I have gone to suggested module and rechecked the config and it responds with No errors were found in the BIND configuration file /etc/bind/named.conf or referenced zone files.
which sort of contradicts the original message. Any pointers (BIND is a bit newbie territory for me)
Maybe (@staff could confirm that) or perhaps I need to wait until the date given (05/08/23) and it should only be seen as a warning at this point not really an error.
I remember @Jamie fixing this issue many Webmin versions ago. Not clear what’s causing it now.
Do you have /etc/webmin/bind8/resign.pl Cron job setup in System ⇾ Scheduled Cron Jobs page? Also, note that the default period between resigns is 21 days.
Considering zone 255.in-addr.arpa
Key count 0
Considering zone ************a.uk
Key count 2
Zone key in /var/lib/bind/K************a.uk.+008+03928.private
Age in days 0.5153125
Considering zone ************b.co.uk
Key count 0
Considering zone ************c.club
Key count 2
Zone key in /var/lib/bind/K************c.club.+008+22728.private
Age in days 14.2451736111111
Considering zone 127.in-addr.arpa
Key count 0
Considering zone ************d.fun
Key count 0
Considering zone localhost
Key count 0
Considering zone ************e.co.uk
Key count 0
Considering zone ************f.co.uk
Key count 0
Considering zone 0.in-addr.arpa
Key count 0
I have obscured the domain names a-f (these correspond to the 6 VS on this box only one (c) has 4 sub servers (that is probably irrelevant) it is (a) that is showing the error above.
Note that all of the domains should be enabled for DNSEC as they are all “live” sites.
I don’t understand why only 2 are listing key count > 0?
and a list of existing servers (all are included) all of type “Master”
As I have never been here before, why is it that 2 VS were setup (a & c) but the others weren’t? all these VS were created new in Virtualmin in the normal way. (over some time/versions)
Thanks @Ilia
That was scary stuff (playing around in an area I have no real idea of what I was doing or why)
So I Setup DNSSEC Key creating the key with the default button on each of the domains (b,d,e,f) - Thank you Virtualmin for making the GUI so simple to do that - once the blind was lead to the spot
So I reran /etc/webmin/bind8/resign.pl --debug and the new output shows that all of the domains (a - f) have a Key Count of 2
The error message has gone (well it is now after the date included in the message - so may have gone anyway)
The *.in-addr.arpa zones and localhost zone I didn’t change - Should I?
But I still don’t understand why this was not done by Virtualmin when these VS were created !
You don’t really have to use DNSSEC, it raises complexity with not that much of a benefit.
Also, you need to make sure that the DS key is something what your parent DNS zone expects, i.e. records on domain’s registrar side. If you don’t have those setup you can simply disable DNSSEC in Virtualmin side for all domains without any further complications.