After changing IP address on Virtualmin DNS cluster name server, lots of propogation issues

Virtualmin tries to take care of global changes such as an IP address change. However, if you have many domains, you’ll find this actually requires a lot more work. There are a two main places where you might have to fix old domains:

On the entire cluster, thus, every name server in the hierarchy.

On the source server itself.

The reasons are twofold:

  1. Bind name server changes are only allowed from a specific IP address. Bind name server changes are not bound by DNS names, but IP security. This is to avoid extra name server queries or if the DNS is down. This is applicable for the hierarchy.
  2. Zone replication per zone is only allowed from certain IP addresses. If the IP address has changed, the zones “Edit Zone Options” specifically “Allow Transfer From” and “Also Notify Slaves” will be incorrect.

Both problems are fixed easily on all five name servers:

(1) The name server where the master record is kept.

(2) All four name servers in the hierarchy.

These instructions are only for Ubuntu. Unfortunately between different distributions the /etc/bind directory differs making these changes across many different distributions a royal pain in the neck.

You’ll see this message in the log file when things start going wrong:

Apr 28 19:12:44 host named[799]: client @0x7facb9a4c900 ( zone transfer ‘’ denied

In the above example, taken on the name server’s master record server, that IP address had changes. Now a.b.c.d which is in the hierarchy is trying to retrieve the new records, but because it’s IP address doesn’t exist in this pre-existing zone options, it can’t. The fix is:

cd /etc/bind
sed -i 's/' named.conf.local

This will fix the master.

To fix all “slaves”, do the the following command four times:

cd /etc/bind
sed -i 's/' named.conf.local

Don’t get confused what is the next Virtualmin server’s IP address and what is the new name server’s IP  address. Start off by writing down which is which on a notepad.

If you’re still struggling contact us or check the screenshots below:

Sometimes the value below doesn’t correspond to the new IP aaddress after a change. Be sure to check this screen:

This obscure global setting in Webmin allows you to specify the external address of Bind permissions. On Ubuntu it’s sometimes needed. It has to be changed after an IP address change.

This is an important screenshot because it shows what you’ll be doing, with sed, per zone, to fix the problem:


Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top