A great tutorial to create your own business proprietary nameserver.
ii. Server/vps 2 = Another Slave DNS Server in cluster, for your secondary nameserver setup (Webmin only).
(ns2.nameserverdomain.com) (example IP 10.56.89.122)
(Example Location: USA)
iv. Server 4 = A Reseller Hosting Server, for sell/resell hosting service to customers (by Virtualmin).
(host1.examplehostingserver.com) (example IP 10.211.79.104)
The Scenario:
For the purpose of this tutorial, I will be using four nodes/server acting as the following.
i. Server/cloud-vps 1 = A Slave DNS Server in cluster, for your primary nameserver setup (Webmin only).
(ns1.nameserverdomain.com) (example IP 10.47.23.111)
(Example Location: German)
(Example Location: German)
ii. Server/vps 2 = Another Slave DNS Server in cluster, for your secondary nameserver setup (Webmin only).
(ns2.nameserverdomain.com) (example IP 10.56.89.122)
(Example Location: USA)
iii. Server 3 = A Hosting Server (by Virtualmin), as the host for nameserver naked domain as the main business domain.
(mail.nameserverdomain.com) (example IP 10.182.29.233)
iv. Server 4 = A Reseller Hosting Server, for sell/resell hosting service to customers (by Virtualmin).
(host1.examplehostingserver.com) (example IP 10.211.79.104)
I took the cloud servers from 1&1 IONOS and Contabo for this tutorial. All servers OS is Debian 11.
Before start, setup your Glue records (Child nameserver) from your domain provider's control panel. And point the nameserver domain to your own nameservers.
If you got any DNS propagation problem, disable DNSSEC record in your current registrar dns settings panel. Then flush DNS cache for DS record and NS record.
https://dns.google/cache
Let's Get Started
Step 1) Server-1 initial setup for ns1.nameserverdomain.com
Setup rDNS/PTR record first, find the reverse-dns setting in your server provider's control panel, or contact your server provider to setup your reverse dns. Correct rDNS setting term is like ip-address = hostname (example: 10.47.23.111 = ns1.nameserverdomain.com)
Open firewall ports .. (external firewall, if any)
22=ssh (should be disabled after all configuration done)
53(udp)=dns (must for own nameserver)
53(tcp)=dns (for zone transfers between master & slave)
443=http(s)
465=ssl
587=starttls
2222=sftp
10000=default-Webmin (restrict to allow for your personal computer IP, and from/to your all other 3 own servers only)
10001-10100=dns rpc calls
10001-10100=dns rpc calls
Use Putty to start entering command
enable_ipv6 (if available)
ip -6 addr show
i. (optional) public dns setup
nano /etc/resolvconf/resolv.conf.d/head
Enter the public DNS(s) in the file
nameserver 8.8.8.8
nameserver 1.1.1.1
nameserver 2001:4860:4860::8888
nameserver 2606:4700:4700::1111
Save the file
If the file not found error appear, it's ok, ignore and proceed to next step.
Edit the systemd resolver file
nano /etc/systemd/resolved.conf
Un-comment DNS line, and enter the DNS servers as the following:
DNS=8.8.8.8 1.1.1.1 2001:4860:4860::8888 2606:4700:4700::1111
Save and exit the file
Enable the resolver on Startup
systemctl enable systemd-resolved.service
Check the dns resolver works ! or it will work after a system restart
systemd-resolve --status | grep "DNS Servers"
ii. Set the hostname
If your server has cloud-init enabled and hostname auto-reset in bootup, then do not edit the /etc/hosts file instead edit the /etc/cloud/templates/hosts.debian.tmpl file
nano /etc/cloud/templates/hosts.debian.tmpl
Or else, edit the hosts file
nano /etc/hosts
Make hosts entry look like this:
127.0.0.1 localhost
10.47.23.111 ns1.nameserverdomain.com ns1
# The following lines are desirable for IPv6 capable hosts
#::1 localhost ip6-localhost ip6-loopback
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
Save the hosts file
echo ns1.nameserverdomain.com > /etc/hostname
reboot
iii. Install Webmin for Server-1
apt install wget
The standard version you can install by the following commands
curl -o setup-repos.sh https://raw.githubusercontent.com/webmin/webmin/master/setup-repos.sh
sh setup-repos.sh
press y and enter, then wait..
