[PART 8 - DRAFT 2] [Virtualmin and Webmin] Teo En Ming's Notes for Setting Up Slave DNS Server

Subject: [PART 8 - DRAFT 2] [Virtualmin and Webmin] Teo En Ming's Notes for Setting Up Slave DNS Server


Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL)

Country: Singapore

Date: 24 Oct 2021 Sunday Singapore Time


Type of Publication: Plain Text

Document Version: 20211026.01


WHAT IS WHAT

=============


Virtualmin (along with Webmin) is installed on the Master Server.


Webmin (STANDALONE) is installed on the Slave Server.


TIME TAKEN TO SETUP THIS CONFIGURATION

======================================


I took about 3.5 hours, starting from 9 PM on 24 Oct 2021 Sunday and finishing at 12.30 AM on 25 Oct 2021 Monday, to setup the Virtualmin Master and Slave DNS Configuration. Singapore Time.


DETAILED INSTRUCTIONS

======================


SECTION A - Setting Primary Name Server in Virtualmin Master Server

====================================================================


Reference Guide: Name server setting, hostname and DNS

Link: https://archive.virtualmin.com/node/22091


Login to Virtualmin.


Click System Settings > Server Templates


Click on Default Settings template.


Edit template section: BIND DNS domain


Under Master DNS server hostname, click Hostname. Change from vmi696121.contaboserver.net to ns1.turritopsis-dohrnii-teo-en-ming.com


Click Save.


SECTION B - Modify System hostname in the Master Server

========================================================


Putty/SSH into your Virtualmin Master Server.


The existing /etc/hosts is as follows:


127.0.0.1 localhost.localdomain localhost

::1 localhost6.localdomain6 localhost6

185.182.9.61 vmi696121.contaboserver.net vmi696121


Modify your /etc/hosts as follows:


127.0.0.1 localhost.localdomain localhost

::1 localhost6.localdomain6 localhost6

185.182.9.61 ns1.turritopsis-dohrnii-teo-en-ming.com ns1


Login to Virtualmin.


Click on Webmin at the top left.


Click Dashboard.


Click on System hostname.


Change Hostname from vmi696121.contaboserver.net to ns1.turritopsis-dohrnii-teo-en-ming.com


Click Save.


Reboot the Virtualmin Master Server using Putty. It is important and necessary to reboot.


SECTION C - Changing IP address of Name Server 2 at Your Domain Registrar

==========================================================================


Login to your domain registrar. In my case it is namecheap.


Click Domain List on the left menu.


Click domain turritopsis-dohrnii-teo-en-ming.com and click Manage.


Under NAMESERVERS, change to Namecheap BasicDNS. Click green check mark.


Click Advanced DNS.


Under PERSONAL DNS SERVER, click Search.


Click ns2.turritopsis-dohrnii-teo-en-ming.com and click Delete.


Still under PERSONAL DNS SERVER, click ADD NAMESERVER.


Nameserver: ns2


IP Address: 185.214.135.104


Click Done.


Click Search again to ensure both ns1 and ns2 entries show up. We need both ns1 and ns2 entries.


Click the Domain tab at the top.


Under NAMESERVERS, change to Custom DNS.


Nameserver 1: ns1.turritopsis-dohrnii-teo-en-ming.com


Nameserver 2: ns2.turritopsis-dohrnii-teo-en-ming.com


Click the green check mark.


Sign out of namecheap.


SECTION D - Changing IP address of Name Server 2 in Virtualmin Master Server

============================================================================


Login to Virtualmin.


Click Webmin at the top left.


Click Servers > BIND DNS Server


Click the zone turritopsis-dohrnii-teo-en-ming.com


Click Address button.


Click ns2.turritopsis-dohrnii-teo-en-ming.com.


Change Address to 185.214.135.104


Click Save.


Click Return to record types.


Click Apply Configuration. You MUST click Apply Configuration for the changes to take effect.


SECTION E - Setting Up the Slave DNS Server

============================================


Putty/SSH into your Slave DNS Server. CentOS 7.9 Linux was pre-installed on the Slave Server.


Change your root password.


# passwd


Download Webmin on the Slave Server.


