Menu
▾
▴
[webmin-l] [PART 8 - VERY FIRST DRAFT] [Virtualmin and Webmin] Teo En Ming's Notes for Setting Up Slave DNS Server
|
From: Turritopsis D. T. En M. <ceo...@gm...> - 2021-10-24 16:06:45
|
Subject: [PART 8 - VERY FIRST DRAFT] [Virtualmin and Webmin] Teo En Ming's Notes for Setting Up Slave DNS Server Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL) Country: Singapore Date: 24 Oct 2021 Sunday Singapore Time Type of Publication: Plain Text Document Version: 20211024.01 WHAT IS WHAT ============= Virtualmin is the MASTER Server. Webmin is the SLAVE Server. DETAILED INSTRUCTIONS ====================== Setting Primary Name Server in Virtualmin Master Server ======================================================== Reference Guide: Name server setting, hostname and DNS Link: https://archive.virtualmin.com/node/22091 Login to Virtualmin. Click System Settings > Server Templates Click on Default Settings template. Edit template section: BIND DNS domain Under Master DNS server hostname, click Hostname. Change from vmi696121.contaboserver.net to ns1.turritopsis-dohrnii-teo-en-ming.com Click Save. Modify System hostname in the Master Server =========================================== Putty/SSH into your Virtualmin server. The existing /etc/hosts is as follows: 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 185.182.9.61 vmi696121.contaboserver.net vmi696121 Modify your /etc/hosts as follows: 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 185.182.9.61 ns1.turritopsis-dohrnii-teo-en-ming.com ns1 Login to Virtualmin. Click on Webmin at the top left. Click Dashboard. Click on System hostname. Change Hostname from vmi696121.contaboserver.net to ns1.turritopsis-dohrnii-teo-en-ming.com Click Save. Reboot the Virtualmin Master Server using Putty. Changing IP address of Name Server 2 at Your Domain Registrar ================================================================= Login to your domain registrar. In my case it is namecheap. Click Domain List on the left menu. Click domain turritopsis-dohrnii-teo-en-ming.com and click Manage. Under NAMESERVERS, change to Namecheap BasicDNS. Click green check mark. Click Advanced DNS. Under PERSONAL DNS SERVER, click Search. Click ns2.turritopsis-dohrnii-teo-en-ming.com and click Delete. Still under PERSONAL DNS SERVER, click ADD NAMESERVER. Nameserver: ns2 IP Address: 185.214.135.104 Click Done. Click Search again to ensure both ns1 and ns2 entries show up. Click the Domain tab at the top. Under NAMESERVERS, change to Custom DNS. Nameserver 1: ns1.turritopsis-dohrnii-teo-en-ming.com Nameserver 2: ns2.turritopsis-dohrnii-teo-en-ming.com Click the green check mark. Sign out of namecheap. Changing IP address of Name Server 2 in Virtualmin Master Server ================================================================ Login to Virtualmin. Click Webmin at the top left. Click Servers > BIND DNS Server Click the zone turritopsis-dohrnii-teo-en-ming.com Click Address button. Click ns2.turritopsis-dohrnii-teo-en-ming.com. Change Address to 185.214.135.104 Click Save. Click Return to record types. Click Apply Configuration. Setting Up the Slave DNS Server ================================ Putty/SSH into your Slave DNS Server. Change your root password. # passwd Download Webmin on the Slave Server. # wget https://prdownloads.sourceforge.net/webadmin/webmin-1.981-1.noarch.rpm ERROR ====== --2021-10-24 15:46:47-- https://prdownloads.sourceforge.net/webadmin/webmin-1.981-1.noarch.rpm Resolving prdownloads.sourceforge.net (prdownloads.sourceforge.net)... 204.68.111.105 Connecting to prdownloads.sourceforge.net (prdownloads.sourceforge.net)|204.68.111.105|:443... connected. ERROR: cannot verify prdownloads.sourceforge.net's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’: Issued certificate has expired. To connect to prdownloads.sourceforge.net insecurely, use `--no-check-certificate'. Solution to above error ======================= # yum install ca-certificates Download Webmin again. # wget https://prdownloads.sourceforge.net/webadmin/webmin-1.981-1.noarch.rpm Install Webmin on the Slave Server. # rpm -ivh webmin-1.981-1.noarch.rpm ERROR ===== warning: webmin-1.981-1.noarch.rpm: Header V4 DSA/SHA1 Signature, key ID 11f63c51: NOKEY error: Failed dependencies: perl(Net::SSLeay) is needed by webmin-1.981-1.noarch perl(Encode::Detect) is needed by webmin-1.981-1.noarch perl(Data::Dumper) is needed by webmin-1.981-1.noarch unzip is needed by webmin-1.981-1.noarch Solution to above error ======================== # yum install perl-Net-SSLeay # yum install perl-Encode-Detect # yum install perl-Data-Dumper # yum install unzip Install Webmin on the Slave Server again. # rpm -ivh webmin-1.981-1.noarch.rpm warning: webmin-1.981-1.noarch.rpm: Header V4 DSA/SHA1 Signature, key ID 11f63c51: NOKEY Preparing... ################################# [100%] Operating system is CentOS Linux Updating / installing... 