Systemctl reload bind9.service fails, workaround available

(most probably not a Virtualmin issue, same behavior from cli)
(see end of message for workaround)

OS type and version
Ubuntu Linux 20.04.4

Webmin version
1.999

Virtualmin version
7.1.1 GPL / Pro

Creating a virtual server (top-level server or sub-domain) fails and stops on:

Re-starting DNS server …
… failed : Restart command failed :
Job for named.service failed.
See “systemctl status named.service” and “journalctl -xe” for details

Same when issuing from cli:

systemctl reload bind9.service
Job for named.service failed.
See “systemctl status named.service” and “journalctl -xe” for details.

service named status
● named.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-08-15 11:11:08 EEST; 1 day 3h ago
Docs: man:named(8)
Process: 184135 ExecReload=/usr/sbin/rndc reload (code=exited, status=1/FAILURE)
Main PID: 19369 (named)
Tasks: 8 (limit: 9214)
Memory: 30.6M
CGroup: /system.slice/named.service
└─19369 /usr/sbin/named -f -u bind

	Aug 16 14:53:36 hostname.mydomain.tld rndc[184135]: WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)
	Aug 16 14:53:36 hostname.mydomain.tld rndc[184135]: rndc: connection to remote host closed
	Aug 16 14:53:36 hostname.mydomain.tld rndc[184135]: This may indicate that
	Aug 16 14:53:36 hostname.mydomain.tld rndc[184135]: * the remote server is using an older version of the command protocol,
	Aug 16 14:53:36 hostname.mydomain.tld rndc[184135]: * this host is not authorized to connect,
	Aug 16 14:53:36 hostname.mydomain.tld rndc[184135]: * the clocks are not synchronized,
	Aug 16 14:53:36 hostname.mydomain.tld rndc[184135]: * the key signing algorithm is incorrect, or
	Aug 16 14:53:36 hostname.mydomain.tld rndc[184135]: * the key is invalid.
	Aug 16 14:53:36 hostname.mydomain.tld systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
	Aug 16 14:53:36 hostname.mydomain.tld systemd[1]: Reload failed for BIND Domain Name Server.

Issuing those commands do not offer a lot of extra details:
– Subject: A reload job for unit named.service has finished
– A reload job for unit named.service has finished.
Aug 15 11:28:45 hostname.mydomain.tld named[26835]: invalid command from 127.0.0.1#54419: failure
Aug 15 11:28:46 hostname.mydomain.tld named[26835]: invalid command from 127.0.0.1#41585: failure
Aug 15 11:28:46 hostname.mydomain.tld named[26835]: invalid command from 127.0.0.1#42667: failure
Aug 15 11:29:14 hostname.mydomain.tld named[26835]: invalid command from 127.0.0.1#43079: failure
Aug 15 11:29:15 hostname.mydomain.tld named[26835]: invalid command from 127.0.0.1#36753: failure
Aug 15 11:29:15 hostname.mydomain.tld named[26835]: invalid command from 127.0.0.1#38725: failure
Aug 15 11:29:16 hostname.mydomain.tld named[26835]: invalid command from 127.0.0.1#33347: failure
Aug 15 11:29:16 hostname.mydomain.tld named[26835]: invalid command from 127.0.0.1#52599: failure
Aug 15 11:29:17 hostname.mydomain.tld named[26835]: invalid command from 127.0.0.1#55183: failure

Workaround:
Webmin > Servers > BIND DNS Server > Module config > Configuration category: System configuration
Change “Command to apply BIND configuration” from “Other command - systemctl reload bind9.service” to radio button “Stop and restart”