# wget https://prdownloads.sourceforge.net/webadmin/webmin-1.981-1.noarch.rpm


ERROR

======


--2021-10-24 15:46:47--  https://prdownloads.sourceforge.net/webadmin/webmin-1.981-1.noarch.rpm

Resolving prdownloads.sourceforge.net (prdownloads.sourceforge.net)... 204.68.111.105

Connecting to prdownloads.sourceforge.net (prdownloads.sourceforge.net)|204.68.111.105|:443... connected.

ERROR: cannot verify prdownloads.sourceforge.net's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:

  Issued certificate has expired.

To connect to prdownloads.sourceforge.net insecurely, use `--no-check-certificate'.


Solution to above error

=======================


# yum install ca-certificates


Download Webmin again.


# wget https://prdownloads.sourceforge.net/webadmin/webmin-1.981-1.noarch.rpm


Install Webmin on the Slave Server.


# rpm -ivh webmin-1.981-1.noarch.rpm


ERROR

=====


warning: webmin-1.981-1.noarch.rpm: Header V4 DSA/SHA1 Signature, key ID 11f63c51: NOKEY

error: Failed dependencies:

        perl(Net::SSLeay) is needed by webmin-1.981-1.noarch

        perl(Encode::Detect) is needed by webmin-1.981-1.noarch

        perl(Data::Dumper) is needed by webmin-1.981-1.noarch

        unzip is needed by webmin-1.981-1.noarch


Solution to above error

========================


# yum install perl-Net-SSLeay


# yum install perl-Encode-Detect


# yum install perl-Data-Dumper


# yum install unzip


Install Webmin on the Slave Server again.


# rpm -ivh webmin-1.981-1.noarch.rpm


warning: webmin-1.981-1.noarch.rpm: Header V4 DSA/SHA1 Signature, key ID 11f63c51: NOKEY

Preparing...                          ################################# [100%]

Operating system is CentOS Linux

Updating / installing...

   1:webmin-1.981-1                   ################################# [100%]

Webmin install complete. You can now login to https://vmi701385.contaboserver.net:10000/

as root with your root password.


SECTION F - Login to the Webmin Slave Server for the 1st time

=============================================================


Login to your Webmin Slave Server at https://185.214.135.104:10000


Dashboard > System Information

===============================


System hostname: vmi701385.contaboserver.net (185.214.135.104) Operating system: CentOS Linux 7.9.2009

Webmin version: 1.981 Authentic theme version: 19.83-2 

Time on system: Sunday, October 24, 2021 3:57 PM Kernel and CPU: Linux 3.10.0-1160.el7.x86_64 on x86_64

Processor information: Intel(R) Xeon(R) CPU E5-2630 v4 @ 2.20GHz, 4 cores System uptime: 47 minutes

Running processes: 95 CPU load averages: 0.01 (1 min) 0.06 (5 mins) 0.05 (15 mins)

Real memory: 421.51 MiB used / 563.47 MiB cached / 7.63 GiB total Local disk space: 11.96 GiB used / 184.74 GiB free / 196.71 GiB total

Package updates: 96 package updates are available


SECTION G - Install Firewalld on the Slave Server

==================================================


Firewalld is already pre-installed. There is no need to install it again.


# systemctl enable firewalld


# systemctl start firewalld


# systemctl status firewalld


● firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)

   Active: active (running) since Sun 2021-10-24 16:06:44 CEST; 19s ago

     Docs: man:firewalld(1)

 Main PID: 9533 (firewalld)

   CGroup: /system.slice/firewalld.service

           └─9533 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid


Oct 24 16:06:44 vmi701385.contaboserver.net systemd[1]: Starting firewalld - dynamic firewall daemon...

Oct 24 16:06:44 vmi701385.contaboserver.net systemd[1]: Started firewalld - dynamic firewall daemon.

Oct 24 16:06:44 vmi701385.contaboserver.net firewalld[9533]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It w... it now.

Hint: Some lines were ellipsized, use -l to show in full.


