The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Configure Main cPanel Server with 2 cPanel DNS Only Servers

Discussion in 'Bind / DNS / Nameserver Issues' started by marcju11, May 1, 2013.

  1. marcju11

    marcju11 Member

    Joined:
    Jul 7, 2012
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    I would like to be sure I configured everything correctly.

    First of all :

    My main cPanel server hostname is : host.mydomain.com
    And nameservers are : ns1.mydomain.com + ns2.mydomain.com

    My first cPanel DNS Only server hostname is : ns1.mydomain.com
    And nameservers are : ns1.mydomain.com + ns2.mydomain.com

    My second cPanel DNS Only server hostname is : ns2.mydomain.com
    And nameservers are : ns1.mydomain.com + ns2.mydomain.com


    Now what I did :

    1) On my main cPanel server : I disabled the nameserver service (no BIND).
    2) On my two DNS Only Server : I added "A record" for my nameservers and nothing for the hostname (because its name is the same as the nameserver)
    3) On my two DNS Only Server : I activated Clustering Services
    4) On my main cPanel server : I activated clustering services and I linked my two DNS Only Server with "Synchronize changes".


    Now it looks like this :
    host.mydomain.com
    ↳ ns2.mydomain.com
    ↳ ns1.mydomain.com


    I'm not sure about some things :

    1) Is it necessary to have a “A record” for NS1 in NS1 and NS2 ? I mean is it a duplicate or a necessity and why ?
    2) Is it necessary to activate Clustering services on cPanel DNS Only Servers ?
    3) Why “Synchronize Changes” and not “Standalone” or ”Write Only“ ?
    4) I got this error message : "The reverse trust relationship could not be established from the remote server to this server. You must login to the remote server and add this server to it's cluster manager manually if you want the other server to be able to access this one" ==> Why ? And is it necessary to have reverse trust ?

    Thank you.
     
    #1 marcju11, May 1, 2013
    Last edited: May 1, 2013
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    1. I actually recommend adding the "A" records for your name servers and hostname on the cPanel server you use for hosting the accounts. These records would then be synced over to your DNS-Only servers so you would not have to add them to those servers manually.

    2. It's a good idea to activate clustering on the DNS-Only server and ensure the cPanel server's DNS Role is set as "Standealone".

    3. Here is a description of each DNS role:

    Synchronize changes: All changes made on this server will propagate to any server in the cluster that is linked to this server. Synchronization is one-way: changes made on another server will not propagate to this server unless Synchronize changes is selected on the other server as well.

    Standalone: No changes made on this server will propagate to any other servers.

    Write Only: This server will write changes to the remote server, but when this server loads zone files, it will not obtain zone data from the remote server.


    4. The reverse trust relationship is not required. It's primary purpose is prevent the need to log into the WHM Configure Cluster screen on the remote server.

    Thank you.
     
  3. marcju11

    marcju11 Member

    Joined:
    Jul 7, 2012
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ok so at the installation of cPanel DNS Only I do not add A records ? I'll do it on the main web server ?

    And is it ok if I deactivate DNS services (Bind) on the main server after the clustering configured ?

    Thank you again!
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, that is correct.

    Yes, you can set the name server to "Disabled" in "WHM Home » Service Configuration » Nameserver Selection".

    Thank you.
     
  5. marcju11

    marcju11 Member

    Joined:
    Jul 7, 2012
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator

    Just to be sure everything is ok now :

    1) Is it normal that in my DNS Zones : ns1.mydomain.com is the SOA for my zones : ns1.mydomain.com , ns2.mydomain.com AND hostname..mydomain.com ?

    2) Is it normal that there is a "NS record" for ns1.mydomain.com pointing to my ns1.mydomain.com and ns2.mydomain.com (and a "NS record" for ns2.mydomain.com pointing to ns1.mydomain.com and ns2.mydomain.com) ?

    Thank you !
     
  6. lorio

    lorio Well-Known Member

    Joined:
    Feb 25, 2004
    Messages:
    243
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Since the documenation is a bit lacking about how different concepts of dns clustering can be setup I allow myself to add a few questions.

    Question A: Why should be clustering activated on the DNSOnly ???

    Lets say you have one WHM and use ns1 and ns2 DNSOnlyServer. When you add a Zone the WHM Server will write the zone to each DNSOnlyServer. If you only activate clustering on the WHM you're done in that scenario.

    If ns1 or ns2 DNSOnly is hacked no direct access is possible to other servers.

    Question B: If you want to add a ns3 after some while, is there a way to automatically add the ns3 to the existing zonefiles?
     
  7. lorio

    lorio Well-Known Member

    Joined:
    Feb 25, 2004
    Messages:
    243
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Are the questions too silly? Forgive for asking again after a few months. Had to confess that found my own post and was happy someone asked the same question like me. Then I saw that it was me.

    From a security perspective I see a benefit in not placing access keys of servers on nameservers.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    1. Yes, this is normal.
    2. Yes, this is normal as well.


    A. Yes, that is correct. It's not required to setup the reverse trust relationship from the DNS-Only server to the hosting server.

    B. No, you would have to edit the zones through a custom script or manually to add the additional NS record to the zone files.

    Thank you.
     
Loading...

Share This Page