Problems with DNS in latest 7.40.0 version

Evcro · September 10, 2025, 7:22am

Hello,

im in the process of moving 10’s of vps

all new vps are the same, Debian 12

past 5 days i moved 14 VPS’s without any problems. install Virtualmin, change DNS at registar, add domains, with no issues.

everything worked perfect out of the box. Virtualmin versions were 7.39 5,8, etc

suddenly yesterday with 7.40 things stopped working, updating DNS at registrar does nothing, 172.0.0.53 goes timeout on host command, etc

as a side note 7.40.0

doesnt even ask how much GB to allocate to MariaDB anymore
installation on VPS takes 3x more time than previous (same type VPS same specs for 10’s of them)

anyone noticing problems with DNS working correctly in 7.40.0 ?

and the problem is not at the registrar, for the last VPS i switched back DNS to old server and it worked instantly, for the new 7.40.0 VPS i let the DNS update for 1 day to no success, the IP didnt even register, then switched back to old vps

i can access the interface at :10000 with no issues, everything seems fine and the same like 7.39.X but it simply doesnt work

Evcro · September 10, 2025, 9:21am

problem is probably from this issue

BIND DNS server is installed, however, the default primary DNS server vps-21275577.vps.ovh.net resolves to IP address 127.0.1.1 which does not resolve to an IP address of a network interface on this system.

jimr1 · September 10, 2025, 10:52am

You have not referenced the issue just pasted some text from it, it’s always a good idea to reference the complete thread

Ilia · September 10, 2025, 11:47am

This is expected, as we removed it from the wizard.

This has nothing to do with Virtualmin 7.40.0.

What exactly is the error you see? And, do you use a local DNS server or cloud DNS services?

Evcro · September 10, 2025, 5:15pm

i managed to solve it on Debian 11 (probably works on 12 too) with Virtualmin 7.40

/etc/bind/named.conf.options

has something extra that shouldnt be there, deleted it and it works now

options {
directory “/var/cache/bind”;

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable 
// nameservers, you probably want to use them as forwarders.  
// Uncomment the following block, and insert the addresses replacing 
// the all-0's placeholder.

// forwarders {
// 	0.0.0.0;
// };

//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys.  See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;

listen-on-v6 {
	any;
	};

};

there was something after
listen-on-v6 {
any;
};

that i deleted, forgot what haha, now it works, i can add domains , gets SSL’s, domains are visible on internet, etc

i deleted because i was comparing with another same file on a virtualmin 7.30.0 that worked without problems on a different VPS, the file that works is the one above

Ilia · September 10, 2025, 5:44pm

So, it wasn’t a Virtualmin 7.40.0 bug after all? What exactly did you delete?

shoulders · September 10, 2025, 6:08pm

A tls cert declaration?

Evcro · September 11, 2025, 1:39pm

i installed a new VPS today on Debian 12, out of the box it didnt work

it is a 7.40 bug probably as 7.30 on same VPS works ok out of the box

here is the fix

remove from

named.conf

tls vps-d3500ee9_vps_ovh_net {
key-file “/var/cache/bind/vps-d3500ee9_vps_ovh_net.key”;
cert-file “/var/cache/bind/vps-d3500ee9_vps_ovh_net.cert”;
ca-file “/var/cache/bind/vps-d3500ee9_vps_ovh_net.ca”;
};

named.conf.options

listen-on port 853 tls vps-d3500ee9_vps_ovh_net {
any;
};
listen-on-v6 port 853 tls vps-d3500ee9_vps_ovh_net {
any;
};

restart bind and it works

basically remove everything after first 3 lines in named.conf

remove everything after listen-on-v6 { any; }; in named.conf.options

jareartjgo · September 11, 2025, 6:20pm

not working at all. hmmm cant we just get back the old version before the latest 7.40.0

Ilia · September 12, 2025, 2:00pm

@Jamie, any idea what these are? It doesn’t look like something we’d add. I mean, know you added DoT support, but we don’t add ca-file by default, right?

@Evcro Are you sure those aren’t exist before Virtualmin installation? Are you sure that BIND isn’t already pre-installed?

Evcro · September 12, 2025, 2:32pm

it’s the provider’s default Debian 12 install, pretty basic

VPS installed between September 1 and 8 , from same provider, worked ok with Virtualmin 7.30.8

When 7.40 went live then the problems started

I doubt provider changed their Debian 12 distribution on same day

When i install th enext VPS i will check if Bind exists before i install Virtualmin

Ilia · September 12, 2025, 2:36pm

Can you please double-check that to be sure?

Jamie · September 12, 2025, 6:42pm

We do add those lines if a domain’s SSL cert is copied to BIND for use with DNS-over-TLS. Are they causing issues though?

Ilia · September 12, 2025, 6:44pm

Will those lines be cleared if a domain is created, attempts to request SSL, fails, and is deleted all in a single call?

Jamie · September 12, 2025, 10:51pm

They should be … but why would the domain be created and deleted in a single call?

Ilia · September 12, 2025, 10:53pm

Because we request an SSL certificate for the hostname, and if the request fails, we delete the domain immediately.

Jamie · September 12, 2025, 11:48pm

Oh, this is during initial setup?

So in this case, was the issue that the lines referred to a cert that didn’t exist?

Ilia · September 12, 2025, 11:50pm

Yes, presumably! OP wasn’t very clear about it.

I’m not certain yet, as I couldn’t repro this.

Jamie · September 13, 2025, 1:39am

Ok let me take a look into this..

Ilia · September 13, 2025, 1:50am

Thanks, Jamie!