/2019 - 23:39 Comment #12
Hi Jamie,
Currently I have 3 updates to Virtualmin packages are available. Use the Software Package Updates module to install them selectively.
usermin all web-based user account administration interface for Unix systems 1.771
webmin all web-based administration interface for Unix systems 1.921
webmin-virtual-server all Webmin module for 'Virtualmin Virtual Servers' 6.07.gpl
My current version is Virtualmin version 6.06-2
When you say "the next Virtualmin release" Is this patch included above in 6.07.gpl?
Thanks for clarifying.
Submitted by JamieCameron on Sun, 08/04/2019 - 15:01 Comment #13
Yes, it's in 6.07
Submitted by JamieCameron on Thu, 12/05/2019 - 02:49 Comment #14
The next releases of Webmin and Virtualmin will fully support CAA records, and automatically set one up for Let's Encrypt domains.
Submitted by JamieCameron on Thu, 12/05/2019 - 02:49 Comment #15