Configure Main cPanel Server with 2 cPanel DNS Only Servers

marcju11

Member
Jul 7, 2012
14
0
1
cPanel Access Level
Root Administrator
Hello,

I would like to be sure I configured everything correctly.

First of all :

My main cPanel server hostname is : host.mydomain.com
And nameservers are : ns1.mydomain.com + ns2.mydomain.com

My first cPanel DNS Only server hostname is : ns1.mydomain.com
And nameservers are : ns1.mydomain.com + ns2.mydomain.com

My second cPanel DNS Only server hostname is : ns2.mydomain.com
And nameservers are : ns1.mydomain.com + ns2.mydomain.com


Now what I did :

1) On my main cPanel server : I disabled the nameserver service (no BIND).
2) On my two DNS Only Server : I added "A record" for my nameservers and nothing for the hostname (because its name is the same as the nameserver)
3) On my two DNS Only Server : I activated Clustering Services
4) On my main cPanel server : I activated clustering services and I linked my two DNS Only Server with "Synchronize changes".


Now it looks like this :
host.mydomain.com
↳ ns2.mydomain.com
↳ ns1.mydomain.com


I'm not sure about some things :

1) Is it necessary to have a “A record” for NS1 in NS1 and NS2 ? I mean is it a duplicate or a necessity and why ?
2) Is it necessary to activate Clustering services on cPanel DNS Only Servers ?
3) Why “Synchronize Changes” and not “Standalone” or ”Write Only“ ?
4) I got this error message : "The reverse trust relationship could not be established from the remote server to this server. You must login to the remote server and add this server to it's cluster manager manually if you want the other server to be able to access this one" ==> Why ? And is it necessary to have reverse trust ?

Thank you.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,268
463
Hello :)

1. I actually recommend adding the "A" records for your name servers and hostname on the cPanel server you use for hosting the accounts. These records would then be synced over to your DNS-Only servers so you would not have to add them to those servers manually.

2. It's a good idea to activate clustering on the DNS-Only server and ensure the cPanel server's DNS Role is set as "Standealone".

3. Here is a description of each DNS role:

Synchronize changes: All changes made on this server will propagate to any server in the cluster that is linked to this server. Synchronization is one-way: changes made on another server will not propagate to this server unless Synchronize changes is selected on the other server as well.

Standalone: No changes made on this server will propagate to any other servers.

Write Only: This server will write changes to the remote server, but when this server loads zone files, it will not obtain zone data from the remote server.


4. The reverse trust relationship is not required. It's primary purpose is prevent the need to log into the WHM Configure Cluster screen on the remote server.

Thank you.
 

marcju11

Member
Jul 7, 2012
14
0
1
cPanel Access Level
Root Administrator
Hello :)

1. I actually recommend adding the "A" records for your name servers and hostname on the cPanel server you use for hosting the accounts. These records would then be synced over to your DNS-Only servers so you would not have to add them to those servers manually.

2. It's a good idea to activate clustering on the DNS-Only server and ensure the cPanel server's DNS Role is set as "Standealone".

3. Here is a description of each DNS role:

Synchronize changes: All changes made on this server will propagate to any server in the cluster that is linked to this server. Synchronization is one-way: changes made on another server will not propagate to this server unless Synchronize changes is selected on the other server as well.

Standalone: No changes made on this server will propagate to any other servers.

Write Only: This server will write changes to the remote server, but when this server loads zone files, it will not obtain zone data from the remote server.


4. The reverse trust relationship is not required. It's primary purpose is prevent the need to log into the WHM Configure Cluster screen on the remote server.

Thank you.
Ok so at the installation of cPanel DNS Only I do not add A records ? I'll do it on the main web server ?

And is it ok if I deactivate DNS services (Bind) on the main server after the clustering configured ?

Thank you again!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,268
463
Ok so at the installation of cPanel DNS Only I do not add A records ? I'll do it on the main web server ?
Yes, that is correct.

And is it ok if I deactivate DNS services (Bind) on the main server after the clustering configured
Yes, you can set the name server to "Disabled" in "WHM Home » Service Configuration » Nameserver Selection".

Thank you.
 

marcju11

Member
Jul 7, 2012
14
0
1
cPanel Access Level
Root Administrator
Yes, that is correct.



Yes, you can set the name server to "Disabled" in "WHM Home » Service Configuration » Nameserver Selection".

Thank you.

Just to be sure everything is ok now :

1) Is it normal that in my DNS Zones : ns1.mydomain.com is the SOA for my zones : ns1.mydomain.com , ns2.mydomain.com AND hostname..mydomain.com ?

2) Is it normal that there is a "NS record" for ns1.mydomain.com pointing to my ns1.mydomain.com and ns2.mydomain.com (and a "NS record" for ns2.mydomain.com pointing to ns1.mydomain.com and ns2.mydomain.com) ?

Thank you !
 

lorio

Well-Known Member
Feb 25, 2004
314
22
168
cPanel Access Level
Root Administrator
Hello :)
2. It's a good idea to activate clustering on the DNS-Only server and ensure the cPanel server's DNS Role is set as "Standealone".
Since the documenation is a bit lacking about how different concepts of dns clustering can be setup I allow myself to add a few questions.

Question A: Why should be clustering activated on the DNSOnly ???

Lets say you have one WHM and use ns1 and ns2 DNSOnlyServer. When you add a Zone the WHM Server will write the zone to each DNSOnlyServer. If you only activate clustering on the WHM you're done in that scenario.

If ns1 or ns2 DNSOnly is hacked no direct access is possible to other servers.

Question B: If you want to add a ns3 after some while, is there a way to automatically add the ns3 to the existing zonefiles?
 

lorio

Well-Known Member
Feb 25, 2004
314
22
168
cPanel Access Level
Root Administrator
Are the questions too silly? Forgive for asking again after a few months. Had to confess that found my own post and was happy someone asked the same question like me. Then I saw that it was me.

From a security perspective I see a benefit in not placing access keys of servers on nameservers.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,268
463
Just to be sure everything is ok now :

1) Is it normal that in my DNS Zones : ns1.mydomain.com is the SOA for my zones : ns1.mydomain.com , ns2.mydomain.com AND hostname..mydomain.com ?

2) Is it normal that there is a "NS record" for ns1.mydomain.com pointing to my ns1.mydomain.com and ns2.mydomain.com (and a "NS record" for ns2.mydomain.com pointing to ns1.mydomain.com and ns2.mydomain.com) ?

Thank you !
1. Yes, this is normal.
2. Yes, this is normal as well.

Question A: Why should be clustering activated on the DNSOnly ???
Question B: If you want to add a ns3 after some while, is there a way to automatically add the ns3 to the existing zonefiles?

A. Yes, that is correct. It's not required to setup the reverse trust relationship from the DNS-Only server to the hosting server.

B. No, you would have to edit the zones through a custom script or manually to add the additional NS record to the zone files.

Thank you.