Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Cluster setup to sync to outside DNS

Discussion in 'Bind/DNS/Nameserver' started by SactoBob, Jun 14, 2018.

  1. SactoBob

    SactoBob Active Member

    Joined:
    Aug 15, 2015
    Messages:
    27
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    Sacramento
    cPanel Access Level:
    DataCenter Provider
    It seems fairly straight forward (DNS Clustering), but maybe I'm missing something.

    I have 2 cpanel servers. And putting up 1 cpanel-dnsonly server.

    I've tried both write-only and sync-changes to cpanel-dnsonly. However, when I look in /var/named there are no zone files from any of the cpanel servers. And the regular cpanel servers are also not propagating to each other. And an nslookup bounces the lookup to another DNS. I've also seen the cpanel-dns go into "Disabled due to connection failures." this state, but looking at firewall logs there's nothing showing up that is being blocked.

    The end result here however is at some point I want the 3 cpanels to act as internal DNS, but the cpanel-dnsonly server will be synced (via vendor provided scripts) to an outsourced DNS service that will propagate my external dns through several servers within their network.

    But I of course need to get the initial syncing to work! I've read the documents and how-tos, every thing looks correct, but no zone files are showing up.

    Another question: What are the minimum security assignments do I give for an API token for dns cluster services?
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,788
    Likes Received:
    275
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @SactoBob


    The forums post here DNS Clustering may be helpful for you in setting this up and answering some of your questions.

    Can you also ensure that ports 53 and 953 are open on the clustered servers - or at least each of the servers in the cluster can reach ports 53 and 953 on the primary and vice versa?

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. SactoBob

    SactoBob Active Member

    Joined:
    Aug 15, 2015
    Messages:
    27
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    Sacramento
    cPanel Access Level:
    DataCenter Provider
    So after reading a few other threads (the answer wasn't here), I ran the following command on each server:

    /scripts/dnscluster syncall

    After that all the zones showed up on every server and testing by making change to various zones immediately synced to the others. Did I miss a step?

    Also, if I want to unsync two servers later (for now I synced both webservers with each other), is there an easy way to tell cPanel to remove all the zones it imported that isn't part of any accounts on the local server and cleanup their /var/named directories? The cleanup option did not do that.
     
  4. SactoBob

    SactoBob Active Member

    Joined:
    Aug 15, 2015
    Messages:
    27
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    Sacramento
    cPanel Access Level:
    DataCenter Provider
    Also, I read:

    That this was not necessary for v.70 and up as clicking the "Setup Reverse Trust Relationship" is already done for you?
     
  5. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,788
    Likes Received:
    275
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    The thread I linked you to does include that command...I'm glad that worked for you.

    It does not do that, you'd need to remove the DNS zones manually if you chose to remove the server from the cluster and no longer wanted the zones hosted.


    Yea there is currently a case open for this issue CPANEL-15085 to clarify the behavior of the reverse trust relationship when using tokens. Right now you'll need to set the cluster up on both servers.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice