NS1/NS2 hostnames for Virtualmin?

Hi!

I’m trying to set my domain’s NS1 and NS2 to point to my Virtualmin server so it can manage all my new domains in the future.

  1. In the domain register I’ve set the domain’s “Hostnames” “ns1.mydomain” and “ns2.mydomain” to point to the server’s IP address and I’ve set the domain’s “Nameservers” to “ns1.mydomain” and “ns2.mydomain”.

  2. In Virtualmin “System Settings > Server Templates > Default Settings > DNS domain” I’ve set “Master DNS server hostname” to “mydomain” and “Additional manually configured nameservers” to “ns1.mydomain” and “ns2.mydomain” and then I’ve added “mydomain” as a new virtual server.

Is there something I’m doing wrong since it’s been 48 hours and the domain still gives “DNS_PROBE_FINISHED_NXDOMAIN” error when I’m trying to reach it using a browser?

Thanks!

Well, this configuration differs from registrar to registrar, but according to my setup, you have to configure “glue records” where u have to type ns1.yourdomain.com + ns2.yourdomain.com and below this you should have something which will tell where are these nameservers actually located - the IP address of your nameservers.

when you are going to configure domains which records should be located on your nameservers, than it is enought to configure here only the nameservers, you dont need to mention the IP address.

Some people says that the propagation can take up to 48 hours, but in my case, it was done like about 30 minutes or so…

Wish you luck!

PS.: “DNS_PROBE_FINISHED_NXDOMAIN” means domain records couldnt be found, so your nameservers are not working according to this.

btw. on virtualmin side it shouldnt be needed to make any changes in configuration - the nameservers should work out of the box, if u enable DNS for the domain, just check if in the records, u have record similar to this:

clientdomain.com IN NS ns1.yourdomain.com
clientdomain.com IN NS ns2.yourdomain.com

At mxtools, use domain health, its should help.

I’ve waited a few more days and since the DNS still doesn’t work I’ve decided to run some tests on the actual server:

trinity@server1:/$ host papi.host ns1.papi.host
;; communications error to 127.0.1.1#53: connection refused
;; communications error to 127.0.1.1#53: connection refused
Using domain server:
Name: ns1.papi.host
Address: 78.142.4.100#53
Aliases:
papi.host has address 78.142.4.100
;; communications error to 127.0.1.1#53: connection refused
;; communications error to 127.0.1.1#53: connection refused
;; communications error to 127.0.1.1#53: connection refused
;; communications error to 127.0.1.1#53: connection refused
papi.host mail is handled by 5 mail.papi.host.

Is that normal? It’s a fresh Ubuntu Server 22.04 install. I’ve added these in /etc/bind/named.conf.options, since there was only listen-on-v6 { any; };, restarted the BIND service but it still gives connection refused error:

listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
recursion yes;
allow-recursion { 127.0.0.1; ::1; };

if port 53 open in your firewall ?
look at firewalld and see if you see this

I’m attaching screenshots of the system. I’ve also checked Open Port Check Tool - Test Port Forwarding on Your Router and it says that port 53 is opened.

This is what netstat -an | grep :53 returns (they’re hunderds of lines, I’ve removed the duplicates):

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN     
tcp        0      0 78.142.4.100:53         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     
udp        0      0 78.142.4.100:53         0.0.0.0:*                          
udp        0      0 127.0.0.1:53            0.0.0.0:*                          
udp        0      0 127.0.0.53:53           0.0.0.0:*                          

This is what systemctl status bind9 returns:

● named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2023-05-31 01:09:58 EEST; 8min ago
       Docs: man:named(8)
    Process: 1355 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=0/SUCCESS)
   Main PID: 1360 (named)
      Tasks: 82 (limit: 154476)
     Memory: 24.6M
        CPU: 313ms
     CGroup: /system.slice/named.service
             └─1360 /usr/sbin/named -u bind -4

May 31 01:10:01 server1.papi.host named[1360]: network unreachable resolving 'api.snapcraft.io/A/IN': 192.5.5.241#53
May 31 01:10:01 server1.papi.host named[1360]: network unreachable resolving 'api.snapcraft.io/AAAA/IN': 192.5.5.241#53
May 31 01:10:01 server1.papi.host named[1360]: network unreachable resolving 'api.snapcraft.io/A/IN': 192.36.148.17#53
May 31 01:10:01 server1.papi.host named[1360]: network unreachable resolving 'api.snapcraft.io/AAAA/IN': 192.36.148.17#53
May 31 01:10:01 server1.papi.host named[1360]: network unreachable resolving 'api.snapcraft.io/A/IN': 193.0.14.129#53
May 31 01:10:01 server1.papi.host named[1360]: network unreachable resolving 'api.snapcraft.io/AAAA/IN': 193.0.14.129#53
May 31 01:10:02 server1.papi.host named[1360]: listening on IPv4 interface eno1, 78.142.4.100#53
May 31 01:10:04 server1.papi.host named[1360]: resolver priming query complete: success
May 31 01:14:07 server1.papi.host named[1360]: validating whois.nic.host/CNAME: no valid signature found
May 31 01:14:07 server1.papi.host named[1360]: validating whois.nic.host/CNAME: no valid signature found

you have set up your name servers at you registrar ?
currently your services for papi.host are


and not 78.142.4.100

Adding these lines shouldn’t be necessary, as BIND should be correctly set up, assuming you used the Virtualmin install script.
I don’t have these extra lines on my install and it’s working as expected so I suggest to remove those first of all.

Secondly I see that systemd-resolved looks to be running still which might interfere? I’m not sure how Virtualmin handles this these days as I don’t use Ubuntu.
Could you also verify that you have working DNS resolution at all on your box, host cloudflare.com or something?

DNS resolution works when I’m using host cloudflare.com. I’ve disabled systemd-resolved as you suggested and now I no longer see the connection refused errors when I’m doing host papi.host ns1.papi.host:

sudo systemctl disable systemd-resolved.service
sudo service systemd-resolved stop

I hope that was the problem, I’ll wait for the DNS to propagate and see.

Thank you!

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.