Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » hosting » virtualmin_dns
Trace:
internet:hosting:virtualmin_dns

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:hosting:virtualmin_dns [2019/04/04 09:40]
gcooper 		internet:hosting:virtualmin_dns [2019/04/04 11:06] (current)
gcooper
Line 9: Line 9:
 :!: Make sure ports 10000:10010 are open between the two DNS servers. :!: Make sure ports 10000:10010 are open between the two DNS servers.
  
-:!: If **slave domain needs to be created** on the slave, use the Webmin BIND DNS Server module on the slave server to ''Create a new slave zone''.+:!: Without Virtualmin, a slave domain can be created on the slave server using the Webmin BIND DNS Server module on the slave server to ''Create a new slave zone''.
  
-Create slave DNS zones on Virtualmin slave servers:+**With a Virtualmin primary DNS server**, create slave DNS zones on Virtualmin slave servers:
  
 :!: You would use this command if your primary zone is configured and working, but no slave configuration exists...possibly after a virtual server transfer. :!: You would use this command if your primary zone is configured and working, but no slave configuration exists...possibly after a virtual server transfer.
  
 <file> <file>
-virtualmin modify-dns --all-domains --add-all-slaves+virtualmin modify-dns --all-domains | --domain <yourdomain.tld> --add-all-slaves
 </file> </file>
  
Line 27: Line 27:
 </file> </file>
  
-Perform a zone transfer at the slave server CLI:+This command performs test zone transfer **at the slave server** CLI:
  
 <file> <file>
Line 45: Line 45:
 **Force source port** to 53: **Force source port** to 53:
  
-:!: This WILL cause problems with some mail servers.+:!: This is old methodology and **will** cause problems with some mail servers.
  
 <file> <file>
Line 125: Line 125:
 ===== Recursion ===== ===== Recursion =====
  
-Limit recursive lookups by editing ''/etc/bind/named.conf.options'' to add:+**Webmin -> Servers -> BIND DNS Server -> Addresses and Topology -> Allow recursive queries from Listed -> localhost and localnets** 
 + 
 +Limit recursive lookups by editing ''/etc/bind/named.conf.options'' to include:
  
 <file> <file>
Line 136: Line 138:
 ===== DNSSEC ===== ===== DNSSEC =====
  
-==== For Newly Created Domains ====+==== Enable DNSSEC ====
  
-:!: Virtualmin will add DNSSEC records automatically to new domains as they are created.+**Webmin -> Servers -> BIND DNS Server -> DNSSEC Verification ->**
  
-:!: You may need to enable DNSSEC in Webmin for this to work as advertised (see below).+  * **DNSSEC enabled?** Yes 
 +  * **DNSSEC response validation enabled?** Yes (automatic mode)
  
-**Virtualmin -> System Settings -> Server Tempates -> Default Settings -> BIND DNS domain**+**Webmin -> Servers -> BIND DNS Server -> DNSSEC Key Re-Signing ->**
  
-  * **Create DNSSEC key and sign new domains** +  * **Automatic key re-signing enabled?** Yes 
-    Yes+  **Period between re-signs?** 21 days
  
-==== For Existing Domains ====+==== For Newly Created Domains ====
  
-**Webmin -> Servers -> BIND DNS Server**+:!: Virtualmin will add DNSSEC records automatically to new domains as they are created.
  
-  * **DNSSEC Verification** +**Virtualmin -> System Settings -> Server Tempates -> Default Settings -> BIND DNS domain ->**
-    * **Enable DNSSEC Verification**+
  
-{{ :internet:hosting:dnssec_verification.png?750 |}}+  * **Create DNSSEC key and sign new domains?** Yes 
 +  * **DNSSEC cryptographic algorithm** RSASHA1 
 +  * **Number of DNSSEC keys** Zone key and key-signing key 
  
-  * **DNSSEC Key Re-Signing** +==== For Existing Domains ====
-    * Enable +
- +
-{{ :internet:hosting:dnssec_key_re-signing.png?600 |}}+
  
-**Webmin -> Servers -> BIND DNS Server -> <Zone to Modify>**+**Webmin -> Servers -> BIND DNS Server -> <Zone to Modify> -> Setup DNSSEC Key**
  
-  * **Setup DNSSEC Key** +  * **Key algorithm** RSASHA1 
-    * Create and Add Key +  * **Key size** Average size 
-    You can also remove, then recreate the key+  * **Number of keys to create** Zone key and key-signing key 
 +  * **Create and Add Key**
   * **Apply Zone**   * **Apply Zone**
  
-**Virtualmin -> <Domain (Zone) to Modify> -> Server Configuration**+:!: You can also remove, then recreate the key.
  
-  * **DNS Options** +==== Examine DNSSEC Records ==== 
-    * You can see DNSSEC zone keys here + 
-  * **DNS Records**+**Virtualmin -> <Domain/Zone> -> Server Configuration ->** 
 + 
 +  * **DNS Options**  
 +    * You can see **DNSSEC zone keys** and registrar **DS records** here 
 +  * **DNS Records -> Manually Edit**
     * You can see DNSSEC records here     * You can see DNSSEC records here
 +
 +**Force Virtualmin to regenerate all records**, if necessary:
 +
 +**Virtualmin -> <Domain/Zone> -> Server Configuration -> DNS Options -> Save** 
  
 ==== Testing DNSSEC ==== ==== Testing DNSSEC ====
Line 189: Line 199:
 http://manage.resellerclub.com/kb/answer/1909 http://manage.resellerclub.com/kb/answer/1909
  
-Get the information you need at one of these locations:+=== More DS Record Info === 
 + 
 +You can also get the information you need at one of these locations:
  
 <file> <file>
internet/hosting/virtualmin_dns.1554392422.txt.gz · Last modified: 2019/04/04 09:40 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki