Differences

This shows you the differences between two versions of the page.

--- internet:hosting:virtualmin_dns [2019/04/04 09:47]
gcooper
+++ internet:hosting:virtualmin_dns [2019/04/04 11:05]
gcooper
@@ Line 45: / Line 45: @@
 **Force source port** to 53:
-:!: This WILL cause problems with some mail servers.
+:!: This is old methodology and **will** cause problems with some mail servers.
 <file>
@@ Line 125: / Line 125: @@
 ===== Recursion =====
-Limit recursive lookups by editing ''/etc/bind/named.conf.options'' to add:
+**Webmin -> Servers -> BIND DNS Server -> Addresses and Topology -> Allow recursive queries from Listed -> localhost and localnets**
+Limit recursive lookups by editing ''/etc/bind/named.conf.options'' to include:
 <file>
@@ Line 136: / Line 138: @@
 ===== DNSSEC =====
-==== For Newly Created Domains ====
+==== Enable DNSSEC ====
-:!: Virtualmin will add DNSSEC records automatically to new domains as they are created.
+**Webmin -> Servers -> BIND DNS Server -> DNSSEC Verification ->**
-:!: You may need to enable DNSSEC in Webmin for this to work as advertised (see below).
+  * **DNSSEC enabled?** Yes
+  * **DNSSEC response validation enabled?** Yes (automatic mode)
-**Virtualmin -> System Settings -> Server Tempates -> Default Settings -> BIND DNS domain**
+**Webmin -> Servers -> BIND DNS Server -> DNSSEC Key Re-Signing ->**
-  * **Create DNSSEC key and sign new domains**
+  * **Automatic key re-signing enabled?** Yes
-    * Yes
+  * **Period between re-signs?** 21 days
-==== For Existing Domains ====
+==== For Newly Created Domains ====
-**Webmin -> Servers -> BIND DNS Server**
+:!: Virtualmin will add DNSSEC records automatically to new domains as they are created.
-  * **DNSSEC Verification**
+**Virtualmin -> System Settings -> Server Tempates -> Default Settings -> BIND DNS domain ->**
-    * **Enable DNSSEC Verification**
-{{ :internet:hosting:dnssec_verification.png?750 |}}
+  * **Create DNSSEC key and sign new domains?** Yes
+  * **DNSSEC cryptographic algorithm** RSASHA1
+  * **Number of DNSSEC keys** Zone key and key-signing key
-  * **DNSSEC Key Re-Signing**
+==== For Existing Domains ====
-    * Enable
-{{ :internet:hosting:dnssec_key_re-signing.png?600 |}}
-**Webmin -> Servers -> BIND DNS Server -> <Zone to Modify>**
+**Webmin -> Servers -> BIND DNS Server -> <Zone to Modify> -> Setup DNSSEC Key**
-  * **Setup DNSSEC Key**
+  * **Key algorithm** RSASHA1
-    * Create and Add Key
+  * **Key size** Average size
-    * You can also remove, then recreate the key
+  * **Number of keys to create** Zone key and key-signing key
+  * **Create and Add Key**
   * **Apply Zone**
-**Virtualmin -> <Domain (Zone) to Modify> -> Server Configuration**
+:!: You can also remove, then recreate the key.
-  * **DNS Options**
+==== Examine DNSSEC Records ====
-    * You can see DNSSEC zone keys here
-  * **DNS Records**
+**Virtualmin -> <Domain/Zone> -> Server Configuration ->**
+  * **DNS Options**
+    * You can see **DNSSEC zone keys** and registrar **DS records** here
+  * **DNS Records -> Manually Edit**
     * You can see DNSSEC records here
+Force Virtualmin to **regenerate all records**, if necessary:
+**Virtualmin -> <Domain/Zone> -> Server Configuration -> DNS Options -> Save**
 ==== Testing DNSSEC ====
@@ Line 189: / Line 199: @@
 http://manage.resellerclub.com/kb/answer/1909
-Get the information you need at one of these locations:
+=== More DS Record Info ===
+You can also get the information you need at one of these locations:
 <file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools