DirectAdmin 1.694

Xavier · 2026-02-04T08:33:54-0700

fln said:
We are happy to announce the release of DirectAdmin 1.694.

A full release change log is here:

DirectAdmin 1.694

The update should be automatically available for all installations subscribed to the current release channel.

We appreciate all the feedback on forums and issues reported in the ticketing system.

Thanks!

Hi, I´m trying to add an email account on my domain but the "create" button is not working. Any idea what´s going on?

fln · 2026-02-04T08:39:40-0700

@Namhost, it seems the Bind DNS service does not support HTTPS records on your server. Usually the Bind service that comes with the system is fresh enough support this record, the only exception is the RHEL 8 systems that still uses Bind 9.11.

Zerg · 2026-02-04T15:02:47-0700

Hi,

/usr/local/directadmin/data/users/*/domains/*.key

files have

-rw------- 1 diradmin access

permissions instead of

-rw-r----- 1 diradmin access

despite having good letsencrypt.sh with

install_file 640 "${owner}" "${src_key}" "${dst_key}"

SNI in exim stopped working due to that for new domains. I have created letsencrypt_post hook to fix permissions as workaround and fixed permissions for all keys.

fln · 2026-02-04T15:40:48-0700

Thank you @Zerg, a new build is published to fix the file permissions issue. It makes sure new files will have correct permissions and existing files with incorrect permissions will be fixed on update.

anas_xrt · 2026-02-04T19:41:49-0700

@Namhost

I’ve successfully updated BIND to version 9.16 on AlmaLinux 8.10 without any issues. The HTTPS record is working well with the HTTP/3 configuration I set up. However, DirectAdmin did not provide a template for dns_https.conf—the file was completely empty. To resolve this, I created the following template:

Code:

|*if IS_IPV6="yes"|
|DOMAIN|=1 |DOMAIN|. alpn=h3,h2 ipv6hint=|IP|
www=2 www.|DOMAIN|. alpn=h3,h2 ipv6hint=|IP|
|*else|
|DOMAIN|=3 |DOMAIN|. alpn=h3,h2 ipv4hint=|IP|
www=4 www.|DOMAIN|. alpn=h3,h2 ipv4hint=|IP|
|*endif|

and the result of create will be like this one

Code:

abc.co.    3600    IN    HTTPS    1 abc.co. alpn=h3,h2 ipv6hint=2a01:4ff:2f0:152f:0:0:0:1
abc.co.    3600    IN    HTTPS    3 abc.co. alpn=h3,h2 ipv4hint=5.223.54.221
www    3600    IN    HTTPS    2 www.abc.co. alpn=h3,h2 ipv6hint=2a01:4ff:2f0:152f:0:0:0:1
www    3600    IN    HTTPS    4 www.abc.co. alpn=h3,h2 ipv4hint=5.223.54.221

by the way, I forgot how I can add all new HTTPS record for all existing domains. If anyone know, guide me please.

Namhost · 2026-02-04T23:11:08-0700

Still does not seem to work well, I tested on AlmaLinux 9 servers now (BIND 9.16), trying to add WWW IN HTTPS record for my domain:

Unable to save dns zone: named-checkzone returned:
loading "xxx.com" from "/var/named/xxx.com.db.temp.1343131.AkwYmSGWe4" class "IN"
dns_master_load: /var/named/xxx.com.db.temp.1343131.AkwYmSGWe4:166: www.xxx.com: CNAME and other data
zone xxx.com/IN: loading from master file /var/named/xxx.com.db.temp.1343131.AkwYmSGWe4 failed: CNAME and other data
zone xxx.com/IN: not loaded due to errors.

nsc · 2026-02-05T00:38:40-0700

Namhost said:
Still does not seem to work well, I tested on AlmaLinux 9 servers now (BIND 9.16), trying to add WWW IN HTTPS record for my domain:

Judging by the error - you have a CNAME for that subdomain. You cannot have CNAME bundled with other records for the same subdomain. Either CNAME or other records - not both.

