| Chroot directory to run BIND under | For security reasons, some people like to run BIND limited to a single directory with the chroot command. If you are doing this, then Webmin will be confused by your configuration files unless this option is set to the directory that the server is restricted to, such as /home/bind. The module will then treat all configuration and record file paths as relative to this directory, just as BIND would.
If you do not know what chroot is or are not using it, leave this option set to Default. |
| User to start BIND as | When this field is set to Default, the module will start BIND as root. However, you can enter a different username such as named to have it run as that UNIX user instead. This can prevent your system being taken over by an attacker who finds a bug in the DNS server program. Be sure that all zones files are readable by the user. The Owner for zone files option documented below can help with this. |
| Group to start BIND as | If Default is chosen for this field, the UNIX group that BIND runs as is determined by the primary group of the user set in the User to start BIND as field. If you enter a group name, the DNS server will be run as that group instead.
If the previous field is set to Default though, it makes no difference what you select as BIND will always be run as the root user and root's primary group. |
| Add new zones to file | Normally, Webmin will add new all new zones to the named.conf file. If this is not the way things are done on your system, you can enter a different filename for this field. However, for the new zones to be recognized by BIND and Webmin, named.conf must have an include directive to read this file. |
| Display domains as | If Icons is selected, the module's main page will display each zone as an icon. However, if you choose List instead zones will be shown in a table, which takes less space and is easier to read. This makes sense if you are hosting a large number of domains. |
| Order to display records in | This field controls the default sorting method used when viewing the list of records of some type in a domain. The available options and their meanings are:
By name
Records are sorted by name, or in the case of Reverse Address records by IP address. IP sorting is done the correct way, not simply alphabetically. By value
Records are sorted by their value part. For Address records, their means sorting by IP address—all other types are sorted alphabetically. By IP
Address and Reverse Address records are sorted by IP, others types by value. As added
No sorting is done at all—records are simply shown in the order that they were added to the file.
|
| Maximum number of zones to display | If the number of zones hosted by your server exceeds the number set in this field, they will not be displayed on the module's main page. Instead a simple search form is shown for finding domains whose names contain the entered text. |
| Update reverse is | This field determines the default setting for the Update reverse? option on the Address record creation and editing forms. Normally it is set to On by default, but if you rarely want Webmin to automatically update reverse records you should change it to Off by default.
This option also effects the Update forward? field on the form for creating and editing a Reverse Address, in exactly the same way. |
| Reverse zone must exist? | Normally, adding an Address record with an IP address in a reverse zone that is not hosted by this server is not a problem, even if Update reverse? is set to Yes. Sometimes though you do want Webmin to generate an error message is this case, so that you know that the entered IP address is incorrect. Setting this field to Yes turns on this behavior. |
| Support DNS for IPv6 addresses | If this field is set to Yes, the module will allow the creation and editing of records of a new type—the IPv6 Address. Because they are only useful if you are running an IPv6 network, this option is turned off by default.
When editing or adding IPv6 Address records, the appropriate reverse address records will be updated and created as well. However, they will be in the special ip6.int. domain instead of in-addr.arpa. |
| Allow comments for records | When this field is set to Yes, an additional Comment field will be displayed on the form for adding and editing records. This allows you to enter a comment for the record, which will be displayed in the records list. These can be useful for adding additional notes to hostnames which are visible only to you, rather than to everyone on the Internet as would be the case with a comment in a Text record.
In the records file, comments are added to the end of record lines using the BIND comment character ;. This means that if you have existing comments in your files, they should shown up when this option is enabled. |
| Allow wildcards (not recommended) | Normally, the module does not allow the * wildcard character to be used in record names as it is not well supported by some DNS servers and clients. If you do want to use wildcards (such as for a Mail Server record for all hosts in a domain) then you will have to set this field to Yes. |
| Allow long hostnames | Normally Webmin prevents record names from exceeding 255 characters. When this field is set to Yes, you are allowed to create names of up to 635 characters long, which are supported by some versions of BIND. The length restriction applies to the complete canonical name of the record, not just to the short name that you might enter on the record creation form. |
| Allow underscores in record names? | The use of the _ character in DNS names is not technically allowed by the protocol specification, but many DNS servers and clients support it. In fact, Windows systems often depend upon such records to operate properly. When this field is set to No the module will prevent you from creating such records, while selecting Yes will allow it. |
| Convert record names to canonical form? | When this field is set to Yes (as it is by default), Webmin converts the names of any new or updated records to canonical form before adding them to the records file. This means that relative names like www have their domain added, to become like www.example.com., both when they are written to the records file and displayed in the module. The advantage of this approach is the elimination of records that have no name, and thus are dependent on the name of the previous record.
However, this automatic conversion will cause problems if you have two zones that share the same records file. It can also be annoying if you like to edit records manually and prefer to use short names. To turn it off, change this field to No. The only downside is that the module's automatic updating of reverse address records may stop working for records with relative names. |
| Categorize zones by view? | By default, when using BIND 9 views the module's main page simply displays the name of its parent view under the icon for each zone. If this field is set to Yes, zones will be categorized by views instead so that you can more clearly see which zone belongs to which view. |
| Serial number style | When Running number is chosen for this field, Webmin will generate a serial number for new zones that starts with the current UNIX time number, and is incremented by one for each change. Selecting Date based instead forces the serial number to be in YYYYMMDDnn format, which uses the current date followed by an incrementing counter for the changes within the day.
This section option generates serial numbers in the format that is required by some registrars, such as those in Germany. As far as BIND and the DNS protocol are concerned, there is no difference between the two methods. |
| Add $ttl to top of new zone files | If Yes is chosen for this field, the module will add a $TTL line to the top of all new records files that it creates. Newer versions of BIND log a warning message if this line is not present, but older versions complain if it is there, and some really old releases cannot handle it at all. If BIND on your system doesn't like $TTL lines, then you will need to set this field to No. |
| Directory for master zone files | When Default is selected, the module works out which directory to put new master zone files into from the directory line in the named.conf file. If you normally put master and slave files in separate directories, then the master directory should be entered into this field. |
| Directory for slave/stub zone files | Like the previous field, this one allows you to specify a different directory from the default for new slave zone record files. |
| Format for the name of forward zone files | This field determines the filename format that Webmin will use for new record filenames. An occurrence of ZONE in the filename will be replaced with the name of the new forward domain. If you do change this field because you like to use a different name format like example.com.db, make sure that the new value contains the string ZONE. |
| Format for the name of reverse zone files | This field has the same purpose as the previous one, but is used for reverse zone filenames instead of forward. |
| Owner for zone files (user:group) | This field controls the ownership of newly created record files. It must be entered in user:group format, such as named:daemon. If you are running BIND as some user other than root, this field should be changed so that the zone files created by Webmin are readable and editable by the DNS server user. |
| Permissions for zone files (in octal) | Like the previous one, this field controls the UNIX permissions on new record files. You must enter a 3-digit octal number of the kind that is used by the chmod command, such as 755. |
| Default master server(s) for slave zones | The IP addresses entered into this field will be listed by default in the Master servers text box when adding a slave zone, and will be added to a zone's configuration when converting it from a master to a slave. This can be useful if you create lots of slave zones that get their records from the same master server. |
| Default remote slave server | This field determines the default Webmin server to add a slave zone to when adding a master zone. It is only used when using the module's cluster features, which are not covered in this chapter. |
| Automatically update serial numbers | Normally this field is set to Yes, which causes the module to automatically update a zone's serial number every time a record in it is changed. To turn off this behavior, change the field to No instead—however, this will cause problems with caching by secondaries and other DNS servers unless you have some mechanism to update the serial numbers separate, such as a script that runs once per day. |
| Domain for reverse IPv6 addresses | This field is only relevant if you are using the module to manage IPv6 address and reverse address records. It determines which root domain is used for reverse addresses—either the old ip6.int, or the new ip6.arpa. If any such zones already exist on your system, you will need to make the right choice here for the module to behave properly. |
| Full path to the named.conf file | This field determines where the module looks for the primary BIND configuration file, named.conf. You should only need to change it if you have compiled and installed the DNS server software yourself, and chosen to use a different location for the configuration file such as /usr/local/etc/named.conf. |
| Full path to the named executable | If you have installed the BIND server program in a different location to the default expected by Webmin, then you will need to change this field. This may be the case if the server has been compiled and installed manually. |
| Full path to whois command | The module uses the whois command to display ownership information about a domain which you click on the Lookup WHOIS Information icon. This field must contain the path to the command on your system, such as /usr/local/bin/whois. |
| Command to reload a zone | When the Apply Changes button is clicked on a master zone's options page, the command set in this field is used to signal BIND to reread the zone's records file. By default the ndc command is used, which communicates with BIND via a socket file. However, you may want to use rndc instead, which can communicate via a network connection. |
| Default PID file location | To determine if BIND is running, the module looks for a PID file containing its process ID. Normally the path to this file is specified in named.conf, but if not the code will use the path in this field instead. If you have compiled and install the server yourself, you may need to change this to something different like /usr/local/var/named.pid. |
| Command to start BIND | If Webmin detects that BIND is not running, a button will be displayed on the module's main page so that you can start it. If Default is chosen the named executable is run directly, but an alternate command can be used instead. On some operating systems, this field is set by default to a bootup script like /etc/init.d/named start. If you have compiled and install BIND yourself, you should change it back to Default as the script is unlikely to work properly if it is exists at all. |
