We need our customers use our nameservers but they should be alloed to edit/create entries from Virtualmin installed at their own VPS.
We can do this by addning our nameservers (ns1-ns3.myhosting.com) to client’s VPS > BIND > Cluster Slave Servers. This way when a customer adds/edits new domain entries it is automatically created at our nameservers.
The issue is the customer will have root access to their own VPS. Therefore they can go to VPS > Webmin Servers Index and from there ns1.myhosting.com and modify/delete the domains of other customers also.
I use PowerDNS, which has a feature that automatically provisions slave domains from a master (supermaster). I don’t know if BIND has something similar.
Unfortunately BIND has no such feature that I’m aware of.
@Zulqarnain: If you use the Cluster Slave feature and your customer has root access to their machine, the situation is even worse: They can extract the password of the Webmin user that is used to connect to the slave Webmin.
So you should use Cluster Slaves only on machines that only you or trusted people have root access to.
I don’t see an immediate easy solution to this. I guess if I were to implement this, I’d do it the other way round: Have the DNS slaves regularly contact the masters via some custom-made scripts and check if zones have been added or deleted there, and reproduce those actions locally. I don’t think though Virtualmin immediately supports this, you’d have to create scripts of your own for this.