nsc · 2026-02-05T01:07:01-0700

anas_xrt said:
@Namhost

I’ve successfully updated BIND to version 9.16 on AlmaLinux 8.10 without any issues. The HTTPS record is working well with the HTTP/3 configuration I set up. However, DirectAdmin did not provide a template for dns_https.conf—the file was completely empty. To resolve this, I created the following template:

Code:

|*if IS_IPV6="yes"| |DOMAIN|=1 |DOMAIN|. alpn=h3,h2 ipv6hint=|IP| www=2 www.|DOMAIN|. alpn=h3,h2 ipv6hint=|IP| |*else| |DOMAIN|=3 |DOMAIN|. alpn=h3,h2 ipv4hint=|IP| www=4 www.|DOMAIN|. alpn=h3,h2 ipv4hint=|IP| |*endif|

and the result of create will be like this one

Code:

abc.co. 3600 IN HTTPS 1 abc.co. alpn=h3,h2 ipv6hint=2a01:4ff:2f0:152f:0:0:0:1 abc.co. 3600 IN HTTPS 3 abc.co. alpn=h3,h2 ipv4hint=5.223.54.221 www 3600 IN HTTPS 2 www.abc.co. alpn=h3,h2 ipv6hint=2a01:4ff:2f0:152f:0:0:0:1 www 3600 IN HTTPS 4 www.abc.co. alpn=h3,h2 ipv4hint=5.223.54.221

by the way, I forgot how I can add all new HTTPS record for all existing domains. If anyone know, guide me please.

Hmm, is there any reason why you want to add those? The description of that part seems pretty awkward. You kind of have hints, but you still need to query the DNS records and if they do not match, terminate the initial connection and connect to the real resolved host. Doesn't sound like a real optimization or I don't fully understand where it should come from.
What I could expect from the increased amount of records and hints, that different browsers could potentially treat all that differently, that could lead to harder times debugging mystical client reported problems.
IMHO those mass added records, would only clutter the dns zone without real benefit.

This section:
The "ipv4hint" and "ipv6hint" keys convey IP addresses that clients MAY use to reach the service. If A and AAAA records for TargetName are locally available, the client SHOULD ignore these hints. Otherwise, clients SHOULD perform A and/or AAAA queries for TargetName per Section 3, and clients SHOULD use the IP address in those responses for future connections. Clients MAY opt to terminate any connections using the addresses in hints and instead switch to the addresses in response to the TargetName query.

Source:

RFC 9460: Service Binding and Parameter Specification via the DNS (SVCB and HTTPS Resource Records)

This document specifies the "SVCB" ("Service Binding") and "HTTPS" DNS resource record (RR) types to facilitate the lookup of information needed to make connections to network services, such as for HTTP origins. SVCB records allow a service to be provided from multiple alternative endpoints...

datatracker.ietf.org

anas_xrt · 2026-02-05T01:23:13-0700

@nsc
The goal isn't just IP hinting; it's about enabling Happy Eyeballs for HTTP/3. By providing the ALPN (h3) in the DNS layer, the browser doesn't have to wait for an 'Alt-Svc' header over a slower TCP connection. It can jump straight to QUIC/UDP, which is a significant performance gain for mobile and high-latency users

fln · 2026-02-05T02:51:44-0700

The HTTPS record template can be simplified by using . for the target domain instead of repeating same value as record name. Adding IP address hints is not worth the trouble in my opinion. It will be hard to keep them in sync with `A` and `AAAA` records.

Code:

|DOMAIN|=1 . alpn=h3,h2
www=1 . alpn=h3,h2

Should be fine if server is configured to use HTTP/3.

ericosman · 2026-02-05T04:26:32-0700

After the update i get this error on a domain when trying to create a SSL cert.

Could not execute your request

No domains pointing to this server to generate the certificate for.

fln · 2026-02-05T04:32:44-0700

@ericosman, please open a support ticket. This error happens if HTTP challenge test fails. This can happen if domain is not actually pointing to the server, or there are problems resolving DNS names.

ericosman · 2026-02-05T05:40:42-0700

fln said:
@ericosman, please open a support ticket. This error happens if HTTP challenge test fails. This can happen if domain is not actually pointing to the server, or there are problems resolving DNS names.

It indeed might be a me (second DNS server) issue. Thanks!

DirectAdmin 1.694

Xavier

New member