Changes or new virtual hosts made in Virtualmin did not seem to affect the Bind module, so I have taken the Bind 9.2 version (through rpm), and I have reinstalled Bind through Webmin (now version 8 instead of 9).

The situation was:

• Bind 9 was installed;
• Webmin created an interface for Bind 8 by default

If have now uninstalled the standard Webmin Bind 8 module, and I have installed a third party module: BIND 9 dynamic DNS server.

So, both a real Bind module (in my case: bind-9.2.3-13) and a Webmin Bind module are required, it seems.

It seems, however, that a few old files were still in place (especially /etc/named.conf). Upon deletion, Webmin cannot properly recreate this file for Bind9 (or so I believe).

Strategy for installing Bind8 under Webmin

Delete each and every file pertaining to whatever Bind version you may have had. Install the original Webmin Bind8 module. Install the actual Bind8 module from the source (http://www.isc.org/):

make all
make install

Now, go to Webmin and choose Module Config. Adjust the paths, and do whatever Webmin wants you to do. Also, choose NO for Is named.conf under chroot directory? if you want an easy installation.

Webmin can now without any trouble at all create the /etc/named.conf file.

If have made a few changes to the Webmin configuration of Bind, under:

Bind DNS Server > Module Config > System Configuration

/usr/sbin/named start changed to /usr/sbin/ndc start

and

/usr/sbin/named stop to /usr/sbin/ndc stop

To get Bind to work through the firewall, some sources of documentation recommended including the following line under options, in named.conf:

query-source address * port 53; 

This can also be achieved through Webmin:

Bind > Addresses and Topology > Source port for queries

Unfortunately, that does not seem to work for my situation, as the command host will not run (without opening the firewall).

Instead, I have used the defaults, in combination with the following firewall rules. Here, port 53 is relevant (the standard DNS port), as well as the higher, unprivileged ports:

# Generated by iptables-save v1.2.9 on Thu Dec 16 10:56:02 2004
*filter
:INPUT DROP [3:234]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [448:98404]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 23 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT 
-A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT 
-A INPUT -p udp -m udp --dport 53 -j ACCEPT 
COMMIT
# Completed on Thu Dec 16 10:56:02 2004
# Generated by iptables-save v1.2.9 on Thu Dec 16 10:56:02 2004
*mangle
:PREROUTING ACCEPT [401:35825]
:INPUT ACCEPT [400:35584]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [448:98404]
:POSTROUTING ACCEPT [448:98404]
COMMIT
# Completed on Thu Dec 16 10:56:02 2004
# Generated by iptables-save v1.2.9 on Thu Dec 16 10:56:02 2004
*nat
:PREROUTING ACCEPT [7:707]
:POSTROUTING ACCEPT [2:213]
:OUTPUT ACCEPT [2:213]
COMMIT
# Completed on Thu Dec 16 10:56:02 2004

Once you've setup a domain (master zone, containing A-, MX and optionally CNAME records), you should test your Bind configuration using the host command:

[root@1038 sbin]# host campinglachassagne.fr 213.193.214.124
Using domain server 213.193.214.124:
 
campinglachassagne.fr has address 213.193.214.124
campinglachassagne.fr mail is handled (pri=5) by mail.campinglachassagne.fr

The first argument is the domain name which you would like to look up. The 2nd argument specifies the name server you would like to query, which is in our case our ip address - where our DNS server resides.

This is something you can do from the “inside” of your Linux box, using a remote shell connection (e.g. you could use the Putty terminal). If your firewall settings are too strict, then this lookup will fail.

Once you are convinced that your DNS settings are correct, you should check if your DNS server can be reached from the outside. Again, your firewall settings could be too strict. So, let's use a Windows (XP) prompt to do this. First, flush your current DNS cache:

C:\>ipconfig /flushdns
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.

Now, use nslookup:

C:\>nslookup campinglachassagne.fr 213.193.214.124
*** Can't find server name for address 213.193.214.124: Non-existent domain
Server:  UnKnown
Address:  213.193.214.124
 
Name:    campinglachassagne.fr
Address:  213.193.214.124

As you can see, the command nslookup works pretty much in the same way as the host command (for simple tasks at least).

How do you really know Bind is up and running when you have no entries yet?

1. Tell Bind to forward queries to another domain name server which you know to be working. How? See below, under “Global forwarding and zone transfer options”.
2. Now, from some computer other than your server, look up a domain name, using your Bind version. In the following example, our Bind version is on ip 213.193.214.124:

C:\>nslookup trixan.nl 213.193.214.124
Server:  unassigned.flexservers.com
Address:  213.193.214.124
 
Non-authoritative answer:
Name:    trixan.nl
Address:  195.130.154.44

3. This essentially tells you that Bind is up and running. But to make this really convincing, shut down Bind. Use Webmin's “Virtualmin Virtual” Servers section and click the “Stop Bind” button. Now repeat the test:

C:\>nslookup trixan.nl 213.193.214.124
*** Can't find server name for address 213.193.214.124: No response from server
Server:  UnKnown
Address:  213.193.214.124
 
*** UnKnown can't find trixan.nl: No response from server
 
C:\>

So now you know for certain that Bind really was running. Go to Webmin and turn it back on.

I have made a change in the configuration to allow for dns hostname lookups (I hope). In Webmin > Servers > Bind > Forwarding and Transfers:

Servers to forward queries to: 213.239.177.5
Lookup directly if no response from forwarder: Yes

The IP-address is the Flexservers.com second domain nameserver.

I hope this will resolve a Webalizer issue which prevents the proper display of countries and domain names. See Webalizer FAQ, item # 7.

- solve the Webalizer issue. See the newly added section Webalizer.

Ever since I have upgraded Webmin to a newer version, it will no longer start Bind:

Failed to start BIND : ndc: error: name server already running? (pid 3682)

This is not really an issue, since I don't actually use my own nameserver - so I don't even need Webmin to manage Bind.

Nslookup is a powerfull tool, but difficult to grasp at first. So we have included an example session. What you can learn from this example is:

• just type in a domain name to get it looked up
• use the server command to specify which particular nameserver should be used
• use the command exit to, well, exit

% nslookup
Default Server:  peanut.nuts.com
Address:  172.16.12.2
 
> set type=NS
> zoo.edu
Server:  peanut.nuts.com
Address:  172.16.12.2
 
Non-authoritative answer:
zoo.edu nameserver = NOC.ZOO.EDU
zoo.edu nameserver = NI.ZOO.EDU
zoo.edu nameserver = NAMESERVER.AGENCY.GOV
Authoritative answers can be found from:
NOC.ZOO.EDU     inet address = 172.28.2.200
NI.ZOO.EDU      inet address = 172.28.2.240
NAMESERVER.AGENCY.GOV inet address = 172.21.18.31
> server NOC.ZOO.EDU
Default Server:  NOC.ZOO.EDU
Address:  172.28.2.200
 
> set domain=zoo.edu
> set type=any
> tiger
Server:  NOC.ZOO.EDU
Address:  172.28.2.200
 
tiger.zoo.edu   inet address = 172.28.172.8
tiger.zoo.edu   preference = 10, mail exchanger = tiger.ZOO.EDU
tiger.zoo.edu   CPU=ALPHA OS=UNIX
tiger.zoo.edu   inet address = 172.28.172.8, protocol = 6
         7 21 23 25 79
tiger.ZOO.EDU   inet address = 172.28.172.8
> exit