Nameserver (Again)

Sorry to bring this up again, but I did some reading here: and did the tests mentioned on the page, that resulted in this:

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> -x
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46671
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

; EDNS: version: 0, flags:; udp: 4096

;; ANSWER SECTION: 86400 IN PTR localhost.

;; AUTHORITY SECTION: 86400 IN NS localhost.

localhost. 604800 IN A
localhost. 604800 IN AAAA ::1

;; Query time: 0 msec
;; WHEN: Sun Oct 02 11:38:46 CDT 2016
;; MSG SIZE rcvd: 132

And this “;; SERVER:” is my Public IP not used (I thought) according to Virtualmin…

[root@ns1 ~]# dig

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26462
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
; IN A


. 207 IN NS
. 207 IN NS
. 207 IN NS
. 207 IN NS
. 207 IN NS
. 207 IN NS
. 207 IN NS
. 207 IN NS
. 207 IN NS
. 207 IN NS
. 207 IN NS
. 207 IN NS
. 207 IN NS

;; Query time: 375 msec
;; WHEN: Sun Oct 02 11:39:49 CDT 2016
;; MSG SIZE rcvd: 266

Now that site says If I get the above responses it’s working as a Nameserver…

And Out of curiosity I did my IP for my server (Forum) and got this:

; <> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <> -x ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2944 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 8

; EDNS: version: 0, flags:; udp: 4096


;; AUTHORITY SECTION: 48360 IN NS 48360 IN NS 48360 IN NS 48360 IN NS 48360 IN NS 48360 IN NS 48360 IN NS

;; ADDITIONAL SECTION: 519 IN A 1135 IN A 106 IN A 695 IN A 367 IN A 1480 IN A 37209 IN A

;; Query time: 0 msec
;; WHEN: Sun Oct 02 11:45:08 CDT 2016
;; MSG SIZE rcvd: 374

Now my question is, Is this the correct (current) way to test the Nameserver, and if not can someone tell me the commands I can use on the server to test it?

The reason I’m asking, and I’ve been thinking this since I started trying to get the Nameserver working, Is I believe my registrar is “BSing” me telling me it’s not working, and need to know before I get on them about it…


Ok I have an Update to this, I found 2 Really useful websites, I setup DNSSEC, and all is well there here are the 2 Sites for anyone else:

NOW, According to Network-Tools my Forum “” IS Authoritative!!! And “” isn’t, I’m assuming this means that my actual forum address is the “Nameserver”?!??!

[] returned an authoritative response in 234 ms:


rcode: Success
id: 0 opcode: Standard query
is a response: True authoritative: True
recursion desired: False recursion avail: False
truncated: True
questions: 1 answers: 3
authority recs: 0 additional recs: 0

SO if it is, how do I switch it to NS1?? I feel like I’m getting close to getting this working, finally!!


New Question On This.

My Domain Name Is Coming up for Renewal Next month, For One I plan On switching to NameCheap as I’ve heard good things…

My Question is Now, Should I change my domain Name to “NS1.DOMAINNAME.NET” or should I leave it as “DOMAINNAME.NET

The reason I’m asking is, from what I’ve read, I “SHOULD”: be able to use and “A” Record for My NS “NS1.” but it’s not working that way in CentOs 7, It sesolves to my forum “”, and when I had Ubuntu 16.X Installed it actually resolved to the Apache “It Works Page” Not the Forum Directly…

So What I want to know, Does anyone know what the Simplest way for me to get this working would be??

I’ve Read, Do the “NS1” at the Registrar, Then Have my DNS records in Virtualmin Point to the Actual Forum, I.E. “

Would this information be correct?? Right Now I’m just looking for the Simplest way to get this done…

Thanks For any info.


To be honest i have hard time to understand your post. Can you post the content of your “/etc/named.conf” and “/var/named/” (or “domain.hosts”) files. If you want edit your domain and IP but i would like to see this files as i suspect there is some miss-configuration in your Bind.

Ok Here you go, Thanks for the fast response!!

