OK, I've just got hold of a Dell PowerEdge T710 with 2x Intel Xeon 6 core CPU's, 192GB RAM, and 8x 1TB SAS HD's configured as raid 5, and I installed the bare bones, headless Ubuntu Server 18.04.2 LTS, then I set the server hostname to a FQDN, then installed virtualmin using the install script, and let it install everything needed.
Now the question is, how can I use virtualmin to create LAN only access virtual servers? When I created a virtual server via the virtualmin 'Add virtual server' page, the DNS records are pointing to my WAN IP not the servers LAN IP.
This is what I did to setup my workstation to try and access any virtual servers on the server:-
1st I opened the NIC properties on my windows workstation and set the IPV4 DNS client IP address to the virtualmin server )192.168.0.160)
2nd Disabled LMHosts search.
3rd using a command window to flush the DNS resolver cache, 'ipconfig /FLUSHDNS'
4th disable the NIC, then re-enable it
So now hopefully, any DNS requests should go through bind9 DNS service on the virtualmin server right? Wrong!, when I do a tracert on an outside domain name, such as yahoo.com, the first hop should be my server, but it's isn't,
Oh and the virtualmin server's network DNS client settings are set to resolve file then DNS, and also the DNS order is:-
127.0.0.1 127.0.0.1 8.8.8.8 8.8.4.4
Here's and example of what I tried:-
1.....Create virtual server.....domain name = testsite.com 2......Description = Pchelp website 3......Set admin password
Clicked on Create Virtual Server, then waited for everything to be configured and show the buttons for virtual servers list and show virtual server details. Then on my workstation, I try to use http://testsite.com in the address bar and it sends me to actual sites that exist with that domain name, instead of directing it to the internal IP address 192.168.0.160/testsite, but if I directly use 192.168.0.160 I get 'Access Denied', which tells me I haven't yet setup a website there.
So, there has to be a way for virtualmin to use any domain name internally, and not access any outside DNS service unless I actually want to update the OS etc etc.
I should be able to type in a domain name on my workstation and it opens any websites that is configured with that name, EG, http://pchelp.com would open a website configured on that domain, or if I enter, http://sillypc.org, then that too opens a website configured for that domain but ONLY on the virtualmin server, I should be able to have 10 or more sites on a shared IP, but accessed using domain names, without attempting to resolve to a real domain name.
There is more than one way to approach this issue.
One way would be, to setup your virtualmin server also as a DNS (and maybe also DHCP) server for your local LAN and that way resolve your desired sites to resolve to local IPs instead of public? One other way would be, to add those DNS records for local resolve to your DHCP server. Ugly solution: distribute hosts file to machines needed to resolve those domains as local file to be replaced.
Can you copy and paste nslookup from your server an workstation for the testing domains u're trying to make it work?
In virtualmin, when you created the server, which IP did you assign it? 192.168.0.160?
Before I installed virtualmin, I set the server's IP to static:-
IP 192.168.0.160
Netmask 255.255.255.0
Gateway 192.168.0.1
Then when I installed virtualmin, it set the DNS client to:-
127.0.0.1
127.0.0.1
8.8.8.8
8.8.4.4
Any virtual server created will use the shared IP of 192.168.0.160
I pointed my windows workstation's DNS to the servers IP as bind9 is running on the server, it used to show:-
8.8.8.8
8.8.4.4
I changed it to use 192.168.0.160 for the DNS service.
OK, an 'nslookup webhelp.com' from a command promt on my workstation showed:-
Server: UnKnown
Address: 192.168.0.160
Non-authoritative answer:
Name: webhelp.com
Address: 107.161.23.28
But if I typed http://webhelp.com in a browser on my workstation I get an actual public website, not the one on the server, plus the DNS records for that domain name on the server show my public IP not the server IP.
And the DNS record list shows 8 addresses for that domain name, and all but localhost.webhelp.com point to my WAN IP. localhost.webhelp.com points to 127.0.0.1
That is what you have in /etc/resolv.conf?
Because I believe that's your issue, as I have this in my resolv.conf:
sudo cat /etc/resolv.conf
Generated by NetworkManagersearch domain.com
nameserver 127.0.0.53
I changed the domain name to domain.com for example purposes.
This is what I have in /etc/resolv.conf
nameserver 127.0.0.1
Added by Virtualmin.nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
Added by Virtualmin.
From what I understand, if you don't have local DNS records on your webmin/virtualmin for the domain you want to serve locally, the resolver will use 127.0.0.1, fail to resolve and proceed with 8.8.8.8 and 8.8.4.4 to resolve the request and resolve it with a public IP and that's your issue.
Try commenting out the 8.8.8.8 and 8.8.4.4 lines, add DNS records for the domains you want to resolve locally (as per your example) and see how it goes, don't forget to restart BIND after commenting out the lines.
Shouldn't virtualmin create those records for you when creating a virtual server?
I have just created a new virtual server using virtualmin, called mytesting.com and the bind DNS records for that domain show all the records needed such as www, ftp, mail, etc etc as well as the domain name itself all pointing to my WAN IP not the server's internal LAN IP.
EG
mytesting.com A record = WAN IP
www.mytesting.com A record = WAN IP
ftp.mytesting.com A record = WAN IP
etc etc
for some reason when I create new virtual servers using any made up domain name, the DNS records created in bind always show my WAN IP not the servers LAN IP.
What I want to happen is when I create a virtual server using virtualmin, and use that domain name in a browser on my workstation, it should show the default webpage for the newly created virtual server,
When you created the virtualmin server from your example, what did you put under IP address and forwarding:
IP address and forwarding Default mail forwarding address None
Network interface
Shared, on IP Virtual with IP
Already active IPv6 network interface
None Shared, on IP Virtual with IP
Already active External IP address Same as real address
Network Interface shared on IP 192.168.0.160
IPV6 disabled
External IP address 192.168.0.160
Can you copy & paste nslookup command from your workstation and server for the desired domain?
nslookup on server:-
nslookup mytesting.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: mytesting.com
Address: 192.168.0.160
nslook up from workstation:-
nslookup mytesting.com
Server: UnKnown
Address: 192.168.0.160
Non-authoritative answer:
Name: mytesting.com
Address: 185.53.178.6
This is my workstation ipconfig /all details for the NIC:-
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 4C-72-B9-08-0C-28
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.160
NetBIOS over Tcpip. . . . . . . . : Enabled
That's your issue, it's resolving wrong, on your 192.168.0.160, when used as DNS server for your local net. Check BIND settings and(!) zone for mytesting.com
Here's a few screenshots I just took, showing first the domain name in the list of zones, then master zone for that domain, then finally the list of records used on that domain, as you can see the address do point to 192.168.0.160, but for some reason I can't use that domain name in a browser on my workstation.
https://www.dropbox.com/s/gb2n354sbkt187r/Showing%20domain%20name.jpg?dl=0
https://www.dropbox.com/s/8fyq8pfbxr08ddq/master-zone.jpg?dl=0
https://www.dropbox.com/s/ydegd9vw37nwp07/DNS-Records.jpg?dl=0
Can you jus for test purposes change /etc/resolv.conf
from: nameserver 127.0.0.1 nameserver 127.0.0.1 nameserver 8.8.8.8 nameserver 8.8.4.4
to: nameserver 127.0.0.1
and redo the nslookup on server and workstation.
cat /etc/resolv.conf
Added by Virtualmin.nameserver 127.0.0.1
Added by Virtualmin.
Exactly the same results as before with nslookup on both workstation and server. even when I flush the workstation DNS resolver cache using 'ipconfig /flushdns', I still get the same results.
I don't know if this has anything to do with it, but the resolution order on the server is set to local hostname then DNS.
long shot: clear arp cache on workstation:
arp cache flushdns
try nslookup again
nope same result,,, it seems bind9 is getting results from outside the LAN somehow, because I get an un-authoritative answer with a WAN ip that's not mine.
Under webmin, Networking, Network Configuration, what are your settings?
Hostname, Resolution order, DNS servers, Search Domains?
Another idea, for testing purposes: in Webmin, Servers, BIND DNS Server, Miscellaneous Options, set Do full recursive lookups for clients? to NO. Save, Apply, restart Bind.
Do a nslookup from workstation.
no different.
As for the network configuration:-
Hostname = pchelp.saundcom.com
Update host name in host address if changed = checked
Resolution order:- localhost name, DNS
DNS Servers:-
127.0.0.1
Search Domains = None
Change resolutuon order to: files mdns4_minimal [NOTFOUND=return] dns myhostname Change search domains, to Listed and add saundcom.com to the list.
restart bind, try again?
Well, for some reason I can't add that line anywhere in the hostname/DNS configuration, there's only a drop down box showing:-
Hosts File
DNS
NIS
NIS+
LDAP
DB
Multicast DNS
Localhost Name
Could it be, you're adding/changing this in the wrong module?
It's suppose to be: Webmin, Networking, Network Configuration, Hostname and DNS Client.
Yep it's the right module:-
https://www.dropbox.com/s/x3m16fnajc3v39x/Hostname%20and%20DNS.jpg?dl=0
Is there a file to edit manually?
play with the choices?
I've tried with every choice there is, it looks like I may have to just reformat the server and reinstall Ubuntu then reinstall virtualmin and just leave everything as default, and if that don't work, then it's time to drop virtualmin and look for something else.
It's starting to look like it's impossible to actually run virtualmin inside the LAN.
And you restarted BIND each time?
I can test your setup later in the day, when I'm back home, but I'm sure this is solvable. Not sure if reinstall will solve this for you.
