Automatic DNS Slave Configuration - Configuration of automatic DNS slave creation and management.
DNS FAQ - Frequently asked questions about DNS.
Domain Name Server Troubleshooting - Troubleshooting common problems with domain name service.
Domain Registration With Virtualmin - Use of the Virtualmin Registrar plugin, which allows users and administrators to register domains from within Virtualmin using one of several DNS registrars.
A quick guide to assist administrators who want to use Virtualmin's automatic DNS slave configuration features. This allows for DNS server redundancy.
Virtualmin can automatically manage any number of DNS slave servers for you. Once configured, it will create slave zones on other servers and configure them to automatically update when changes are made on your Virtualmin server. For this to work, you need Virtualmin on your primary server and Webmin (a free download) on your slave server(s). Henceforth, all references will refer to the primary server as the "Virtualmin server" and the DNS slave server as the "slave server".
If you don't have Virtualmin installed on your slave server(s), you'll need to install Webmin. Webmin is available for nearly every UNIX and Linux variant available, and is free to download and use.
You can download Webmin from webmin.com. It is available in .rpm, .deb, Solaris .pkg, .zip, and .tar.gz formats. Be sure to choose the appropriate package type for your slave server. Some Linux versions provide a package of Webmin via their package management system.
Install Webmin according to the instructions for your OS, found on the Downloading and Installing page at Webmin.com.
Login and confirm that the Webmin installation is working correctly and a firewall is not blocking access.
A supported version of BIND is also required on your slave server. Installation of BIND is beyond the scope of this document, as it is different on every operating system. But, on most systems it is very easy, and requires only one or two commands.
For example, installing BIND on CentOS, RHEL, and Fedora systems can be done with the following command:
yum install bind bind-config
The bind-config package is optional, but saves a few steps of configuration that you'd need to do, otherwise.
On some systems, BIND will not have the necessary minimal configuration to start up immediately after installation. Webmin can usually perform the necessary initial steps for you, and it can usually detect if such steps are needed before starting and using BIND.
Browse to Servers:BIND DNS Server.
If BIND needs configuration, Webmin will offer to perform the configuration for you. It is probably most wise to choose the option that includes downloading the latest root zone file, rather than using the included root zone file (though either will work for our purposes, if you rely on the DNS server for regular DNS services there is a small possibility you'll run into stale data with the included zone file).
After Webmin has performed the initial configuration, you'll likely see a button labeled Start Name Server. Click it.
Don't forget to also enable starting BIND on boot, using the Bootup and Shutdown module. It's beyond the scope of this guide, but the Webmin documentation covers it in some detail in http://doxfer.com/Webmin/BootupAndShutdown|Bootup and Shutdown
Once you have the necessary software installed and running on the slave, login to Webmin on your Virtualmin system, and browse open the Webmin menu by clicking on the Webmin link in the upper right corner of the left-hand menu.
Before doing this, make sure that the slave system does not have a firewall blocking ports 10001-10010, as they are used by Webmin's RPC calls. The best way to check this and open them up is with the Linux Firewall module, on the slave system. Or you can use the BSD Firewall or IPFW Firewall modules for non-Linux systems.
Click on the Webmin Servers Index link in the Webmin dropdown menu.
Click Register a new server.
Enter the hostname of your slave server.
Select the type of OS running on the slave.
If you installed the Perl Net SSLeay module and Webmin is using SSL on the slave server, set the SSL server? option to Yes. Otherwise leave it on No.
Select a Link type of Login via Webmin with username ... password ..., and enter the authentication details for an admin level user (usually root).
Change Make fast RPC calls? to Yes.
Click Save.
There should now be an icon representing the server you created in the Webmin Servers page.
Now that you've added the server, you can configure the local name server to automatically manage slave zones on the remote server.
Browse to Servers:BIND DNS Server and click on the Cluster Slave Servers icon.
In the Add server dropdown, select your slave server (if it's the only server you've added, you won't have to select it, as it will already be selected).
Set the Create secondary on slave when creating locally? option to Yes.
If you have already created any domains on your Virtualmin server, set the Create all existing master zones on slave? option to Yes.
If you want to use some name other than the name of the slave server for the NS record (for example, if you wanted it to be ns1.domain.tld, keeping with the convention of naming name servers nsN.domain.tld), you can enter it in the Name for NS record field. Note that you'll actually have to create an A record matching that name pointing to the slave server, if you haven't already created one.
Click Add server.
By default, Virtualmin will use the IP address that the master server's hostname resolves to as the IP that the slaves should contact to transfer records. However, on some systems this IP is 127.0.0.1, which will not work.
To make sure the correct IP is used, do the following on the master system :
Now Virtualmin will automatically include your slave server in the NS records for each new domain.
NOTE: If, for some reason, you don't like the default name of the first NS record (taken from the hostname of your server), you can change it in the Server Template(s) that you use, in the BIND DNS domain section. The field is labeled Master DNS server hostname. Just like with the slave servers, this name must be valid and point to the correct IP address, otherwise name service will not work, or will be unreliable.