1:webmin-1.981-1 ################################# [100%] Webmin install complete. You can now login to https://vmi701385.contaboserver.net:10000/ as root with your root password. Login to your Webmin Slave Server at https://185.214.135.104:10000 Dashboard > System Information =============================== System hostname: vmi701385.contaboserver.net (185.214.135.104) Operating system: CentOS Linux 7.9.2009 Webmin version: 1.981 Authentic theme version: 19.83-2 Time on system: Sunday, October 24, 2021 3:57 PM Kernel and CPU: Linux 3.10.0-1160.el7.x86_64 on x86_64 Processor information: Intel(R) Xeon(R) CPU E5-2630 v4 @ 2.20GHz, 4 cores System uptime: 47 minutes Running processes: 95 CPU load averages: 0.01 (1 min) 0.06 (5 mins) 0.05 (15 mins) Real memory: 421.51 MiB used / 563.47 MiB cached / 7.63 GiB total Local disk space: 11.96 GiB used / 184.74 GiB free / 196.71 GiB total Package updates: 96 package updates are available Install Firewalld on the Slave Server ===================================== Firewalld is already pre-installed. No need to install it again. # systemctl enable firewalld # systemctl start firewalld # systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2021-10-24 16:06:44 CEST; 19s ago Docs: man:firewalld(1) Main PID: 9533 (firewalld) CGroup: /system.slice/firewalld.service └─9533 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid Oct 24 16:06:44 vmi701385.contaboserver.net systemd[1]: Starting firewalld - dynamic firewall daemon... Oct 24 16:06:44 vmi701385.contaboserver.net systemd[1]: Started firewalld - dynamic firewall daemon. Oct 24 16:06:44 vmi701385.contaboserver.net firewalld[9533]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It w... it now. Hint: Some lines were ellipsized, use -l to show in full. Checking if Firewalld is running ================================= # firewall-cmd --state running Checking for default zone ========================= # firewall-cmd --get-default-zone public Checking for active zone ======================== # firewall-cmd --get-active-zones public interfaces: eth0 List all services of the active zone ==================================== # firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: Restart Firewalld ================= # firewall-cmd --reload success Opening Firewall Port 10000 for the Webmin Slave Server ======================================================= # firewall-cmd --zone=public --add-port=10000/tcp success Login to your Webmin Slave Server at https://185.214.135.104:10000 again Click Networking > FirewallD Click Add allowed port Allowed in zone: public Under Port to allow, click Single port and enter 10000 Network protocol: TCP Click Create Install BIND on the Slave Server ================================ # yum install bind bind-config # systemctl enable named # systemctl start named # systemctl status named ● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2021-10-24 16:27:59 CEST; 9s ago Process: 11361 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS) Process: 11358 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Main PID: 11364 (named) CGroup: /system.slice/named.service └─11364 /usr/sbin/named -u named -c /etc/named.conf Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53 Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './NS/IN': 2001:7fd::1#53 Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53 Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './NS/IN': 2001:dc3::35#53 Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53 Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53 Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53 Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53 Oct 24 16:27:59 vmi701385.contaboserver.net named[11364]: resolver priming query complete Oct 24 16:28:00 vmi701385.contaboserver.net named[11364]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted Reference Guide: Menu item in Webmin > Servers missing for "BIND DNS Server". Link: https://archive.virtualmin.com/node/59786 Go to Webmin on your Slave server. Click Refresh Modules on the left menu. You should now see BIND DNS Server under Servers. Open Additional Firewall Ports on the Slave Server =================================================== Login to Webmin. Click Networking > FirewallD Click Add allowed port Allowed in zone: public Under Port to allow, click Single port