The **** Are either Edited for public viewing, or a comment as I’m in the middle of getting “DESSEC” Up and running…


// named.conf
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.

options {
listen-on port 53 {
listen-on-v6 port 53 {
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;

 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
 - If your recursive DNS server has a public IP address, you MUST enable access 
   control to limit queries to your legitimate users. Failing to do so will
   cause your server to become part of large scale DNS amplification 
   attacks. Implementing BCP38 within your network would greatly
   reduce such attack surface 
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;   ******** ADDED WORKING ON DSSEC *******

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/";
session-keyfile "/run/named/session.key";
dnssec-lookaside . trust-anchor;


logging {
channel default_debug {
file “data/”;
severity dynamic;

zone “.” IN {
type hint;
file “”;

include “/etc/named.rfc1912.zones”;
include “/etc/named.root.key”;

zone “” {
type master;
file “/var/named/”; ****** ADDED “.signed WORKING ON DSSSEC”
allow-transfer {;
trusted-keys { 257 3 5 “*****************************”;


$ttl 38400
@ IN SOA (
38400 )
@ IN NS IN A IN A IN A IN A IN A IN A IN A IN A IN A IN A IN MX 5 IN PTR IN PTR IN TXT “v=spf1 a mx ip4: ip6:******************** -all” IN TXT “v=DMARC1; pct=100;;; p=reject; sp=none; rf=afrf; ri=86400” IN TXT ( "v=DKIM1; k=rsa; t=s; p="" )
.key ***** DSSEC WIP ****
*.key ***** DSSEC WIP ****

I haven’t changed these files since clean install of Centos 7 Server (minimal), and Clean Install of Virtualmin, about a month ago, The **** Are from today working on getting DESSEC=*DNSSEC Up and Running…



And to Clarify a Little…

My OS (Server?) Is named NS1.ANDROID-X86.NET, My Domain (In The Registrar) is “”, I have Virtualmin Set for NS1.ANDROID_X86.NET as the HOST, and the Virtual Server is “

Dunno If that is confusing, but, really, everything I’ve read says, the Server (Operating System) should be NS1.DOMAINNAME.NET and virtualmin installs fineas that being a FQDN…

Not trying to act as if you don’t know, trying t clarify my own stupidity… LOL


Is this a mistake “”?

Is this a mistake “” or did you use this to mask your domain?

Are those the correct files you needed??

If you need anymore info let me know… I just really need to know what I need to point to from the Registrar to have Virtualmin Handle MY OWN DNS Requests…

The server is Called

The Served Pages are at

So the simple question is, do I register at the registrar, then have the DNS records forward to the actual pages to be served???

The problem seems to be, that Virtualmin IS NOT handling ANY DNS tasks, As When I try to add it to the Nameservers list at my Registrar it says it doesn’t exist…

I believe I have Virtualmin setup correctly, I’ve done what has been advised, and I’ve read across many different sites looking for an answer…

I will say, ALOT of them are “Setups” from the Beginning, I.E. Installing the files and configuring them, Which I’m really wary of as, I want to keep Virtualmin in control of things, and I really don’t want to break anything…



No, it’s actually “” as it seems everywhere I’ve tried to append the “www” it get’s omitted, even at the registrar, I have the “CNAME” set for “www”.

Really not sure, It just is that way…Even a ways back, google analytics suggested moving away from the “www”, So not sure, In everything I do related to associating the Domain with things I do both…

Now in my Registrar I have: pointed to the new IP, Which in Virtualmin I added “” and the NEW IP to Bind…And My HOSTS and HOSTNAME Files (Minimally), I didn’t go Nuts with edits…

Now I was reading yesterday, Would I possible need to make a “Master” server “” and make my Domain a Slave (It’s set to Master Now, By Virtualmin Install)??

From what I read that would be for an NS1 - Master and NS2 for the slave…

Really I just want to be able to ADD NS1 to the nameserver at the registrar and it accept it, Really not sure WHY it’s not, I’ve checked internally, And short of Doing everything Advised in the 3rd link above, I’m not sure what else to do inside virtualmin, From reading the DOCS on it, It seems it should be a simple process for Virtualmin…


Hey Mike,

I’m only dropping in on this, and haven’t had a chance to read through this whole thing, but I wrote up the steps for spinning up a domain from nothing a while back on our blog here:

It sounds like the glue records are the remaining problem, maybe?

