Webmin Server using a WHM DNS Server

  • wrightsonm
  • 08/09/11
  • Offline
Posted: Tue, 2011-08-09 18:04

Hello!

I have recently purchased a VPS and am trying out Webmin/Virtualmin as a hosting platform. So far I am quite pleased with what I see. I looked at ispCP but got fed up. I currently have four nameservers setup using a redundant dns service provided by my vps provider. These nameservers are ns1.domain.com, ns2.domain.com, ns3.domain.com, ns4.domain.com (my domain). My vps is at host.domain.com

The nameservers are managed using the DNS Zone Editor options in WHM. What i'm looking to do is link the Webmin / Virtualmin DNS configuration with my nameservers. Therefore my VPS is not running BIND atall.

Please could you advise how this may be achieved? If I need to write some interface code, that wouldn't be a problem, I just need that initial direction! Or is it just not feasible?

Many Thanks in advance


Howdy, So, I had to ask

  • andreychek
  • 01/04/09
  • Online Now
  • Tue, 2011-08-09 19:49

Howdy,

So, I had to ask Jamie to be sure... but it's unfortunately not possible to use Virtualmin's DNS features without running BIND on the Virtualmin server.

It's possible to use a number of remote DNS servers in addition to that, but you'd need to have BIND running on the Virtualmin server.

With that in mind, there's instructions here on setting up a remote slave server:

http://www.virtualmin.com/documentation/dns/slave-configuration


Can you maybe configure the

  • Locutus
  • 10/10/10
  • Offline
  • Wed, 2011-08-10 03:08

Can you maybe configure the WHM nameserver to be a slave for a master running elsewhere? Then you could have it pull your zones from your local machine and let that act as a hidden master.

Like Eric said, Virtualmin expects a local BIND as master, for which it creates and manages zone files. It can sync that with remote BINDs running under Webmin, but it can't directly manage a remote master.

It should not hurt though to operate a BIND on your VPS. What would be your motivation for not doing that and using an external name service instead?


It should not hurt though to

  • andreychek
  • 01/04/09
  • Online Now
  • Wed, 2011-08-10 09:16

It should not hurt though to operate a BIND on your VPS. What would be your motivation for not doing that and using an external name service instead?

I suspect he's interested in keeping memory consumption down, as VPS's can be memory constrained.

It's pretty straight forward to offload SpamAssassin and ClamAV to another server, which can free up 300-400MB of RAM. BIND can grow pretty large too though, it's roughly 350MB on the server I'm looking at.

So, perhaps at some point, there will be a way to move BIND in the same fashion as some of the other services :-)

-Eric


My main motivation for

  • wrightsonm
  • 08/09/11
  • Offline
  • Wed, 2011-08-10 13:51

My main motivation for keeping the dns separate is that it currently provides free redundancy with 4 nameservers and if my vps dies it doesn't take out everything else that may be running. thus the separately hosted "service status" page would still work if the vps goes down.

With any luck i'll have a second vps in a years time so having the dns separate ensures that the services running on both vps's continue to function without affecting each other should one (or even both) go down.

The alternative of course is to have multiple sets of nameservers i.e.

ns[1-4].domain.com at the root. These nameservers have an A record pointing to host.domain.com

host.domain.com has 2 ip's with bind running lets call them ns[1-2].host.domain.com So if I have any hosted websites on host.domain.com the hosted site will point to ns[1-2].host.domain.com.

I'm currently in contact with the dns provider to find out if I can get my vps to have a delegated zone for *.host.domain.com so that any sub domains i create on that particular vps through the bind service will work happily. No word back about that yet though.

I realise that using 2 ip's on the same vps for primary and secondary nameservers isn't the best idea, but what alternative is there without renting another vps?

The hidden master dns server is an interesting idea, but would that not make the dns system quite reliant on that vps being rock steady and never out of action? How long will slave nameservers run without a master before things start to go wrong? I'm guessing it is a function of the refresh parameter in the zone file?

The Cpanel service ive used before, the ISP had lots of pairs of nameservers that were totally unrelated to each other. i.e. ns1.* and ns1sec.* were a pair followed by ns2.* and ns2sec.* However some companies I see that they have one set of nameservers for every server they own. How is this achievable? Does it all rely on having lots of servers all running exactly the same software so they can talk in their own proprietary format?

It would be great to hear your thoughts.
Many Thanks


The hidden master dns server

  • Locutus
  • 10/10/10
  • Offline
  • Wed, 2011-08-10 16:25

The hidden master dns server is an interesting idea, but would that not make the dns system quite reliant on that vps being rock steady and never out of action?

Nope, that's what the "visible slave" servers, serving the zone for the hidden master, are for. :)

How long will slave nameservers run without a master before things start to go wrong? I'm guessing it is a function of the refresh parameter in the zone file?

Correct... it's the "expiry time" parameter in the SOA record to be exact, which is usually set to one week.

That means even if your master goes down, the slaves will continue to serve the zones. Only after a week of no contact with the master will they declare the zones "dead".

The only thing that does not work during downtime is updates to the zone.

Does it all rely on having lots of servers all running exactly the same software so they can talk in their own proprietary format?

Not really. Master/slave synchronization, in DNS terms called "zone transfers", is a standard DNS procedure and supported interchangeably by every nameserver software.


Hmm, I replied to this post,

  • wrightsonm
  • 08/09/11
  • Offline
  • Fri, 2011-08-12 10:04

Hmm, I replied to this post, but it appears it never actually posted, so i'll try again.

In the case of the hidden master dns server, how would that work if you have multiple hosting servers?

lets assume i have vps1 and vps2 .domain.com

If vps1 is running BIND in a hidden master configuration and replicating all records to ns[1-4].domain.com how could vps2 interact?


Second question is how can I create a delegated zone? My vps is called host.domain.com I would like that server to be in control of it's own subdomains using BIND. This is the same principle of .com delegating to .domain.com etc which is done by the registrar.


Thank you for all of your help so far.

Kind Regards Mark


Being a "slave server" is not

  • Locutus
  • 10/10/10
  • Offline
  • Fri, 2011-08-12 14:23

Being a "slave server" is not an "all or nothing" setting. A server can be a slave for some zones, and master for others. Also, slave servers can pull each zone from a different master, if required even from multiple masters.

Zone delegation is done by simply creating an NS (nameserver) record in the parent zone. I.e. you'd configure the "domain.com" zone, adding an entry "mysubdomains.domain.com. NS host.domain.com.". You can then operate the "mysubdomains.domain.com" zone on your server and have hosts there like "www.domain1.mysubdomains.domain.com".

Note that NS records must point to hostnames, not IP addresses. Also note the trailing "." after hostnames. If you omit them, BIND will automatically add the "origin" (set initially to the domain defined in the zone, and later through the $ORIGIN directive) to any name you define.