Can you provide a screenshot of BIND page in Webmin where all the zones are seen? because in a previous screenshot you provided.... it was test domain, now it's a different domain in last screenshot?
It's still the same zone:-
https://www.dropbox.com/s/gb2n354sbkt187r/Showing%20domain%20name.jpg?dl=0
pchelp.saundcom.com is the server's host name for which the DNS NS points to.
where's the zone for saundcom.com?
Virtualmin didn't create one.
try adding it?
Made no different, an 'nslookup' on the workstation showed:-
Non-authoritative answer:
Name: mytesting.com
Address: 185.53.178.6 (not my IP)
And issuing 'nslookup saundcom.com' I got:-
Server: UnKnown
Address: 192.168.0.160
*** UnKnown can't find saundcom.com: Non-existent domain
It seems bind is not resolving domain names to internal IP's
nslookup on server returns what?
nslookup mytesting.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: mytesting.com
Address: 192.168.0.160
nslookup saundcom.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find saundcom.com: NXDOMAIN
I just saw something on the bind DNS configuration help, it says:-
For DNS zones created by Virtualmin to be resolvable, the primary nameserver record for each zone must be set to something that can itself be resolved by other systems on the Internet.
Which tells me that it will only work if using an FQDN that other DNS servers can resolve to, such as yahoo.com, msn.com, etc etc, but if using an FQDN that is made up, of course it can't be found if other DNS servers can't find it.
I just found out something,,, if a domain name exists on the internet then if used as a virtual server, the DNS records will find the internet version, but if the domain name is not available then bind resolves to the internal address.
I tested this by first creating 2 virtual networks, en0:0 and en0:1 with IP address of 192.168.0.165 and 192.168.0.170, then I created a new virtual server using an IP address of 192.168.0.165 in the virtual IP box and set the external address the same, then created the new virtual server called anothertest.org, now this is where it gets interesting, I used nslookup on the workstation and got:-
nslookup anothertest.org
Server: UnKnown
Address: 192.168.0.160
Name: anothertest.org
Address: 192.168.0.165
I then did a domain name check on godaddy and found that the domaina another test.org is available, then I created another virtual server using the domain pchelp.com using virtual IP 192.168.0.170 and the same for external IP, then I did an nslookup on the workstation and got:-
nslookup pchelp.com
Server: UnKnown
Address: 192.168.0.160
Non-authoritative answer:
Name: pchelp.com
Address: 107.161.23.28
Then I did a domain name search on godaddy and found it was taken, soo, to summarize, FQDN's can not be used with virtualmin unless they are available for use.making it impossible to use virtualmin inside a LAN, because it will always look at other DNS servers for resolving domain names, if the external DNS services don't have a record, then bind will allow it to be used internally.
I also found out any domain name that ends with com, net, org, tv, info, biz, or any of the others that are used on the internet can't be used in a virtualmin virtual server, the domain name would have be something so silly that it's not available anywhere on the internet, such as mysillypc.hom, or mystupidpc,gin, then it'll work.
What if you use pchelp.intranet and test.intranet as domain names? Or similar... ?
Anything other than the common used TLD's work, it doesn't matter if 3 or more letters. I even tried overthehill.past and it worked.
Can we call it solved? :-)))
as this is comment 40 :-) but hey. we gave it a shot :-) and came to a certain point where it works... :-) not that i'm taking any credit, but i learned lots also :-)
We can call it solved as far as domain names are concerned, but all this fiddling has now broken something else, other modules won't work because they can't resolve the pchelp.saundcom.com domain, one such example is ftp, the error shows:-
proftpd[27879]: 2019-07-29 11:21:07,903 pchelp.saundcom.com proftpd[27899]: warning: unable to determine IP address of 'pchelp.saundcom.com'
The same goes now when I use sudo, it says:- sudo: unable to resolve host pchelp.saundcom.com
Fix one thing and break another, I guess it's time for a full reformat and reinstall.
A search elsewhere on this forum, someone else said:-
"That's why ProFTPD is having problems: It cannot determine your external IP and gets no valid FQDN.
It is highly recommended that you get an administrative domain for your server, resolvable independently from your Virtualmin, and give your server a hostname in that domain."
Which leads us back to virtualmin can not and will not run inside a LAN it HAS to have an internet accessible FQDN, which in my opinion means virtualmin is useless for running as an internally private system, there is NO option other than to buy a domain name and use it as the resolvable domain, which defeats the object of having it LAN only.
hi usalabs !
my approach would be this (see diagram please).. It have worked for me for years.. its simple but yet easy (dummy) suggestion however it takes most headache away with reverse dns and other things. Edit: this way you can keep each thingy simple and separated for management. Let me know if you would need any help, I am in hope that this would shine some light for you.
Configuring/troubleshooting Debian servers is always great fun