BUG in /var/lib/bind/mydomain.com.hosts

Most certainly a bug. See attached video file.

To reproduce:
1. Go to Virtualmin>System Settings>Server Templates>Default Settings>BIND DNS domain>BIND DNS records for new domains
Enter the following 2 lines (must be 2 separate lines):
${DOM}. IN CAA 0 issue "letsencrypt.org"
${DOM}. IN CAA 0 issuewild ";"
Click the Save button.

  1. Go to Virtualmin > Email Settings > DomainKeys Identified Mail
    Change Signing of outgoing mail enabled? to Yes
    Selector for DKIM record name field enter: 2019.
    Make sure the domain 'mydomain.com' is included
    Click the Save button.

  2. Run the following:
    virtualmin create-domain --domain "mydomain.com" --pass "123abc123" --desc "The server for" --unix --dir --dns --mail --web --webalizer --ssl --logrotate --mysql --spam --virus --webmin --virtualmin-awstats --virtualmin-dav --limits-from-plan --mysql-pass "123abc123" --skip-warnings

When the command is finished, check /var/lib/bind/mydomain.com.hosts

You will see this line in /var/lib/bind/mydomain.com.hosts:
mydomain.com. IN CAA 0 issue "letsencrypt.org"mydomain.com. IN CAA 0 issuewild ";"
This line will cause errors in BIND when it is restarted and the DNS zone for mydomain.com will not be loaded.
The reason is because the 2 CAA lines should be on separate lines in the hosts file.

NOTE:
I have accessed this file while the command create-domain was running and noticed that as soon as the file is created, the lines in question were actually on 2 separate lines like this:
$ttl 38400
@ IN SOA ns1.maindom.com. root.ns1.maindom.com. (
1562258223
10800
3600
604800
38400 )
@ IN NS ns1.maindom.com.
@ IN NS ns2.maindom.com.
mydomain.com. IN A 184.309.48.129
www.mydomain.com. IN A 184.309.48.129
ftp.mydomain.com. IN A 184.309.48.129
m.mydomain.com. IN A 184.309.48.129
localhost.mydomain.com. IN A 127.0.0.1
webmail.mydomain.com. IN A 184.309.48.129
admin.mydomain.com. IN A 184.309.48.129
mail.mydomain.com. IN A 184.309.48.129
mydomain.com. IN MX 5 mail.mydomain.com.
mydomain.com. IN TXT "v=spf1 a mx a:mydomain.com ip4:184.309.48.129 ip4:184.309.48.129 ip6:fe80::428:24ff:fe27:dcb5 ?all"
mydomain.com. IN CAA 0 issue "letsencrypt.org"
mydomain.com. IN CAA 0 issuewild ";"

By the time the command progressed to the DKIM section, the file was broken. So the problem happens near DKIM processing:
$ttl 38400
@ IN SOA ns1.maindom.com. root.ns1.maindom.com. (
1562258224
10800
3600
604800
38400 )
@ IN NS ns1.maindom.com.
@ IN NS ns2.maindom.com.
mydomain.com. IN A 184.309.48.129
www.mydomain.com. IN A 184.309.48.129
ftp.mydomain.com. IN A 184.309.48.129
m.mydomain.com. IN A 184.309.48.129
localhost.mydomain.com. IN A 127.0.0.1
webmail.mydomain.com. IN A 184.309.48.129
admin.mydomain.com. IN A 184.309.48.129
mail.mydomain.com. IN A 184.309.48.129
mydomain.com. IN MX 5 mail.mydomain.com.
mydomain.com. IN TXT "v=spf1 a mx a:mydomain.com ip4:184.309.48.129 ip4:184.309.48.129 ip6:fe80::428:24ff:fe27:dcb5 ?all"
mydomain.com. IN CAA 0 issue "letsencrypt.org"mydomain.com. IN CAA 0 issuewild ";" <<<<<<<<<<<<<<<< BUG
2019._domainkey.mydomain.com. IN TXT ( "v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUVSS6Mx6DZeZ"
"Z8nIXG2xm9qQCWP6Rj9uJOsC5mf5D8CFRWwkfNlUlSrv/1icwUJIxmVFMfsKlcwM7BJq/302tOaNwi2y"
"4PI8ZKzlvz1HOwMX2hV+RW0UPNiEBNO/BZHaiYUBuMNeTpAlTSzeb4JZCCTiNko/idr47h4H8FKf6YM1"
"vgsOe/EosBR5rb54LaDfLyurYbNePKnS58cfrH8bh8ODkKjn0u5Sf15VPDD9Bcv3wuWMGZzWbOMQQGQk"
"TIqBHgcmD9B2lo3Eg5cNtNXU421XVx/T9s0MXdda/Ag8cvSiLV6ALIkUTc1kyrGFl8KYuHttq2QY4BxX"
"PuZhw6L5QIDAQAB" )

Status: 
Fixed (pending)

Comments

Is that ";" actually part of the CAA record? Normally BIND treats them as a line ending..

Yes it is. It basically means 'disabled'

Ok, looks like the issue is that CAA records aren't supported properly in Virtualmin yet. This is on our TODO list and so we'll update this ticket when it's fixed.

Bear in mind that this bug may not be restricted to CAA. Have you tried it with 2 lines which include other directives?

Thanks

The CAA record type is the only one I've seen that includes a ; in the value

Hi Jamie I see you are on the ball )))

Hi Jamie,

Currently I have 3 updates to Virtualmin packages are available. Use the Software Package Updates module to install them selectively.
usermin all web-based user account administration interface for Unix systems 1.771
webmin all web-based administration interface for Unix systems 1.921
webmin-virtual-server all Webmin module for 'Virtualmin Virtual Servers' 6.07.gpl

My current version is Virtualmin version 6.06-2

When you say "the next Virtualmin release" Is this patch included above in 6.07.gpl?

Thanks for clarifying.

The next releases of Webmin and Virtualmin will fully support CAA records, and automatically set one up for Let's Encrypt domains.

Status: Active ยป Fixed (pending)