Edit: Also note that most of those steps are automated by Virtualmin; you wouldn’t need to do most of the local BIND stuff, but the stuff at the registrar has to happen for your domains to work.

Hey, Okay I went through the BLOG, and Everything on the Local End Reports Correct:

[root@ns1 named]# host has address {CORRECT IP} mail is handled by 5

[root@ns1 named]# nslookup
Server: {CORRECT NS1 IP}
Address: {CORRECT NS1 IP}#53


[root@ns1 named]# host localhost
Using domain server:
Name: localhost
Aliases: has address {CORRECT DOMAIN IP) mail is handled by 5

And the Results:

There was a problem with the NameServers you entered for the following domains: This is likely caused by the entered NameServers not being created yet. Please check the spelling of the NameServers you entered as well as checking to make sure they have been created at the applicable registry.

And I will say that NameSilo (Registrar) DOESN’T allow an IP for the Nameserver, I have to use “”… Also They say support just adding the nameserver, I just noticed the “applicable registry” in the error statement…

Which I thought WAS the “A” Record I was supposed to add for IN A {NS1 IP ADDRESS} in my Registrar DNS Records…(NameSilo), BUT when I add the “A” record, Typing “” in the Address bar, Gives me the “Index” of the site (Blank, But says Index, File, File Type) and I still get the Nameserver error from them…

REALLY Started to think it’s them, not me… I contacted my Server provider today to TRIPLE CHeck TCP/UDP 53 was open and it is.

And thanks everyone for taking the time to help me out with this!!!


Sorry to Re-Post I’m being moderated and can’t edit, lol, But I forgot the last 2 checks on the list…

[root@ns1 ~]# host -t ns name server

[root@ns1 ~]# host
Using domain server:
Address: {CORRECT NS1 IP}#53
Aliases: has address {CORRECT DOMAIN IP} mail is handled by 5
[root@ns1 ~]#

All As it seems it should be…


I have an Update to this.

With All the time spread over months of trying to get this to work, I believe I was confusing setting up a single IP DNS Nameserver.

I now have one IP for the HOST (NS1.ANDROID-X86.NET) and one IP for the Virtual Server (HTTP://ANDROID-X86.NET)

The IP for NS1.ANDROID-X86.NET Resolves through the “A” Record at My Registrar, My Registrar STILL Says that NS1.ANDROID-X86.NET IS NOT A NAMESERVER… When I enter the Address (OR IP) in the Address Bar I get:

Index of /

[ICO] Name Last modified Size Description

This Is My HOSTS FIle localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
NEW.IP.0.0 ns1

This Is Local HOSTSNAME:


changed from NS1.ANDROID-X86.NET

This is my RESOLV.CONF

Generated by NetworkManager
nameserver NEW.IP.0.0
nameserver Virtualmin Did this on install Dunno where they come from
nameserver Virtualmin Did this on install Dunno where they come from
nameserver 127.0.01

I added the ENS4 - New IP, In Network Config.
I added the IP’s In Bind

Not sure what else to do, I checked with INTERNIC and It’s not resolving, But I assume as long as my Registrar Isn’t allowing me to add it to nameserver that it won’t resolve…

I used these 2 Links and read alot on the last Link, But it killed my connection on server reboot…

Is there a way to just check the proper settings locally, Like not through “dig” as that reports the same dnsowl, which is my registrar nameservers…

Hope this clarifies a little the problems I’m having…


Edited:Copy/Paste Mangled in the display

Also Anything posted before Wed, 01/04/2017 - 10:56 on this thread is Dead info… I just came back here as I didn’t want to clutter the forums…


Ok all, I got it…

It’s bad when you have a not so savy linux user as myself, and worse when the services you pay for don’t know what they’re doing…TILL

You hit the right REP!
I registered the name server, and added it to the NameServer List, Replaced the NS1.DNSOWL.COM, With NS!.ANDROID-X86.NET, And it work with the Registrar, Told them I was going to be leaving, Still Might after a year of fighting with this, and multiple emails to them…

I’m NOT gonna say solved right now, as I went in and Removed hosts “::1” as I think that was IP6 and my server doesn’t support it, and one of the test commands came back with that as the IP, So I removed it and The IP went to localhost, I also changed the RESOLV.CONF to My NS1 IP, and Not localhost as it was set for…

I have a snap shot of the server and can restore no problem, BUT now that it’s registered and done, I’ll Play Around more, Unless ADVISED OTHERWISE HERE!!! LoL!!!

