Hi, I am looking for someone to exchange KVM machines for DNS services. I need a secondary DNS server outside the country for 100 domains or so, preferably Europe but not in the east (I am from Romania). And of course I am willing to do the same for my future partner. The more the merrier; and everyone needs a DNS outside the network as best practice, right?
I could of course buy some cheap VPS; but figured it would be free (kinda’) for both, I never ran anything on a Cloudmin setup that is not mine and I will be tightening ties with the community.
Rules of the game, respected also on my side:
should have a proper business in web hosting;
proper uptime, but nothing close to a miracle, 98-99% would do fine;
that is because you should have and make full backups of the VM (consistent state, machine shutdown), at least every 2 weeks;
KVM VM on Cloudmin PRO - you should have a valid license, will look for your star; a good poster on the forums here is a plus;
Centos 7.5, 1 static IP, 1 core, 1 GB RAM, 5GB SSD, opened ports: 22 (only from certain IPs), 53, 10000-10100 (only from certain IPs); this is more than enough for a DNS slave.
I will wait for a week to see if someone is interested. Very curious if something like this could be pulled out and if it works - hey, why not bartering encrypted offline backups?
BTW Sorry if this is not the place for posting this, moderators please move the thread as you see fit, thanks.
require cloudmin? You’re not accessing the cloudmin machine, you’re accessing the VPS with bind on it and you have no idea if its run by cloudmin or some other host.
All that’s required for a slave to receive updates is port 53tcp in the firewall and listed IP in bind to allow updates from.
I just want to offer that fakemoth has been a Virtualmin/Cloudmin customer with us for years.
With Cloudmin, there is a “Cloudmin Services” product that can assist with providing services on remote servers.
When using Webmin and Cloudmin for slave DNS services, having port 10000 open is indeed necessary (though I don’t believe port 22 would be).
While we don’t think fakemoth is looking to do anything fishy here – we’d also suggest caution in allowing anyone you don’t fully trust to have control over your DNS
We’ve actually considered offering an additional service here at Virtualmin for providing slave DNS. It hadn’t ever come to light, there were some challenges in all that which we haven’t overcome, but I don’t think we’ve ruled out the idea entirely.
Note that there are some details on setting up slave DNS services using just Webmin in the documentation here:
Sorry for the accusation. And not to argue with the boss, but bind can be a slave without any *mins software. Although webmin helps. I was looking at it from the slave requirements side of things. But yes, as far as virtualmin, that does require the slave to be listed in the managed server list in order to be “set as a slave by virtualmin”.
But one can manually input slave IP address in the ‘>webmin>servers>bind> zone defaults’ for “Allow transfers from…” or “Also notify slaves…”, depending on which one your are. Isn’t that all virtualmin is doing is filling in those bind boxes? I currently use external slaves which I dont own or control (he.net). Just have an ip in those bind boxes. Nothing in virtualmin is setup as far slave goes. ‘Slave DNS domain’ is not even enabled under ‘features and plugins’ for virtualmin. Works perfectly.
Haha it’s okay we’re not going to cancel your licenses for having an opinion
The benefit of using Webmin on the remote server, is that you never have to touch the remote server after setting up a new DNS zone. You would normally need to add configuration for the DNS zone to the slave server initially. By using Webmin, that step is handled automatically.
But you’re also absolutely right that if you don’t want to use Webmin on the remote server, or don’t have the option to – it’s absolutely possible to do it the way you’re describing.
@scotwnw I don’t know, what is fishy exactly? Those are the ports I need opened on the vm, and I don’t really care if you understand why, also if you read closely I didn’t ask for any advice on my setup; put that down right from the start, because for example I have also an external firewall in front of everything, and most do. And yes Cloudmin required - surprise, we are talking non-sense on their forums for starters…
Whatever; why I even bother writing… should have known that some troll will figure that it “Sounds fishy”. I will buy some VPS and be done with it.
Thank you andreychek for trying to appeal to common sense.
and if it works - hey, why not bartering encrypted offline backups?