This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
internet:hosting:virtualmin_dns [2018/12/07 09:04] gcooper |
internet:hosting:virtualmin_dns [2019/04/04 11:06] (current) gcooper |
||
---|---|---|---|
Line 9: | Line 9: | ||
:!: Make sure ports 10000:10010 are open between the two DNS servers. | :!: Make sure ports 10000:10010 are open between the two DNS servers. | ||
- | :!: If a **slave domain | + | :!: Without Virtualmin, |
- | Create | + | **With a Virtualmin primary DNS server**, create |
:!: You would use this command if your primary zone is configured and working, but no slave configuration exists...possibly after a virtual server transfer. | :!: You would use this command if your primary zone is configured and working, but no slave configuration exists...possibly after a virtual server transfer. | ||
< | < | ||
- | virtualmin modify-dns --all-domains --add-all-slaves | + | virtualmin modify-dns --all-domains |
</ | </ | ||
Line 27: | Line 27: | ||
</ | </ | ||
- | Test a zone transfer | + | This command performs |
< | < | ||
Line 45: | Line 45: | ||
**Force source port** to 53: | **Force source port** to 53: | ||
- | :!: This WILL cause problems with some mail servers. | + | :!: This is old methodology and **will** |
< | < | ||
Line 125: | Line 125: | ||
===== Recursion ===== | ===== Recursion ===== | ||
- | Limit recursive lookups by editing ''/ | + | **Webmin -> Servers -> BIND DNS Server -> Addresses and Topology -> Allow recursive queries from Listed -> localhost and localnets** |
+ | |||
+ | Limit recursive lookups by editing ''/ | ||
< | < | ||
Line 136: | Line 138: | ||
===== DNSSEC ===== | ===== DNSSEC ===== | ||
- | ==== For Newly Created Domains | + | ==== Enable DNSSEC |
- | :!: Virtualmin will add DNSSEC | + | **Webmin -> Servers -> BIND DNS Server -> DNSSEC |
- | :!: You may need to enable | + | * **DNSSEC |
+ | * **DNSSEC response validation enabled?** Yes (automatic mode) | ||
- | **Virtualmin | + | **Webmin |
- | * **Create DNSSEC | + | * **Automatic |
- | * Yes | + | * **Period between re-signs?** 21 days |
- | ==== For Existing | + | ==== For Newly Created |
- | **Webmin -> Servers -> BIND DNS Server** | + | :!: Virtualmin will add DNSSEC records automatically to new domains as they are created. |
- | | + | **Virtualmin -> System Settings -> Server Tempates -> Default Settings -> BIND DNS domain ->** |
- | * **Enable DNSSEC Verification** | + | |
- | {{ : | + | * **Create DNSSEC key and sign new domains?** Yes |
+ | * **DNSSEC cryptographic algorithm** RSASHA1 | ||
+ | * **Number of DNSSEC keys** Zone key and key-signing key | ||
- | * **DNSSEC Key Re-Signing** | + | ==== For Existing Domains ==== |
- | * Enable | + | |
- | + | ||
- | {{ : | + | |
- | **Webmin -> Servers -> BIND DNS Server -> <Zone to Modify> | + | **Webmin -> Servers -> BIND DNS Server -> <Zone to Modify> |
- | * **Setup DNSSEC | + | * **Key algorithm** RSASHA1 |
- | * Create and Add Key | + | * **Key size** Average size |
- | | + | * **Number of keys to create** Zone key and key-signing key |
+ | * **Create and Add Key** | ||
* **Apply Zone** | * **Apply Zone** | ||
- | **Virtualmin -> <Domain (Zone) to Modify> -> Server Configuration** | + | :!: You can also remove, then recreate the key. |
- | | + | ==== Examine DNSSEC Records ==== |
- | * You can see DNSSEC zone keys here | + | |
- | * **DNS Records** | + | **Virtualmin -> < |
+ | |||
+ | | ||
+ | * You can see **DNSSEC zone keys** and registrar **DS records** | ||
+ | * **DNS Records | ||
* You can see DNSSEC records here | * You can see DNSSEC records here | ||
+ | |||
+ | **Force Virtualmin to regenerate all records**, if necessary: | ||
+ | |||
+ | **Virtualmin -> < | ||
==== Testing DNSSEC ==== | ==== Testing DNSSEC ==== | ||
Line 189: | Line 199: | ||
http:// | http:// | ||
- | Get the information you need at one of these locations: | + | === More DS Record Info === |
+ | |||
+ | You can also get the information you need at one of these locations: | ||
< | < |