Checking if Firewalld is running

=================================


# firewall-cmd --state

running


Checking for default zone

=========================


# firewall-cmd --get-default-zone

public


Checking for active zone

========================


# firewall-cmd --get-active-zones

public

  interfaces: eth0


List all services of the active zone

====================================


# firewall-cmd --list-all

public (active)

  target: default

  icmp-block-inversion: no

  interfaces: eth0

  sources:

  services: dhcpv6-client ssh

  ports:

  protocols:

  masquerade: no

  forward-ports:

  source-ports:

  icmp-blocks:

  rich rules:


Restart Firewalld

=================


# firewall-cmd --reload

success


Opening Firewall Port 10000 So That You Can Access Webmin on the Slave Server

=============================================================================


# firewall-cmd --zone=public --add-port=10000/tcp

success


Immediately after running the above command, you can login to Webmin on the Slave Server already.


SECTION H - Configuring FirewallD on the Slave Server Using Webmin

===================================================================


Login to your Webmin Slave Server at https://185.214.135.104:10000


Click Networking > FirewallD


Click Add allowed port


Allowed in zone: public


Under Port to allow, click Single port and enter 10000


Network protocol: TCP


Click Create


SECTION I - Install BIND DNS Server on the Slave Server

========================================================


# yum install bind bind-config


# systemctl enable named


# systemctl start named


# systemctl status named


● named.service - Berkeley Internet Name Domain (DNS)

   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)

   Active: active (running) since Sun 2021-10-24 16:27:59 CEST; 9s ago

  Process: 11361 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)

  Process: 11358 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)

 Main PID: 11364 (named)

   CGroup: /system.slice/named.service

           └─11364 /usr/sbin/named -u named -c /etc/named.conf


Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53

Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './NS/IN': 2001:7fd::1#53

Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53

Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './NS/IN': 2001:dc3::35#53

Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53

Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53

Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53

Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53

Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: resolver priming query complete

Oct 24 16:28:00 vmi701385.contaboserver.net named[11364]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted


Reference Guide: Menu item in Webmin > Servers missing for "BIND DNS Server".

Link: https://archive.virtualmin.com/node/59786


Go to Webmin on your Slave server.


Click Refresh Modules on the left menu.


You should now see BIND DNS Server under Servers.


SECTION J - Open Additional Firewall Ports on the Slave Server Using Webmin

============================================================================


Login to Webmin.


Click Networking > FirewallD


Click Add allowed port


Allowed in zone: public


Under Port to allow, click Single port and enter 53


Network protocol: UDP


Click Create


Click Add allowed port


Allowed in zone: public


Under Port to allow, click Single port and enter 53


Network protocol: TCP


Click Create


Click Add allowed port


Allowed in zone: public


Under Port to allow, click Port range and enter 10001-10010


Network protocol: TCP


Click Create


Apply rules to interfaces: Click eth0 Click Save


Click Apply Configuration


Activate at boot: Yes


# firewall-cmd --list-all

public (active)

  target: default

  icmp-block-inversion: no

  interfaces: eth0

  sources:

  services: dhcpv6-client ssh

  ports: 10000/tcp 53/udp 53/tcp 10001-10010/tcp

  protocols:

  masquerade: no

  forward-ports:

  source-ports:

  icmp-blocks:

  rich rules:



SECTION K - Configuring the Virtualmin Master Server

====================================================


Login to Virtualmin.


Click Webmin at the top left.


Click Webmin > Webmin Servers Index


Click Register a new server


Hostname or IP address: ns2.turritopsis-dohrnii-teo-en-ming.com


Server type: CentOS Linux


SSL server? Yes


Under Link type, click Login via Webmin with username: root password: <removed>


Make fast RPC calls? Yes


Click Save


There should now be an icon representing the server you created in the Webmin Servers page.


SECTION L - Enabling Cluster Slave Servers on the Master Server

===============================================================


On the Master Server, login to Virtualmin.


Click Webmin on the top left.


Click Servers > BIND DNS Server


Click the Cluster Slave Servers button


Add server: ns2.turritopsis-dohrnii-teo-en-ming.com


Create secondary on slave when creating locally? Yes


Create all existing master zones on slave? Yes


Name for NS record: ns2.turritopsis-dohrnii-teo-en-ming.com


Click Add Now


Add Servers

===========


Adding ns2.turritopsis-dohrnii-teo-en-ming.com ..

