I am trying to set up DNS with 2 slaves and 1 hidden master.
I’ve got VM running on say 1.2.3.4. Slave DNS servers are ns1.example.com and ns2.example.com. These are correctly configured in the cluster and are getting updated automatically.
The records that VM creates have 1.2.3.4 as the Master. At the registrar, however, I only supply the ns[1,2].example.com records. Everything seems to work fine, but CheckDNS.NET reports the following errors:
Master DNS defined by SOA (1.2.3.4) was not found among NS records.
NS list mismatch: registration authority reports that domain is hosted on the following servers: ‘ns1.example.com; ns2.example.com’, but DNS server ns1.example.com reports domain to be hosted on ‘ns1.example.com; ns2.example.com; 1.2.3.4’. Please make sure that you configure the same DNS servers in registrar database and on your DNS
Also, when I run Check Connectivity, I get this:
Nameserver mismatch
None of the nameservers match this system : ns1.example.com. ns2.example.com. 1.2.3.4.
Verify with your DNS registrar that nameservers for the domain are set correctly.
Master DNS defined by SOA (1.2.3.4) was not found among NS records.
The SOA record for master should be a name, not an IP.
How far do you wish to hide your effective master? You appear to be intending to list it in the SOA record (which probably ought to have a matching NS record, I’m not certain) while not listing it at the registrar. You could functionally hide it even in the zonefile by writing the zonefile to indicate ns1 as master, while configuring the domain entry in named.conf to use a different (hidden) host as master, including an allow-notify directive for the hidden master; requiring config also of the hidden master to also-notify the SOA master which it won’t normally do.
If you don’t want the server on which Virtualmin is running to be in the NS records, you need to set the NS records explicitly. The two slaves are actually going to be automatic, because it’s smart enough to know you want them to be your nameservers.
So I think you’d want to edit Server Templates->Default->BIND DNS Domain in the field labeled “Master DNS server hostname”, and set it to Hostname and fill in one of the slaves names. I’m not sure if it’ll be smart enough to not list it twice, though. That’d be kinda bug-like, if it isn’t. (It’d be harmless…or you could make one of the slaves into ns0, as well, and call it by two names…one for “master” in Virtualmin…that would lead to roughly twice the DNS traffic on that server, but that’s usually not an issue.)