(Fictitious names and numbers) At OVH I have hired a dedicated server with IP 123.45.67.890, and with Virtualmin I have created 3 virtual servers and installed Lets’Encrypt on each one:
test.mydom.com
ceco.mydom.com
cont.mydom.com
In another domain provider I have created mydom.com and three subdomains also with their SSL certificates:
test.mydom.com
ceco.mydom.com
cont.mydom.com
To each subdomain I have added DNS records pointing to the OVH server:
test.mydom.com. To 123.45.67.890
test.mydom.com. AAAA 1501:41d0:309:2ad4::
ceco.mydom.com. To 123.45.67.890
ceco.mydom.com. AAAA 1501:41d0:309:2ad4::
cont.mydom.com. To 123.45.67.890
cont.mydom.com. AAAA 1501:41d0:309:2ad4::
The access to https://test.mydom.com is correct and continuous, however the other two servers sometimes connect and sometimes not, I get “Server Error 404 Page Not Found”.
I have tested on 6 different PCs, located in different locations and with Chrome, Firefox, Edge and Internet Explorer. The results are the same every time. The attempts are made at different times of the day.
In Webmin I have tested with “BIND DNS Server” → “Check BIND Config” and the result is “No errors were found in the BIND configuration file /etc/named.conf or referenced zone files.”
It could be a DNS issue. On those occasions when DNS resolves correctly, you get to see your website but on those occasions when DNS does not resolve correctly, you get to see a 404 from some other server. This is due to DNS propagation delay.
There was a recent discussion about it in the forum. You will find it if you scroll up a bit.
It could also be that the NS records or delegation is wrong and pointing to multiple servers and one or more of them have outdated/incorrect information. Delegation is usually pretty darned fast these days, except for a handful of crappy ISPs who cache more aggressively and for longer than is reasonable.
If you’re hosting your DNS at your registrar (I guess that’s what I’m seeing in your other screenshot), you don’t need to have DNS enabled in Virtualmin. I mean, that’s (mostly) harmless and isn’t causing your problem, but it doesn’t do anything if you haven’t delegated the zone to the Virtualmin server and some secondary server configured as a slave. Virtualmin is not managing your DNS. Nobody in the world is asking your Virtualmin server for DNS records for this zone because you haven’t delegated authority for it.
And, I see two A records for ce.oclockdt.com. The one you’ve highlighted and one four lines above it. Seems to me we have our answer. This is exactly the behavior we’d expect if you were telling the world the website with this name is served by either of two IP addresses, but one of them is not actually serving your app or site.
So, fix your DNS records at your registrar. If you don’t have a website at 185.23.117.18, stop sending people there.
Right now, you are hosting your DNS at your registrar (it has not been delegated to the Virtualmin server, and simply deleting everything at your registrar would not delegate it to Virtualmin, so that would be a nonsensical thing to do).
It is fine to host your DNS at your registrar. And it is fine to host it on your Virtualmin server (and a secondary server with Webmin+BIND that is configured as a slave for your zones, since you really need two; we have docs for that).
But, in either case, you need to understand who is authoritative for your zones and you need to understand how A records (and all the other common record types) work. Virtualmin can only paper over so much, here, there are basic concepts you need to grasp to be able to provide services on the internet. DNS is one of those core concepts.
Right now, the authoritative servers for your zones are operated by your registrar. Again, this is fine. But, it means the DNS configuration in Virtualmin isn’t doing anything; it can’t do anything, as it never sees requests to resolve names in your zones, because you have not delegated authority to your server(s). In these cases, there’s no reason to use the DNS feature in Virtualmin, but it’s harmless to leave it. It’s not harmless to believe it is doing something, though! Anything you do in the Virtualmin-managed DNS records is irrelevant, as long as your registrar’s DNS is authoritative for your zones.
Just delete the one extraneous A record that I mentioned.