Added ns2.turritopsis-dohrnii-teo-en-ming.com, with 0 existing zones.


Setup ns2.turritopsis-dohrnii-teo-en-ming.com with 1 new slave zones, but encountered 5 errors :

ns2.turritopsis-dohrnii-teo-en-ming.com : This zone already exists


SECTION M - Setting the Master IP Address on the Master Server

==============================================================


Go to your Master Server.


Click Servers > BIND DNS Server


Click Module config


Configuration category: Zone file options


Default master server(s) for slave zones: 185.182.9.61


Click Save


Reference Guide: DNS Slave Auto-configuration

Link: https://www.virtualmin.com/slave-configuration/


Reference Guide: How To Setup DNS Slave Auto Configuration Using Virtualmin/Webmin on Ubuntu

Link: https://www.digitalocean.com/community/tutorials/how-to-setup-dns-slave-auto-configuration-using-virtualmin-webmin-on-ubuntu


SECTION N - Problem: BIND DNS Server is not listening on the Slave Server

==========================================================================


Problem Description

====================


C:\PortQryV2>portqry -n ns2.turritopsis-dohrnii-teo-en-ming.com -e 53 -p both


Querying target system called:


 ns2.turritopsis-dohrnii-teo-en-ming.com


Attempting to resolve name to IP address...



Name resolved to 185.214.135.104


querying...


TCP port 53 (domain service): NOT LISTENING


UDP port 53 (domain service): LISTENING or FILTERED


Sending DNS query to UDP port 53...


DNS query timed out


Solution

========


Edit /etc/named.conf


# nano /etc/named.conf


Find the "options {" section.


Replace the following lines:


listen-on port 53 { 127.0.0.1; };

listen-on-v6 port 53 { ::1; };


with the lines below:



        listen-on port 53 {

                any;

                };

        listen-on-v6 port 53 {

                any;

                };


# systemctl restart named


Run the following port scanning command on your Windows 10 laptop

==================================================================


C:\PortQryV2>portqry -n ns2.turritopsis-dohrnii-teo-en-ming.com -e 53 -p both


Querying target system called:


 ns2.turritopsis-dohrnii-teo-en-ming.com


Attempting to resolve name to IP address...



Name resolved to 185.214.135.104


querying...


TCP port 53 (domain service): LISTENING


UDP port 53 (domain service): LISTENING


SECTION O - Problem: BIND DNS Server on the Slave Server is Rejecting Queries

================================================================================


Problem Description

===================


C:\PortQryV2>nslookup

Default Server:  UnKnown

Address:  192.168.122.221


> server ns2.turritopsis-dohrnii-teo-en-ming.com

Default Server:  ns2.turritopsis-dohrnii-teo-en-ming.com

Address:  185.214.135.104


> www.turritopsis-dohrnii-teo-en-ming.com

Server:  ns2.turritopsis-dohrnii-teo-en-ming.com

Address:  185.214.135.104


DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

*** Request to ns2.turritopsis-dohrnii-teo-en-ming.com timed-out

> set type=ns

> turritopsis-dohrnii-teo-en-ming.com

Server:  ns2.turritopsis-dohrnii-teo-en-ming.com

Address:  185.214.135.104


DNS request timed out.

    timeout was 2 seconds.

DNS request timed out.

    timeout was 2 seconds.

*** Request to ns2.turritopsis-dohrnii-teo-en-ming.com timed-out


Solution

=========


Edit /etc/named.conf


# nano /etc/named.conf


Find the line that says


allow-query     { localhost; };


And replace it with


allow-query     { any; };


# systemctl restart named


Reference Guide: Bind9 denied query

Link: https://unix.stackexchange.com/questions/283276/bind9-denied-query


Result

=======


C:\Users\Teo En Ming>nslookup

Default Server:  UnKnown

Address:  192.168.122.221


> server ns2.turritopsis-dohrnii-teo-en-ming.com

Default Server:  ns2.turritopsis-dohrnii-teo-en-ming.com

Address:  185.214.135.104


> www.turritopsis-dohrnii-teo-en-ming.com

Server:  ns2.turritopsis-dohrnii-teo-en-ming.com

Address:  185.214.135.104


Name:    www.turritopsis-dohrnii-teo-en-ming.com

Address:  185.182.9.61



SECTION P - The FINALIZED Master DNS Zone

=========================================


$ttl 3600

@       IN      SOA     ns1.turritopsis-dohrnii-teo-en-ming.com. ceo.teo-en-ming-corp.com. (

