The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Add Reseller Account to DNS Cluster?

Discussion in 'Bind / DNS / Nameserver Issues' started by mikelegg, Apr 26, 2011.

  1. mikelegg

    mikelegg Well-Known Member

    Joined:
    Mar 29, 2005
    Messages:
    330
    Likes Received:
    0
    Trophy Points:
    16
    Is it possible to add a reseller account into a cPanel DNS Cluster so that it's zones can be pushed to the cluster?
     
  2. mikelegg

    mikelegg Well-Known Member

    Joined:
    Mar 29, 2005
    Messages:
    330
    Likes Received:
    0
    Trophy Points:
    16
    From what I can see ...

    1. You don't have to use the user "root" when adding a server to a cluster, so I could use the reseller username and the reseller WHM key to add the reseller server to the cluster.

    2. There is a Reseller ACL option called "Clustering".

    So it seems it would be possible, but I'm just wondering if it would actually work the way I think it would.
     
  3. mikelegg

    mikelegg Well-Known Member

    Joined:
    Mar 29, 2005
    Messages:
    330
    Likes Received:
    0
    Trophy Points:
    16
    Well, I gave it a go and everything was OK until I tried to configure the roles of the DNS servers within the reseller account to "Synchronise Changes".

    The message it gave me was "For security reasons, the root user must add this server into the cluster before it can be made to synchronize dns records. To accomplish this you or the server administrator must login as root and add xxx.xxx.xxx.xxx to the cluster."
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The issue with a reseller having this access would be they can see all zones in the cluster upon being added to it, so they can edit DNS zones or remove those that they don't even own at that point. I wouldn't allow a reseller to have cluster access personally to your nameservers. Now, if you wanted to give them access to their own nameservers and only cluster those nameservers, then I could see doing that option.
     
  5. mikelegg

    mikelegg Well-Known Member

    Joined:
    Mar 29, 2005
    Messages:
    330
    Likes Received:
    0
    Trophy Points:
    16
    Thanks Tristan

    I don't quite understand the purpose of giving resellers the "Clustering" privilege in their ACL.

    In order for them to synchronise their zones to remote servers, the remote servers have to be added by someone with root privileges.

    So while a reseller can add servers to his cluster he doesn't appear to be able to actually do anything useful with them.
     
  6. learning

    learning Registered

    Joined:
    Jul 2, 2011
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Is this final assumption correct? I´ve been looking for a reseller with this figured out. Any official response?
     
  7. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The remote servers must be added by someone with root privileges to the DNS only servers. You do not want your resellers able to cluster to your existing nameservers, since anyone clustered to those nameservers can remove or edit all zones in the cluster even those they do not own.
     
Loading...

Share This Page