apt-get -y install webmin --install-recommends
reboot
From now, you can access the Webmin in Firefox/Chrome
https://10.47.23.111:10000
Accept the security prompt, and proceed to Webmin login
iv. (Optional) You may configure internal firewall if needed
Using the default FirewallD: (use PuTTy must ! to stay in established/connected session)
apt-get remove --auto-remove nftables
sudo ufw disable
apt-get install firewalld
Within the default FirewallD program, you may use the rich rule;
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.56.89.122" port protocol="tcp" port="10000" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv6" source address="2001:db8:3333:4444:5555:6666:7777:8888" port protocol="tcp" port="10000" accept'
Internal Firewall: (FirewallD)
Recommended incoming: 22(temporarily),53,443,465,587,2222,10000(restricted),10001,10002,10010,10100
Recommended outgoing: 20,21,22,25,53,80,110,123,143,443,465,587,993,995,2222,10000,10001,10002,10010,10100,11000,20000
Webmin > Un-used Modules > Fail2Ban Intrusion Detector
Click Install Now
nano /etc/fail2ban/jail.conf
Find the line ignoreip = and add the whitelisted IPs
ignoreip = 10.56.89.122 10.182.29.233 ::1
Find the line enabled =
enabled = true
v. Configure DNS Tools
Webmin > Un-used Modules > BIND DNS Server
Click Install Now
Install dig in command line:
apt-get install dnsutils axfrdns
Back to Webmin > System > Bootup and Shutdown
Choose/select the service name axfrdns and scroll below and click Start On Boot
vi. Set master IP and Allow queries to World
Go to Webmin > Servers > BIND DNS Server
Under the Global Server Options section click on the module Zone Defaults
Keep all default and only put in the Allow queries from.. field = 0.0.0.0/0
Save it
Back to Webmin > Servers > BIND DNS Server
From this BIND DNS Server module page, click on Module Config (upper-left gear icon)
Choose the Configuration category: Cluster slave servers
Default master server IP for remote slave zones = choose custom, and enter this server's real/public IP
Save it
Back to Webmin > Servers > BIND DNS Server
Click on Miscellaneous Options
Choose/tick “Do full recursive lookups for clients?” to NO
Save it
Step 2) Server-2 initial setup for ns2.nameserverdomain.com
Setup rDNS/PTR record first, find the reverse-dns setting in your server provider's control panel, or contact your server provider to setup your reverse dns. Correct rDNS setting term is like ip-address = hostname (example: 10.56.89.122 = ns2.nameserverdomain.com)
Open firewall ports .. (external firewall, if any)
22=ssh (should be disabled after all configuration done)
53(udp)=dns (must for own nameserver)
53(tcp)=dns (for zone transfers between master & slave)
443=http(s)
465=ssl
587=starttls
2222=sftp
10000=default-Webmin (restrict to allow for your personal computer IP, and from/to your all other 3 own servers only)
10001-10100=dns rpc calls
10001-10100=dns rpc calls
Internal Firewall: (FirewallD)
Recommended incoming: 22(temporarily),53,443,465,587,2222,10000(restricted),10001,10002,10010,10100
Recommended outgoing: 20,21,22,25,53,80,110,123,143,443,465,587,993,995,2222,10000,10001,10002,10010,10100,11000,20000
i. Use Putty to start entering command
enable_ipv6 (if available)
ip -6 addr show
nano /etc/resolvconf/resolv.conf.d/head
If the file not found error appear, it's ok, ignore and proceed to next step.
