BIND - Setting the Master IP Address option is not visible in the missing module config under BIND DNS.

To Virtualmin

KB : https://www.virtualmin.com/documentation/dns/slave-configuration In your KB article explaining the BIND master / slave setup there is an headline called.

Setting the Master IP Address

But I don't have the "module config" option described in the "BIND DNS server" module!? So how do I set the Master IP Address in the template for all new created DNS zones?

Secondly I also have some extra questions. - How do I deactivate the option "Add NS record for master server?" in the template for future DNS zone files going to be created? - Why does all the slave DNS serves getting listed as master DNS servers in the zone file on the slave servers?

I am normally using Windows DNS servers, so the BIND setup is not that straightforward for me regarding the above, sorry for that.

  • Tim

Comments

Howdy -- you can access the Module config section by clicking on the Gear icon on that screen.

Hi Eric

Thanks for your answer. But there is still not "Master IP address" to be able to set when looking in the "zone defaults" area.

  • Tim

Regarding the Master IP Address -- let's start here, what IP address is it using now? And what would you like it to be?

Hi Eric

  • It is using the server's internal IP and I would like it to use the public IP instead so the transfer will be performed using the public master IP instead of the internal IP.

  • I can see when creating a new master zone there is an option to remove the NS record creation for the server creating the zone, to avoid the NS record is being transferred to the two public facing BIND DNS servers which would then be acting as slaves for the internal DNS server. Like a hidden master DNS setup. But where do I remove that option so it wont be set when deploying virtual servers using the template?

  • I have also tried to get the BIND DNS server to forward an internal zone to my internal AD servers, to handle internal lookup's on the AD zone called ito.local. I have added the following to the /etc/named.conf file.

zone "ito.local" { type forward; forwarders { 192.168.0.104; 192.168.0.160; }; };

But when I do a ping for servera.ito.local it can't find the name or service. When I look in the named status I get the following error.

Feb 06 12:03:39 virtualminserver.domain.tld named[14080]: error (no valid RRSIG) resolving 'servera.ito.local.ito.local/DS/IN': 192.168.0.104#53 Feb 06 12:03:39 virtualminserver.domain.tld named[14080]: validating @0x7fc630695560: ito.local SOA: got insecure response; parent indicates it should be secure Feb 06 12:03:39 virtualminserver.domain.tld named[14080]: error (no valid RRSIG) resolving 'servera.ito.local.ito.local/DS/IN': 192.168.0.160#53 Feb 06 12:03:39 virtualminserver.domain.tld named[14080]: error (insecurity proof failed) resolving 'servera.ito.local.ito.local/A/IN': 192.168.0.104#53 Feb 06 12:03:39 virtualminserver.domain.tld named[14080]: validating @0x7fc62803ee70: ito.local SOA: got insecure response; parent indicates it should be secure Feb 06 12:03:39 virtualminserver.domain.tld named[14080]: error (insecurity proof failed) resolving 'servera.ito.local.ito.local/A/IN': 192.168.0.160#53

Why does the FQDN it tries to lookup gets converted to servera.ito.local.ito.local?? It should only ask for servera.ito.local??

I don't get it :( Look forward to get some help here, I have been using Windows DNS servers since 1999 but I am not popular with BIND :)

  • Tim

Ah, I may understand!

Is this server perhaps behind a NAT router then?

So it has an internal IP, and an external IP?

And you're saying that currently, it's incorrectly putting the internal IP into the DNS records?

Hi Eric

That is correct. Secondly, how do I hide the NS record of the server itself to be added to the zones created.

  • Tim

We're happy to help! Though let's try and tackle one issue at a time, as we get confused easily :-)

It sounds like you may just need to configure Virtualmin to handle the NAT.

To do that, go into System Settings -> Virtualmin Config -> Network Settings.

There, set "Default IP address for DNS records" to "Automatically Detected External Address".

Once you do that, it will use the public IP for new DNS records, though it won't change your existing records.

To change existing records, you could disable the BIND DNS Domain feature, and then re-enable it. That will re-generate all the DNS records for that domain.

Does that change the DNS records to what you're after?

If so, then we can start going over your 'NS' record question.

Hi Eric

No worries, one question at a time :) The default detect external address is already active and the zones created already hold the external IP correctly. The issue is that when creating a new master zone it actual uses the internal IP when setting up the transfer options part. Please see attached image where I have highlighted this.

  • Tim

Wouldn't the internal IP be what you want for transfers between the master and slave DNS servers though?

Hi Jamie

Yeah, if they where on the same network, it would be good, but if they was placed on different locations, it should use the public IP instead.

  • Tim

Can you explain a bit more about the network configuration for your master and slave systems there?

Like how they are connected internally and externally?