                        1634651919

                        3600

                        600

                        1209600

                        3600 )

turritopsis-dohrnii-teo-en-ming.com.    IN      A       185.182.9.61

www.turritopsis-dohrnii-teo-en-ming.com.        IN      A       185.182.9.61

ftp.turritopsis-dohrnii-teo-en-ming.com.        IN      A       185.182.9.61

m.turritopsis-dohrnii-teo-en-ming.com.  IN      A       185.182.9.61

localhost.turritopsis-dohrnii-teo-en-ming.com.  IN      A       127.0.0.1

webmail.turritopsis-dohrnii-teo-en-ming.com.    IN      A       185.182.9.61

admin.turritopsis-dohrnii-teo-en-ming.com.      IN      A       185.182.9.61

mail.turritopsis-dohrnii-teo-en-ming.com.       IN      A       185.182.9.61

turritopsis-dohrnii-teo-en-ming.com.    IN      MX      5 mail.turritopsis-dohrnii-teo-en-ming.com.

turritopsis-dohrnii-teo-en-ming.com.    IN      TXT     "v=spf1 a mx a:turritopsis-dohrnii-teo-en-ming.com ip4:185.182.9.61 ip4:185.182.9.61 ip6:2a02:c207:2069:6121:0000:0000:0000:0001 ?all"

@       IN      CAA     0 issuewild letsencrypt.org

2021._domainkey.turritopsis-dohrnii-teo-en-ming.com.    IN      TXT     ( "v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAag9wT+JcVqf"

        "4LOXV4tIkfAeOudlfU5ne3at292ch+En3zhRlwUflzMJkE/Ax+chxy+lbj2X4/mUdhFiEsMcly2LNFkO"

        "06xLK+2LUcl71u+JfOvt1vSGwV1EXtlEkbtfH7y9eQu0SRX13cy0oQTvtpyrbbrmRSjUKpHA8wxdJQq8"

        "0lj7X3n6EahtY1Y+P5t04tsUBpPyxplIauqp9j47iib2lLwXAAgUw+q2ezz2OgX9nwgMUZfVNFzZAuug"

        "nzoQgBij7UVmH72GOaDsJ724Pp2RqJhYXZaYMImy1pExDXRUc60I7EjXn6ONXHlszjO7U2XVOreaLGPl"

        "c4UAmMNrQIDAQAB" )

_dmarc.turritopsis-dohrnii-teo-en-ming.com.     IN      TXT     "v=DMARC1; p=none; pct=100; rua=mailto:ceo@teo-en-ming-corp.com; adkim=r; aspf=r"

turritopsis-dohrnii-teo-en-ming.com.    IN      NS      ns1.turritopsis-dohrnii-teo-en-ming.com.

turritopsis-dohrnii-teo-en-ming.com.    IN      NS      ns2.turritopsis-dohrnii-teo-en-ming.com.

ns1.turritopsis-dohrnii-teo-en-ming.com.        IN      A       185.182.9.61

ns2.turritopsis-dohrnii-teo-en-ming.com.        IN      A       185.214.135.104



Conclusion

==========


Teo En Ming's Virtualmin web hosting control panel is now setup successfully with Master and Slave DNS Configuration.


Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 26 Oct 2021, is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant with a Systems Integrator (SI)/computer firm in Singapore. He is an IT enthusiast.





REFERENCES

===========


[1] https://sourceforge.net/p/webadmin/mailman/message/37373922/


[2] https://marc.info/?l=webmin-l&m=163528877500627&w=2


[3] https://pastebin.com/raw/hVShREH6


Comments

Popular posts from this blog

[24 Mar 2022 Thursday] Erectile Dysfunction and Viagra

Patching Linux Kernel 5.5.7 to Add Support for AUFS Filesystem