Enter the public DNS(s) in the file
nameserver 8.8.8.8
nameserver 1.1.1.1
nameserver 2001:4860:4860::8888
nameserver 2606:4700:4700::1111
Save the file
ii. Edit the systemd resolver file
nano /etc/systemd/resolved.conf
Un-comment DNS line, and enter the DNS servers as the following:
DNS=8.8.8.8 1.1.1.1 2001:4860:4860::8888 2606:4700:4700::1111
Save and exit the file
iii. Enable the resolver on Startup
systemctl enable systemd-resolved.service
Check the dns resolver works ! or it will work after a system restart
systemd-resolve --status | grep "DNS Servers"
iv. Set the hostname
If your server has cloud-init enabled and hostname auto-reset in bootup, then do not edit the /etc/hosts file instead edit the /etc/cloud/templates/hosts.debian.tmpl file
nano /etc/cloud/templates/hosts.debian.tmpl
Then edit the hosts file
nano /etc/hosts
Make hosts entry look like this:
127.0.0.1 localhost
10.56.89.122 ns2.nameserverdomain.com ns2
# The following lines are desirable for IPv6 capable hosts
#::1 localhost ip6-localhost ip6-loopback
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
Save the hosts file
echo ns2.nameserverdomain.com > /etc/hostname
reboot
v. Install Webmin for Server-2
apt install wget
The standard version you can install by the following commands
curl -o setup-repos.sh https://raw.githubusercontent.com/webmin/webmin/master/setup-repos.sh
sh setup-repos.sh
press y and enter, then wait..
apt-get -y install webmin --install-recommends
reboot
From now, you can access the Webmin in Firefox/Chrome
https://10.56.89.122:10000
Accept the security prompt, and proceed to Webmin login
vi. (Optional) You may configure CSF firewall if needed
If CSF to be installed, make sure to open ports for outgoing also.
Add your personal computer's IP to Quick Allow field first, also add the all 3 other servers ip.
TCP IN: 53,443,465,587,10000,10001,10002,10010,10100
TCP OUT: 21,22,53,80,123,443,465,587,10000,10001,10002,10010,10100
UDP IN: 53,443,465,587,10000,10001,10002,10010,10100
UDP OUT: 21,22,53,80,123,443,465,587,10000,10001,10002,10010,10100
Using the default FirewallD: (use PuTTy must !)
apt-get remove --auto-remove nftables
sudo ufw disable
apt-get install firewalld
If you use the default FirewallD program, you may use the rich rule;
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.47.23.111" port protocol="tcp" port="10000" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.182.29.233" port protocol="tcp" port="10000" accept'
Webmin > Un-used Modules > Fail2Ban Intrusion Detector
Click Install Now
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
nano /etc/fail2ban/jail.local
Find the line ignoreip =
ignoreip = 10.47.23.111 10.182.29.233 ::1
Find the line enabled =
enabled = true
vi. Configure DNS Tools
Webmin > Un-used Modules > BIND DNS Server
Click Install Now
Install dig in command line:
apt-get install dnsutils axfrdns
Back to Webmin > System > Bootup and Shutdown
Choose/select the service name axfrdns and scroll below and click Start On Boot
vii. Set master IP and Allow queries to World
Go to Webmin > Servers > BIND DNS Server
Under the Global Server Options section click on the module Zone Defaults
Keep all default and only put in the Allow queries from.. field = 0.0.0.0/0
Save it
Back to Webmin > Servers > BIND DNS Server
From this BIND DNS Server module page, click on Module Config (upper-left gear icon)
Choose the Configuration category: Cluster slave servers
Default master server IP for remote slave zones = choose custom, and enter this server's real/public IP
Save it
Back to Webmin > Servers > BIND DNS Server
