My domains ‘name-servers’ entry points to my webmin/virtualminpro box.
I would like to assign a secondary name-server as most domain registers require two name-servers.
I set-up my ISP’s name server as secondary. But it comes back with the following error message.
09:48:17 *** Warning: Failed to zone transfer domain.com from 123.123.123.123 (RCODE 5 Query Refused)
Which options in webmin/bind9 do I have to enable so webmin box will allow my isp’s name server to become secondary name servers?
First, you don’t technically have to use two DNS servers, you could simply use two IP addresses on one server. While that does defeat the point of a redundant DNS setup, it would get you started
As far as using your ISP’s name server as a secondary goes – that only works if your ISP is configured to allow such a thing. While perhaps a handful can do that, the vast majority aren’t setup to do that.
My ISP does allow you to delegate its DNS server as a slave.
However it is only able to connect for one of its name-servers the second one gets rejected.
Mar 4 13:49:25 IS-10633 named[15696]: client 123.117.237.205#4629: transfer of 'sat-hd.com/IN': AXFR started
Mar 4 13:49:25 IS-10633 named[15696]: client 123.117.237.205#4629: transfer of 'sat-hd.com/IN': AXFR ended
Mar 4 13:49:40 IS-10633 named[15696]: client 123.117.237.66#3784: zone transfer 'sat-hd.com/AXFR/IN' denied
This is the error message from my ISP DNS server:
12:49:58 *** Warning: Failed to zone transfer example.com from 123.129.227.180 (RCODE 5 Query Refused)
Also my log is filled with megabytes of ‘denied access’ in the daemon.log is this normal?
Mar 4 13:50:02 IS-10633 named[15696]: client 127.0.0.1#44063: query 'www.example.com/A/IN' denied
Mar 4 13:50:02 IS-10633 named[15696]: client 87.117.198.199#28181: query 'www.example.com/A/IN' denied
Mar 4 13:55:01 IS-10633 named[15696]: client 127.0.0.1#41088: query 'www.example.com/A/IN' denied
Mar 4 13:55:01 IS-10633 named[15696]: client 87.117.198.199#10926: query 'www.example.com/A/IN' denied
Mar 4 14:00:02 IS-10633 named[15696]: client 127.0.0.1#50249: query 'www.example.com/A/IN' denied
Notice how localhost is also denied is that normal?
All slave servers need to be able to do zone transfers from the master. That is done via the allow-transfer directive in the zone options.
By default, Virtualmin enters any slave servers it knows about there… Either through the “DNS Cluster Server” feature, or through the template option BIND DNS Domain -> Additional manually configured nameservers.
Alternatively, you can use the option BIND DNS Domain -> Additional named.conf directives for new zones, which is a little more low-level.
In the end, Virtualmin needs to make these additions to the zone options, which you can verify in Webmin’s BIND module: