Problem using DNS Slave Auto-Configuration

I'm using Virtualmin GPL a few months for testing purposes and I tried various combinations just to get used the features and get familiar with the interface. Now I want to use it in production.

First, let me explain the infrastructure that I have:

I have a separate machine with firewall software with public IP addresses from ISP. There is a NAT with port forwarding to two servers in DMZ zone with private IP addresses. One server is ns1 (Virtualmin) as hosting and primary BIND server, and the other one is ns2 (Secondary BIND server with Webmin).

Public IP addresses (ISP): ns1: x.y.z.55 ns2: x.y.z.56

Private IP addresses: ns1: 192.168.x.1 ns2: 192.168.x.2

I'm having a small problem with creating a new Virtual Server.

I followed the "DNS Slave Auto-Configuration Quickstart" guide. "Default master server IP for remote slave zones" is configured with public IP address for ns1.

I also used the "Operating Virtualmin Behind a Firewall" section from "Virtualmin Administrator's Guide". "Default IP address for DNS records" is configured with public IP address for ns1.

When I try to create a new Virtual Server I get an error:

Ok, I followed the explanation and I configured the "Default slave zone masters" option in Plugin section in Default Template with the Public IP address for ns1.

I tried again to create a new Virtual Server and now there is a different error:

I know how to configure a slave dns server manually and not to use the "DNS Slave Auto-Configuration", but using it is much faster.

Could someone explain me, what I'm doing wrong :)

Thanks