Click on Miscellaneous Options
Choose/tick “Do full recursive lookups for clients?” to NO
Save it
Step 3) Server-3 initial setup for mail.nameserverdomain.com
Setup rDNS/PTR record first, find the reverse-dns setting in your server provider's control panel, or contact your server provider to setup your reverse dns. Correct rDNS setting term is like ip-address = hostname (example: 10.182.29.233 = mail.nameserverdomain.com)
Open firewall ports .. (external firewall, if any)
22=ssh (should be disabled after all configuration done)
25=smtp
53(udp)=dns (must for own nameserver)
53(tcp)=dns (for zone transfers between master & slave)
80=http
443=http(s)
465=ssl
587=starttls
993=imaps
995=pop3s
2222=sftp
10000=default-Webmin (restrict to allow for your personal computer IP, and from/to your all other 3 own servers only)
10001-10100 = dns rpc calls
10001-10100 = dns rpc calls
20001=custom-Usermin
Internal Firewall: (CSF)
Recommended incoming: 22(temporarily),25,53,80,443,465,587,993,995,2222,10000(restricted),10001,10002,10010,10100,20001
Recommended outgoing: 20,21,22,25,53,80,110,123,143,443,465,587,993,995,2222,10000,10001,10002,10010,10100,11000,20000
i. Use Putty to start entering command
enable_ipv6 (if available)
ip -6 addr show
nano /etc/resolvconf/resolv.conf.d/head
If the file not found error appear, it's ok, ignore and proceed to next step.
Enter the public DNS(s) in the file
nameserver 8.8.8.8
nameserver 1.1.1.1
nameserver 2001:4860:4860::8888
nameserver 2606:4700:4700::1111
Save the file
ii. Edit the systemd resolver file
nano /etc/systemd/resolved.conf
Un-comment DNS line, and enter the DNS servers as the following:
DNS=8.8.8.8 1.1.1.1 2001:4860:4860::8888 2606:4700:4700::1111
Save and exit the file
iii. Enable the resolver on Startup
systemctl enable systemd-resolved.service
Check the dns resolver works ! or it will work after a system restart
systemd-resolve --status | grep "DNS Servers"
iv. Set the hostname
If your server has cloud-init enabled and hostname auto-reset in bootup, then do not edit the /etc/hosts file instead edit the /etc/cloud/templates/hosts.debian.tmpl file
nano /etc/cloud/templates/hosts.debian.tmpl
Then edit the hosts file
nano /etc/hosts
Make hosts entry look like this:
127.0.0.1 localhost
10.182.29.233 mail.nameserverdomain.com mail
# The following lines are desirable for IPv6 capable hosts
#::1 localhost ip6-localhost ip6-loopback
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
Save the hosts file
echo mail.nameserverdomain.com > /etc/hostname
reboot
v. Install Virtualmin for Server-3
apt install wget
The standard version you can install by the following commands
wget https://software.virtualmin.com/gpl/scripts/virtualmin-install.sh
sudo sh virtualmin-install.sh
if prompt, enter y and continue...
Wait a few minutes and the installation will be completed.
reboot
From now, you can access the Virtualmin in Firefox
https://10.182.29.233:10000
Accept the security prompt, and proceed to Virtualmin login
vi. (Optional) You may configure CSF firewall if needed
If CSF to be installed, make sure to open ports for outgoing also.
Add your personal computer's IP to Quick Allow field first, also add the all 3 dns servers ip.
TCP IN: 25,53,80,443,465,587,993,995,10000,10001,10002,10010,10100,20001
TCP OUT: 21,22,25,53,80,123,443,465,587,993,995,10000,10001,10002,10010,10100
UDP IN: 25,53,80,443,465,587,993,995,10000,10001,10002,10010,10100,20001
UDP OUT: 21,22,25,53,80,123,443,465,587,993,995,10000,10001,10002,10010,10100
Using the default FirewallD: (use PuTTy must !)