Domain Registration With Virtualmin
Virtualmin now includes a plugin that can be used to automate the process of registering DNS domains. This means that you can full create a new virtual server with a website and domain, and have it visible on the Internet pretty much immediately - there is no need to manually register the domain separately.
The latest version of the plugin supports the Register.com, Gandi and Distribute.IT APIs, but others will follow in future releases. You can use either your existing account with those registrars, or create a new Register.com account using the Virtualmin web interface.
Installing the Domain Registration Plugin
If you are using a standard install of Virtualmin Pro on a Redhat, CentOS or Fedora system, the plugin can be installed with the command :
yum install wbm-virtualmin-registrar
On a Debian or Ubuntu system, the command is :
apt-get install webmin-virtualmin-registrar
You must be running at least version 3.47 Virtualmin to install it. At the time of writing, this plugin is not included in the standard Virtualmin install, but this will soon change.
Once it is installed, login to Virtualmin as the master administrator. Open the System Settings section on the left menu, and click on Features And Plugins. In the list of features and plugins, check the box next to DNS Domain Registration and click Save at the bottom of the page.
If you want new Virtualmin domains to be registered in DNS by default, check the box in the Default column - if not, leave it un-checked. Since registration costs money, it is probably best to leave this off by default.
Now that it is installed and active, refresh the page and then open the Addresses and Networking category on the left menu, then click on DNS Domain Registrars. This will bring you to a list of known registrar accounts - which will be initially empty.
If you already have an API account with Register.com or any other supported registrar, select the registrar from the Add an existing account menu and click Start Adding. This will bring you to a page for entering details of your account - the most important are the login ID and password.
If you don't yet have a registrar account, one can be created at :
Registrar New Account URL
Register.com <a href="https://secure.rconnection.com/sign-up.asp?resell=VIRTUALMIN-TPP" class="urlextern" title="https://secure.rconnection.com/sign-up.asp?resell=VIRTUALMIN-TPP" rel="nofollow">https://secure.rconnection.com/sign-up.asp?resell=VIRTUALMIN-TPP</a>
Gandi <a href="http://www.gandi.net/reseller/" class="urlextern" title="http://www.gandi.net/reseller/" rel="nofollow">http://www.gandi.net/reseller/</a>
Distribute.IT <a href="http://www.distributeit.com.au/rs_signup.html" class="urlextern" title="http://www.distributeit.com.au/rs_signup.html" rel="nofollow">http://www.distributeit.com.au/rs_signup.html</a>
Enter a description for this account (such as Foo Corp's registrar account) and your login and password with the registrar, then click Create. If you only want this account to be used for certain TLDs, enter them in the Additionally limit to top-level domains field.
When the form is submitted, Virtualmin will validate the login details, and display an error message if they are incorrect. If all is OK, you will be returned to the list of accounts, which will now show the one you just added. To edit its details, click on the description, and the same form used for adding will be displayed so that you can change the settings.
Some registrars allow you to create a new account online using this Virtualmin, which you can then use to register domains. To do this, select the registrar from the Create a new account menu, and click Start Creating. The details that you have to enter differ between registrars, but for the purposes of this documentation we will concentrate on Register.com as it is the first registrar supported by the plugin.
The Account description should be set to a short text of your choice to described the account, while the New account login and password must be set to a username and password that will identify the account. If you select a login that is already in use by someone else, Virtualmin will tell you when you try to create the account.
The first part of the form (starting with the Organization name field) is for entering your personal details. The second section (starting with Address) is for your location and contact information. The last section (starting with Credit card type) is for billing details. The costs of domain registration will be charged to the card entered - see the registrar's website for details on how much they charge for different top-level domains.
When you click Create, the new account details will be sent to the registrar. If all the fields have been filled in correctly and the credit card details are valid, Virtualmin will display the ID for the new account. If not, the error message from the registrar will be shown. Depending on the registrar, you may or may not be able to use the account right away - in the case of Register.com, they must first add your IP address to a whitelist of those allowed to access the account, which may take several hours.
When you have create one or more registrar accounts, they will be listed on the DNS Domain Registrars page. Each account can be either enabled or disabled - only those that are marked as enabled will be used by Virtualmin when registering domains. To change the enabled status, check the box next to an account and click either the Enable Selected or Disable Selected button.
If you want to edit an account's details, click on its description in the list to bring up a form for changing the login, password, description and allowed top-level domains. Be careful changing the login details, as switching to another account with the registrar may make it impossible to renew or de-register your existing domains.
To remove an account you are no longer planning to use, check the box next to it and hit the Remove Selected button. This will NOT cancel the account with the registrar - just take it out of Virtualmin's list of usable accounts. You cannot do this if any virtual servers exist that were registered with the account, as it would make their future management impossible.
When a domain is registered, at least one and often two nameservers must be supplied to the registrar. Virtualmin determines these by looking at the NS records in the DNS zone file, which are in turn set by default from the hostnames of your primary and any secondary nameservers. Alternately, when adding or editing a registrar account, you can enter the specific nameservers that should be used.
Either way, these nameservers must first be registered with the registrar that you created THEIR top-level domain with. So if your company is called myhosting.com and your nameservers are webhost.myhosting.com and ns2.myhosting.com, you must first use your original registrar's website to add those two hostnames (and their IP addresses) as registrars. If not, new domain registration using Virtualmin will fail.