and enter 53 Network protocol: UDP Click Create Click Add allowed port Allowed in zone: public Under Port to allow, click Single port and enter 53 Network protocol: TCP Click Create Click Add allowed port Allowed in zone: public Under Port to allow, click Port range and enter 10001-10010 Network protocol: TCP Click Create Apply rules to interfaces: Click eth0 Click Save Click Apply Configuration Activate at boot: Yes # firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client ssh ports: 10000/tcp 53/udp 53/tcp 10001-10010/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: Configuring the Virtualmin Master Server ========================================= Login to Virtualmin. Click Webmin at the top left. Click Webmin > Webmin Servers Index Click Register a new server Hostname or IP address: ns2.turritopsis-dohrnii-teo-en-ming.com Server type: CentOS Linux SSL server? Yes Under Link type, click Login via Webmin with username: root password: <removed> Make fast RPC calls? Yes Click Save There should now be an icon representing the server you created in the Webmin Servers page. Enabling Cluster Slave Servers on the Master Server =================================================== On the Master Server, login to Virtualmin. Click Webmin on the top left. Click Servers > BIND DNS Server Click the Cluster Slave Servers button Add server: ns2.turritopsis-dohrnii-teo-en-ming.com Create secondary on slave when creating locally? Yes Create all existing master zones on slave? Yes Name for NS record: ns2.turritopsis-dohrnii-teo-en-ming.com Click Add Now Add Servers =========== Adding ns2.turritopsis-dohrnii-teo-en-ming.com .. Added ns2.turritopsis-dohrnii-teo-en-ming.com, with 0 existing zones. Setup ns2.turritopsis-dohrnii-teo-en-ming.com with 1 new slave zones, but encountered 5 errors : ns2.turritopsis-dohrnii-teo-en-ming.com : This zone already exists Setting the Master IP Address on the Master Server ==================================================== Go to your Master Server. Click Servers > BIND DNS Server Click Module config Configuration category: Zone file options Default master server(s) for slave zones: 185.182.9.61 Click Save Reference Guide: DNS Slave Auto-configuration Link: https://www.virtualmin.com/slave-configuration/ Refernce Guide: Name server setting, hostname and DNS Link: https://archive.virtualmin.com/node/22091 Reference Guide: How To Setup DNS Slave Auto Configuration Using Virtualmin/Webmin on Ubuntu Link: https://www.digitalocean.com/community/tutorials/how-to-setup-dns-slave-auto-configuration-using-virtualmin-webmin-on-ubuntu Problem: BIND DNS Server is not listening on the Slave Server ============================================================= Edit /etc/named.conf # nano /etc/named.conf Find the "options {" section. Replace the following lines: listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; with the lines below: listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; # systemctl restart named Run the following port scanning command on your Windows laptop =============================================================== C:\PortQryV2>portqry -n ns2.turritopsis-dohrnii-teo-en-ming.com -e 53 -p both Querying target system called: ns2.turritopsis-dohrnii-teo-en-ming.com Attempting to resolve name to IP address... Name resolved to 185.214.135.104 querying... TCP port 53 (domain service): LISTENING UDP port 53 (domain service): LISTENING Problem: BIND DNS Server on the Slave Server is Not Allowing Queries ===================================================================== Edit /etc/named.conf # nano /etc/named.conf Find the line that says allow-query { localhost; }; And replace it with allow-query { any; }; # systemctl restart named Reference Guide: Bind9 denied query Link: https://unix.stackexchange.com/questions/283276/bind9-denied-query Conclusion ========== Webmin Slave DNS Server is setup successfully. Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 24 Oct 2021, is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant with a Systems Integrator (SI)/computer firm in Singapore. He is an IT enthusiast. -----BEGIN EMAIL SIGNATURE----- The Gospel for all Targeted Individuals (TIs): [The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S. Embassy Workers Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html ******************************************************************************************** Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): [1] https://tdtemcerts.wordpress.com/ [2] https://tdtemcerts.blogspot.sg/ [3] https://www.scribd.com/user/270125049/Teo-En-Ming -----END EMAIL SIGNATURE----- |