apt-get remove --auto-remove nftables
sudo ufw disable
apt-get install firewalld
If you use the default FirewallD program, you may use the rich rule;
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.47.23.111" port protocol="tcp" port="10000" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.56.89.122" port protocol="tcp" port="10000" accept'
vi. Configure DKIM
Browse to Virtualmin > Email Settings > DomainKeys Identified Mail
Click Install Now
Back to Virtualmin > Email Settings > DomainKeys Identified Mail
Check Yes to Signing of outgoing mail enabled? = Yes
Check No to Reject incoming email with invalid DKIM signature? = No
Click Save
Before adding the slave servers, install dig in command line:
apt-get install dnsutils axfrdns
Back to Webmin > System > Bootup and Shutdown
Choose/select the service name axfrdns and scroll below and click Start On Boot
vii. Set master IP and disallow recursive DNS
Webmin > Servers > BIND DNS Server
From this BIND DNS Server module page, click on Module Config (upper-left gear icon)
Choose the Configuration category: Cluster slave servers
Default master server IP for remote slave zones = choose custom, and enter this server's real/public IP
Save it
Back to Webmin > Servers > BIND DNS Server
Click on Miscellaneous Options
Choose/tick “Do full recursive lookups for clients?” to NO
Save it
vii. Add the Slave server ns1
Browse to Webmin > Webmin > Webmin Servers Index
Click Register a new server
Hostname or IP address field = 10.47.23.111 (your primary nameserver's ip address)
SSL server? = Yes
Check remote SSL certificate? = No
Check remote SSL certificate? = No
Link type = Login via Webmin with username (provide root as username and the Server-1's root password)
Make fast RPC calls? = Yes
Save it
viii. Add the Slave server ns2
Browse to Webmin > Webmin > Webmin Servers Index
Click Register a new server
Hostname or IP address field = 10.56.89.122 (your secondary nameserver's ip address)
SSL server? = Yes
Check remote SSL certificate? = No
Check remote SSL certificate? = No
Link type = Login via Webmin with username (provide root as username and the Server-3's root password)
Make fast RPC calls? = Yes
Save it
ix. Enable DNS cluster
Browse to Webmin > Servers > BIND DNS Server
Under Global Server Options click on the module Cluster Slave Servers
Add server = 10.47.23.111 (Choose your ns1 primary nameserver ip)
View on slaves to add zones to = View with same name
Create secondary on slave when creating locally? = Yes
Create all existing master zones on slave? = No
Name for NS record = ns1.nameserverdomain.com
Click Add Now
Again, from under the Cluster slave server options:
Add server = 10.56.89.122 (Choose your ns2 secondary nameserver ip)
View on slaves to add zones to = View with same name
Create secondary on slave when creating locally? = Yes
Create all existing master zones on slave? = No
Name for NS record = ns2.nameserverdomain.com
Click Add Now again
x. Configure default dns template
Browse to Virtualmin > System Settings > Server Templates > Default Settings > DNS Domain
BIND DNS records for new domains = No additional records
Address records for new domains = (all selected)
Hostname for MX record = Hostname mail.nameserverdomain.com
Default TTL for DNS records = Use BIND module setting
Add sub-domain DNS records to parent domain = No
Additional manually configured nameservers = keep blank (empty)
Add nameserver record for this system = No
Take over existing zone when creating = Yes
Enable proxing on new records = No
DNS slaves to create zones on = All configured
Master DNS server hostname = Hostname mail.nameserverdomain.com
Create NS records in server's domain = No
Add SPF DNS record = Yes, with server's IP address
Additional SPF IPs and hostnames = 10.182.29.233 (your Server-3 hosting server's ip)
Add system and virtual server's IP addresses? = No
Additional SPF included domains = keep blank (empty)
Does SPF record cover all senders = Yes (only Yes, not "Yes, and deny other senders")
Add DMARC DNS record = Yes, with policy below
DMARC policy for emails that fail SPF or DKIM = Reject email
Reporting URI for forensic reports and Reporting URI for aggregate reports = Default mailto:postmaster@domain
Percentage of messages to apply policy = default 100%
Extra DMARC options = sp=reject;
Additional named.conf directives for new zones = None
Create DNSSEC key and sign new domains = No
Finally, click Save
xi. Configure account plans
Browse to Virtualmin > System Settings > Account Plans
Click on Default Plan
Configure Default Plan so that the PostgreSQL will be disabled and MariaDB is enabled.
Basic Plan Details: Choose as you like
Allowed virtual server features:
Select all, exclude: PostgreSQL Database, Webalizer reporting, ProFTPD virtual FTP, Virtual IP Address
Allowed capabilities: Selected below ...
Can manage aliases
Can install scripts
Can select PHP versions
Can edit email settings
Can select shared IPs
Can manage users
Can manage databases
Can manage SSL certificates
Can edit website redirects
Can configure spam and virus delivery
Can edit PHP and website options
Can create catchall aliases
Can change domain's password
Can edit DNS records
Then, Save and Apply
xiv. Add dns naked domain first, as a virtual server
Virtualmin > Create Virtual Server
Domain name = nameserverdomain.com
Description = Hosting for the dns naked domain
Administration password = generate one
Scroll below, and click Create Server
Now you can add the necessary dns records for the naked domain;
Select the naked domain under Virtualmin logo;
Virtualmin > Server Configuration > DNS Records
Make sure or add the following records:
@ IN NS ns1.nameserverdomain.com.
@ IN NS ns2.nameserverdomain.com.
ns1.nameserverdomain.com. IN NS ns1.nameserverdomain.com.
ns1.nameserverdomain.com. IN NS ns2.nameserverdomain.com.
ns2.nameserverdomain.com. IN NS ns1.nameserverdomain.com.
ns2.nameserverdomain.com. IN NS ns2.nameserverdomain.com.
ns1.nameserverdomain.com. IN A 10.47.23.111
ns2.nameserverdomain.com. IN A 10.56.89.122
Also check the hostname A record:
mail.nameserverdomain.com. IN A 10.182.29.233
Now you can Create Virtual Server for businessdomain.com
All Done for your own nameserver setup now !
If you got any DNS propagation problem, disable DNSSEC record in your current registrar dns settings panel. Then flush DNS cache for DS record and NS record.
https://dns.google/cache
The Step-4 below is Optional !
Step 4) Server-4 initial setup for host1.examplehostingserver.com
Setup rDNS/PTR record first, find the reverse-dns setting in your server provider's control panel, or contact your server provider to setup your reverse dns. Correct rDNS setting term is like ip-address = hostname (example: 10.211.79.104 = host1.examplehostingserver.com)
Open firewall ports .. (external firewall, if any)
20=ftp(active)
21=ftp
20=ftp(active)
21=ftp
22=ssh (should be disabled after all configuration done)
25=smtp
53(udp)=dns (must for own nameserver)
53(tcp)=dns (for zone transfers between master & slave)
80=http
110=pop
143=imap
110=pop
143=imap
443=http(s)
465=ssl
587=starttls
993=imaps
995=pop3s
2222=sftp
2222=sftp
10000=default-Webmin
10001-10100 = dns rpc calls
10001-10100 = dns rpc calls
20000=Usermin(Webmail)
50000-60000=ftp(passive)
50000-60000=ftp(passive)
Internal Firewall: (CSF)
Recommended incoming: 20,21,22(temporarily),25,53,80,110,143,443,465,587,993,995,2222,10000,10001,10002,10010,10100,20000,50000-60000
Recommended outgoing: 20,21,22,25,53,80,110,123,143,443,465,587,993,995,2222,10000,10001,10002,10010,10100,11000,20000
i. Use Putty to start entering command
enable_ipv6 (if available)
ip -6 addr show
nano /etc/resolvconf/resolv.conf.d/head
If the file not found error appear, it's ok, ignore and proceed to next step.
Enter the public DNS(s) in the file
nameserver 8.8.8.8
nameserver 1.1.1.1
nameserver 2001:4860:4860::8888
nameserver 2606:4700:4700::1111
Save the file
ii. Edit the systemd resolver file
nano /etc/systemd/resolved.conf
Un-comment DNS line, and enter the DNS servers as the following:
DNS=8.8.8.8 1.1.1.1 2001:4860:4860::8888 2606:4700:4700::1111
Save and exit the file
iii. Enable the resolver on Startup
systemctl enable systemd-resolved.service
Check the dns resolver works ! or it will work after a system restart
systemd-resolve --status | grep "DNS Servers"
iv. Set the hostname
If your server has cloud-init enabled and hostname auto-reset in bootup, then do not edit the /etc/hosts file instead edit the /etc/cloud/templates/hosts.debian.tmpl file
nano /etc/cloud/templates/hosts.debian.tmpl
Then edit the hosts file
nano /etc/hosts
Make hosts entry look like this:
127.0.0.1 localhost
10.211.79.104 host1.examplehostingserver.com host1
# The following lines are desirable for IPv6 capable hosts
#::1 localhost ip6-localhost ip6-loopback
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
Save the hosts file
echo host1.examplehostingserver.com > /etc/hostname
reboot
v. Install Virtualmin for Server-4
apt install wget
The standard version you can install by the following commands
wget https://software.virtualmin.com/gpl/scripts/virtualmin-install.sh
sudo sh virtualmin-install.sh
if prompt, enter y and continue...
Wait a few minutes and the installation will be completed.
reboot
From now, you can access the Virtualmin in Firefox
https://10.211.79.104:10000
Accept the security prompt, and proceed to Virtualmin login
vi. (Optional) You may configure CSF firewall if needed
If CSF to be installed, make sure to open ports for outgoing also.
Add your personal computer's IP to Quick Allow field first, also add the all 3 dns servers ip.
TCP IN: 21,25,53,80,443,465,587,993,995,10000,10001,10002,10010,10100,20000
TCP OUT: 21,22,25,53,80,123,443,465,587,993,995,10000,10001,10002,10010,10100
UDP IN: 21,25,53,80,443,465,587,993,995,10000,10001,10002,10010,10100,20000
UDP OUT: 21,22,25,53,80,123,443,465,587,993,995,10000,10001,10002,10010,10100
Using the default FirewallD: (use PuTTy must !)
apt-get remove --auto-remove nftables
sudo ufw disable
apt-get install firewalld
If you use the default FirewallD program, you may use the rich rule;
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.47.23.111" port protocol="tcp" port="10000" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.56.89.122" port protocol="tcp" port="10000" accept'
vi. Configure DKIM
Browse to Virtualmin > Email Settings > DomainKeys Identified Mail
Click Install Now
Back to Virtualmin > Email Settings > DomainKeys Identified Mail
Check Yes to Signing of outgoing mail enabled? = Yes
Check No to Reject incoming email with invalid DKIM signature? = No
Click Save
Before adding the slave servers, install dig in command line:
apt-get install dnsutils axfrdns
Back to Webmin > System > Bootup and Shutdown
Choose/select the service name axfrdns and scroll below and click Start On Boot
vii. Set master IP and Allow queries to World
Webmin > Servers > BIND DNS Server
Under the Global Server Options section click on the module Zone Defaults
Keep all default and only put in the Allow queries from.. field = 0.0.0.0/0
Save it
Back to Webmin > Servers > BIND DNS Server
From this BIND DNS Server module page, click on Module Config (upper-left gear icon)
Choose the Configuration category: Cluster slave servers
Default master server IP for remote slave zones = choose custom, and enter this server's real/public IP
Save it
Back to Webmin > Servers > BIND DNS Server
Click on Miscellaneous Options
Choose/tick “Do full recursive lookups for clients?” to NO
Save it
vii. Add the Slave server ns1
Browse to Webmin > Webmin > Webmin Servers Index
Click Register a new server