For many top-level domains, you must have at least two separate nameservers - for example, .de is one that enforces this. Fortunately this is relatively easy to set up, and documented on the DNS Slave Auto-Configuration Quickstart page.
Once you have at least one enabled account, you will be able to use Virtualmin to register domains when they are created, or add registration for existing domains. To do this, just select the Register DNS domain? feature on the Create Virtual Server or Edit Virtual Server forms.
If the domain is available according to your registrar, it will be registered under your account and the nameservers set to your Virtualmin system. If it isn't available, creation of the entire virtual server will be blocked. As the creation process progresses, you will see a message starting with Registering DNS domain, followed by a line showing the success or failure of the registration.
Naturally, you must also select the DNS domain enabled? feature when creating the server, or else there will not be an actual nameserver configuration entry to serve the domain. If creating using the command-line create-domain.pl script, the --virtualmin-registrar flag enables registration.
De-registering a domain is as simple as un-checking the Register DNS domain? box on the Edit Virtual Server page. Or you can just delete the server using Virtualmin. Either way, the registrar used to create the domain will be told to remove the registration, which will make it no longer visible from the rest of the Internet unless you re-register it with a different registrar.
Once a virtual server's domain has been registered using Virtualmin, several options will show up under the Domain Registration category in the left-side menu. Some are only available to the master administrator though.
Every registered domain has several contact persons associated with it - the billing contact, administrative contact and technical contact. When the domain is first registered, the contact details will be either set from the parent server's contacts (if any), or from the contact information you provided when creating the registrar account. For domains that are owned by your customers, you may want to change these though.
Depending on the registrar, some or all of the contacts can be edited using the Edit Domain Contacts link under Domain Registration on the left menu. This will bring up a form with several collapsible sections, one for each contact. Edit the details as you see fit, and click the Save button at the bottom of the page. If anything goes wrong updating the registrar, an error message will be displayed.
Because all contacts are the same in most cases, you can use the Same as the first contact? option in contacts after the first to have their details duplicated from the first one. This will be set to Yes automatically (and the section collapsed) if the details are currently the same.
Domains are registered only for a limited period, typically measured in years. When a domain approaches its expiry date, your registrar will typically contact you via email to the administrative or billing contact's address, asking you to renew. This can be done entirely from within Virtualmin, using the Renew Domain link under Domain Registration on the left menu.
Clicking on this link brings up a simple form showing the current expiry date, with a field for entering an additional number of years to renew for. When the Renew Domain Now button is clicked, your registrar will be notified of the request, and your account charged the appropriate renewal fee.
Associating an Existing Domain
If you have already registered a domain manually with a registrar and added the same account for use by Virtualmin, you can inform Virtualmin about the domain using the Associate Domain link on the left menu, under Domain Registration. This will allow you to edit the domain's contacts, renew it, and remove the registration when the virtual server is deleted.
When that link is clicked on, all you should need to do is select the account used to create it originally from the Registered under account menu. If the registrar gave you an ID number or code when the domain was created, enter it into the ID with registrar field - although this is not usually needed. If you want the domain's nameservers modified to match your Virtualmin system, change Update nameservers to Yes. Finally, hit Associate Domain and the success or failure of the association will be displayed.
If you no longer want Virtualmin to manage a domain registration but do not want to actually re-register it, open the Domain Registration category on the left menu and click on Dis-Associate Domain. The click the button on the confirmation form that appears.
If you change your mind, the Associate Domain feature can be used to bring the domain back under Virtualmin's control.
It's pretty safe to say that a majority of problems in any virtual hosting system will be DNS related, because DNS requires cooperation of numerous systems, rather than just one, and DNS problems can cause trouble with nearly every service on a hosting system.
For DNS to work, it must have correct glue records at your registrar, as well as correct records on your Virtualmin system (or whatever system you choose to use for DNS, if not the Virtualmin server). Also, any slaves must also have correct records, or you will experience intermittent resolution failures.
Checking your glue records can be done using the whois command.
whois example.com
Look for the "domain servers" or "name servers" section of the output. The resulting names must resolve to your DNS servers.
Glue records must be configured at your name service registrar. Virtualmin and Webmin have no control over records at your registrar, so problems must be corrected using whatever interface your registrar provides.
The NS records on your Virtualmin server should match those found in the glue records discussed previously, or intermittent problems may result.
You can find the NS records for a given zone using the host command on your server:
host -t NS example.com
Address records, or A records, are the basic building block of DNS zones. They map names to IP addresses.
To check an A record, use the host command:
host example.com
You can also specify the name server used to resolve queries by adding the name or IP of the server you wish to query to the end of the command:
host example.com ns1.example.com
Or, if you aren't sure about the nameserver IP address resolving correctly, you can use an IP:
host example.com 192.168.1.1
Mail exchanger records, or MX records, provide mail servers the information they need to know how to deliver mail for a particular domain.
You can check an MX record with the host command:
host -t MX example.com
The Webmin documentation provides additional information on the topic of troubleshooting name service, as well as the BIND DNS Server module documentation.