Change DNS settings for virtual servers
This program updates DNS-related options for one or more servers, selected using the
--all-domains flags. Or you can select all domains that don't have their own private IP address with
To enable SPF for a domain, using
--spf option, and to turn it off use
--no-spf. By default, the SPF record will be created using the settings from the DNS section of the domain's server template.
To add allowed hostname, MX domains or IP addresses, use the
--spf-add-ip6 options respectively. Each of which must be followed by a single host, domain or IP address. Or you can use
--spf-add-include followed by a domain name who's SPF policy will be included in this one.
--spf-remove-include options will remove the following host, domain or IP address from the allowed list for the specified domains.
To control how SPF treats senders not in the allowed hosts list, use one of the
To enable the DMARC DNS record for a domain, use the
--dmarc flag - or to disable it, use
--no-dmarc. The DMARC action for other mail servers to perform can be set with the
--dmarc-policy flag, and the percentage of messages it should be applied to can be set with
This command can also be used to add and remove DNS records from all the selected domains. Adding is done with the
--add-record flag, which must be followed by a single parameter containing the record name, type and value. Alternately, you can use
--add-record-with-ttl followed by the name, type, TTL and value. If your cloud DNS provider supports proxy records, you can use the
--add-proxy-record with the same parameters as
Conversely, deletion is done with the
--remove-record flag, followed by a single parameter containing the name and type of the record(s) to delete. You can also optionally include the record values, to disambiguate records with the same name but different values (like MX records). Both the additional and deletion flags can be given multiple times.
Similarly, the default TTL for records can be set with the
--ttl flag followed by a number in seconds. Suffixes like h, m and d are also allowed to specific a TTL in hours, minutes or days. Alternately, the
--all-ttl flag can be used to set the TTL for all records in the domain.
You can also add or remove slave DNS servers for this domain, assuming that they have already been setup in Webmin's BIND DNS Server module. To add a specific slave host, use the
--add-slave flag followed by a hostname. Or to add them all, use the
To remove a single slave host, use the
--remove-slave command followed by a hostname. Or to remove any slave hosts that are no longer valid (ie. because they were removed from Webmin), use the
If your system is on an internal network and made available to the Internet via a router doing NAT, the IP address of a domain in DNS may be different from it's IP on the actual system. To set this, the
--dns-ip flag can be given, followed by the external IP address to use. To revert to using the real IP in DNS, use
--no-dns-ip instead. In both cases, the actual DNS records managed by Virtualmin will be updated.
To add TLSA records (for publishing SSL certs) to selected domains, use the
--enable-tlsa flag. Similarly the
--disable-tlsa removes them, and the
--sync-tlsa updates them in domains where they already exist.
If a virtual server is a sub-domain of another server, you can move it's DNS records out into a separate zone file with the
--disable-subdomain flag. Or if eligible, you can combine the zones with
Command Line Help
virtualmin modify-dns --domain name | --all-domains | --all-nonvirt-domains [--spf | --no-spf] [--spf-add-a hostname]* [--spf-add-mx domain]* [--spf-add-ip4 address]* [--spf-add-ip6 address]* [--spf-remove-a hostname]* [--spf-remove-mx domain]* [--spf-remove-ip4 address]* [--spf-remove-ip6 address]* [--spf-all-disallow | --spf-all-discourage | --spf-all-neutral | --spf-all-allow | --spf-all-default] [--dmarc | --no-dmarc] [--dmarc-policy none|quarantine|reject] [--dmarc-percent number] [--add-record "name type value"] [--add-record-with-ttl "name type TTL value"] [--add-proxy-record "name type value"] [--remove-record "name type value"] [--ttl seconds | --all-ttl seconds] [--add-slave hostname]* | [--add-all-slaves] [--remove-slave hostname]* | [--sync-all-slaves] [--dns-ip address | --no-dns-ip] [--enable-dnssec | --disable-dnssec] [--enable-tlsa | --disable-tlsa | --sync-tlsa] [--enable-subdomain | --disable-subdomain] [--cloud-dns provider|"local"]