Hostname or IP address field = 10.47.23.111 (your primary nameserver's ip address)
SSL server? = Yes
Check remote SSL certificate? = No
Check remote SSL certificate? = No
Link type = Login via Webmin with username (provide root as username and the Server-1's root password)
Make fast RPC calls? = Yes
Save it
viii. Add the Slave server ns2
Browse to Webmin > Webmin > Webmin Servers Index
Click Register a new server
Hostname or IP address field = 10.56.89.122 (your secondary nameserver's ip address)
SSL server? = Yes
Check remote SSL certificate? = No
Check remote SSL certificate? = No
Link type = Login via Webmin with username (provide root as username and the Server-2's root password)
Make fast RPC calls? = Yes
Save it
ix. Enable DNS cluster
Browse to Webmin > Servers > BIND DNS Server
Under Global Server Options click on the module Cluster Slave Servers
Add server = 10.47.23.111 (Choose your ns1 primary nameserver ip)
View on slaves to add zones to = View with same name
Create secondary on slave when creating locally? = Yes
Create all existing master zones on slave? = No
Name for NS record = ns1.nameserverdomain.com
Click Add Now
Again, from under the Cluster slave server options:
Add server = 10.56.89.122 (Choose your ns2 secondary nameserver ip)
View on slaves to add zones to = View with same name
Create secondary on slave when creating locally? = Yes
Create all existing master zones on slave? = No
Name for NS record = ns2.nameserverdomain.com
Click Add Now again
x. Configure default dns template
Browse to Virtualmin > System Settings > Server Templates > Default Settings > DNS Domain
BIND DNS records for new domains = No additional records
Address records for new domains = (all selected)
Hostname for MX record = Hostname host1.examplehostingserver.com
Default TTL for DNS records = Use BIND module setting
Add sub-domain DNS records to parent domain = No
Additional manually configured nameservers = keep blank empty
Add nameserver record for this system = No
Take over existing zone when creating = Yes
Enable proxing on new records = No
DNS slaves to create zones on = All configured
Master DNS server hostname = Hostname host1.examplehostingserver.com
Create NS records in server's domain = No
Add SPF DNS record = Yes, with server's IP address
Additional SPF IPs and hostnames = 10.211.79.104 (your Server-4 hosting server's ip)
Add system and virtual server's IP addresses? = No
Additional SPF included domains = keep blank empty
Does SPF record cover all senders = Yes (only Yes, not "Yes, and deny other senders")
Add DMARC DNS record = Yes, with policy below
DMARC policy for emails that fail SPF or DKIM = Reject email
Reporting URI for forensic reports and Reporting URI for aggregate reports = Default mailto:postmaster@domain
Percentage of messages to apply policy = default 100%
Extra DMARC options = sp=reject;
Additional named.conf directives for new zones = None
Create DNSSEC key and sign new domains = No
Finally, click Save
xi. Configure account plans
Browse to Virtualmin > System Settings > Account Plans
Click on Default Plan
Configure Default Plan so that the PostgreSQL will be disabled and MariaDB is enabled.
Basic Plan Details: Choose as you like
Allowed virtual server features:
Select all, exclude: PostgreSQL Database, Webalizer reporting, ProFTPD virtual FTP, Virtual IP Address
Allowed capabilities: Selected below ...
Can manage aliases
Can install scripts
Can select PHP versions
Can edit email settings
Can select shared IPs
Can manage users
Can manage databases
Can manage SSL certificates
Can edit website redirects
Can configure spam and virus delivery
Can edit PHP and website options
Can create catchall aliases
Can change domain's password
Can edit DNS records
Then, Save and Apply
xiv. Add hosting virtual servers
Now you can Create Virtual Server for examplehostingserver.com and the hostname host1.examplehostingserver.com
Post a Comment
Post a Comment