Changes or new virtual hosts made in Virtualmin did not seem to affect the Bind module, so I have taken the Bind 9.2 version (through rpm), and I have reinstalled Bind through Webmin (now version 8 instead of 9).

The situation was:

  • Bind 9 was installed;
  • Webmin created an interface for Bind 8 by default

If have now uninstalled the standard Webmin Bind 8 module, and I have installed a third party module: BIND 9 dynamic DNS server.

So, both a real Bind module (in my case: bind-9.2.3-13) and a Webmin Bind module are required, it seems.

It seems, however, that a few old files were still in place (especially /etc/named.conf). Upon deletion, Webmin cannot properly recreate this file for Bind9 (or so I believe).

Strategy for installing Bind8 under Webmin

Delete each and every file pertaining to whatever Bind version you may have had. Install the original Webmin Bind8 module. Install the actual Bind8 module from the source (

make all
make install

Now, go to Webmin and choose Module Config. Adjust the paths, and do whatever Webmin wants you to do. Also, choose NO for Is named.conf under chroot directory? if you want an easy installation.

Webmin can now without any trouble at all create the /etc/named.conf file.

If have made a few changes to the Webmin configuration of Bind, under:

Bind DNS Server > Module Config > System Configuration

/usr/sbin/named start changed to /usr/sbin/ndc start


/usr/sbin/named stop to /usr/sbin/ndc stop

Bind and firewall

To get Bind to work through the firewall, some sources of documentation recommended including the following line under options, in named.conf:

query-source address * port 53; 

This can also be achieved through Webmin:

Bind > Addresses and Topology > Source port for queries

Unfortunately, that does not seem to work for my situation, as the command host will not run (without opening the firewall).

Instead, I have used the defaults, in combination with the following firewall rules. Here, port 53 is relevant (the standard DNS port), as well as the higher, unprivileged ports:

# Generated by iptables-save v1.2.9 on Thu Dec 16 10:56:02 2004
:INPUT DROP [3:234]
:OUTPUT ACCEPT [448:98404]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 23 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 20000 -j ACCEPT 
-A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT 
-A INPUT -p udp -m udp --dport 53 -j ACCEPT 
# Completed on Thu Dec 16 10:56:02 2004
# Generated by iptables-save v1.2.9 on Thu Dec 16 10:56:02 2004
:INPUT ACCEPT [400:35584]
:OUTPUT ACCEPT [448:98404]
# Completed on Thu Dec 16 10:56:02 2004
# Generated by iptables-save v1.2.9 on Thu Dec 16 10:56:02 2004
# Completed on Thu Dec 16 10:56:02 2004

Testing Bind

Once you've setup a domain (master zone, containing A-, MX and optionally CNAME records), you should test your Bind configuration using the host command:

[root@1038 sbin]# host
Using domain server has address mail is handled (pri=5) by

The first argument is the domain name which you would like to look up. The 2nd argument specifies the name server you would like to query, which is in our case our ip address - where our DNS server resides.

This is something you can do from the “inside” of your Linux box, using a remote shell connection (e.g. you could use the Putty terminal). If your firewall settings are too strict, then this lookup will fail.

Once you are convinced that your DNS settings are correct, you should check if your DNS server can be reached from the outside. Again, your firewall settings could be too strict. So, let's use a Windows (XP) prompt to do this. First, flush your current DNS cache:

C:\>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

Now, use nslookup:

*** Can't find server name for address Non-existent domain
Server:  UnKnown

As you can see, the command nslookup works pretty much in the same way as the host command (for simple tasks at least).

Testing Bind 2, 20051102

How do you really know Bind is up and running when you have no entries yet?

  1. Tell Bind to forward queries to another domain name server which you know to be working. How? See below, under “Global forwarding and zone transfer options”.
  2. Now, from some computer other than your server, look up a domain name, using your Bind version. In the following example, our Bind version is on ip
Non-authoritative answer:

3. This essentially tells you that Bind is up and running. But to make this really convincing, shut down Bind. Use Webmin's “Virtualmin Virtual” Servers section and click the “Stop Bind” button. Now repeat the test:

*** Can't find server name for address No response from server
Server:  UnKnown
*** UnKnown can't find No response from server

So now you know for certain that Bind really was running. Go to Webmin and turn it back on.

20050208 Global forwarding and zone transfer options

I have made a change in the configuration to allow for dns hostname lookups (I hope). In Webmin > Servers > Bind > Forwarding and Transfers:

Servers to forward queries to:
Lookup directly if no response from forwarder: Yes

The IP-address is the second domain nameserver.

I hope this will resolve a Webalizer issue which prevents the proper display of countries and domain names. See Webalizer FAQ, item # 7.

20051102 No it does not

- solve the Webalizer issue. See the newly added section Webalizer.

20051115 Bind no longer recognized by Webmin since Webmin upgrade

Ever since I have upgraded Webmin to a newer version, it will no longer start Bind:

Failed to start BIND : ndc: error: name server already running? (pid 3682)

This is not really an issue, since I don't actually use my own nameserver - so I don't even need Webmin to manage Bind.

How to use linux/unix nslookup

Nslookup is a powerfull tool, but difficult to grasp at first. So we have included an example session. What you can learn from this example is:

  • just type in a domain name to get it looked up
  • use the server command to specify which particular nameserver should be used
  • use the command exit to, well, exit
% nslookup
Default Server:
> set type=NS
Non-authoritative answer: nameserver = NOC.ZOO.EDU nameserver = NI.ZOO.EDU nameserver = NAMESERVER.AGENCY.GOV
Authoritative answers can be found from:
NOC.ZOO.EDU     inet address =
NI.ZOO.EDU      inet address =
> server NOC.ZOO.EDU
Default Server:  NOC.ZOO.EDU
> set
> set type=any
> tiger
Server:  NOC.ZOO.EDU
Address:   inet address =   preference = 10, mail exchanger = tiger.ZOO.EDU   CPU=ALPHA OS=UNIX   inet address =, protocol = 6
         7 21 23 25 79
tiger.ZOO.EDU   inet address =
> exit

Personal Tools