But it says 1-48 Hours to Propagate, And as long as the forum keeps running I’ll let it go… And do the tests…

Thanks everyone I’ll report back on this!


Well Good Start…

Los Angeles CA, United States

Dallas TX, United States

Mountain View CA, United States


Domain Name: ANDROID-X86.NET
Registrar: , LLC
Sponsoring Registrar IANA ID: *****
Whois Server: whois.
Referral URL: http://www.*********.com
Name Server: NS1.ANDROID-X86.NET
Name Server: NS2.DNSOWL.COM *** Guess I Already Posted this…
Name Server: NS3.DNSOWL.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 08-jan-2017
Creation Date: 27-feb-2015
Expiration Date: 27-feb-2017

Guess Gonna have to Invest in a 3rd IP, To get rid of DNSOWL (Registrar) totally, but Gonna leave as a BackUp…

Any Advice Now that I have it working, I’m Only serving my One Domain… But if I can Get Away from Anything to do with the “Registrar” I’d like to.


You only need two IP addresses for DNS service redundancy (ideally they’d be on two different servers on two different networks, but if all of your services are on one system, anyway, having redundancy is not so important).

Registrars are a necessary evil; you’ll have to get comfortable dealing with glue records, if you want to manage DNS records (or if you want to let Virtualmin do it for you). If you want to handle DNS through the registrar (most allow you to host your DNS records on their name servers for free), that won’t require glue records. But, good registrars make it pretty easy…I just poked around the namecheap interface today and see they have changed it a bunch…so my old blog post doesn’t really match their UI, anymore, though the principles will always be the same. But, if it makes you feel any better about it, once you understand how DNS works, it becomes pretty easy to get the basics going. Even though I only do it every six months or so and forget all the specifics in the meantime, I am usually able to do it in a few minutes.

Also, there’s a truism about problems with any networked service (web, mail, whatever): It’s always DNS. Even if you think it isn’t DNS, it’s probably DNS. (Not because DNS is unreliable, but because it is complex and people often get it wrong.)

Lol, Ya I agree! Basically the reason I want to manage them is, well, one for the learning experience, and two, The service really doesn’t provide everything needed for today settings, I mean, Ya, you can get by just fine with them, But Coming from “A FREE HOST”, What I started with in the VERY Beginning, To where I Am Today, I’ve learned, that, If “I” have the control “I” can fix it when needed, NOT, A Trouble Ticket, Not a REP who knows less then me, and that’s REAL BAD!! LOL

And Ya I’m sure If I paid more, I’d get what I want, But as it stands, I’m hoping to upgrade to the Virtualmin Pro, Not that I need PRO, But, The Creators of this piece of programming well deserve more then my $6 a Month, After I’ve learned the interface a little, and got over the “SHELL SHOCK” of C-Panel and a Paid host, I love it!!

And learning the proper use of back-ups, and when to do it, and all that, Example: I STILL haven’t rebooted the server, LOL, And I’ve found that’s the END all BE ALL of a working system, I know I don’t need to, But that’s my test on a working server, I still have the Snapshot before I started all this… AND I might restore it, just to see if I needed to make the changes I did…

So as It stands now, the Propagation Is Bouncing ALL OVER THE PLACE, yesterday before bed My Nameserver Propagated to about 7 of 20 Checks, now it’s on 2 of 20, Just gonna leave it be for a couple days, see how it settles out and report back here…

Then On to DNSSEC, And a couple other things…

Question tho, Would it be Better (Although I’d assume Pretty Useless in the long run) to have a second NS (NS2) that basically just points to the same IP, I’d much rather have NS1/NS2 For my Name servers, and say the registrars NS3 as A Fallback…

And as I said, as of right now the propagation is jumping around, so I’ve got a couple days to sit back and wait on it before doing anything else…

And again let me thank all of you for your input, I wouldn’t have gotten this done without the help/links, That finally got my head rapped around what I needed to get done!!!