Configure Main cPanel Server with 2 cPanel DNS Only Servers

marcju11 · May 1, 2013

Hello,

I would like to be sure I configured everything correctly.

First of all :

My main cPanel server hostname is : host.mydomain.com
And nameservers are : ns1.mydomain.com + ns2.mydomain.com

My first cPanel DNS Only server hostname is : ns1.mydomain.com
And nameservers are : ns1.mydomain.com + ns2.mydomain.com

My second cPanel DNS Only server hostname is : ns2.mydomain.com
And nameservers are : ns1.mydomain.com + ns2.mydomain.com

Now what I did :

1) On my main cPanel server : I disabled the nameserver service (no BIND).
2) On my two DNS Only Server : I added "A record" for my nameservers and nothing for the hostname (because its name is the same as the nameserver)
3) On my two DNS Only Server : I activated Clustering Services
4) On my main cPanel server : I activated clustering services and I linked my two DNS Only Server with "Synchronize changes".

Now it looks like this :
host.mydomain.com
↳ ns2.mydomain.com
↳ ns1.mydomain.com

I'm not sure about some things :

1) Is it necessary to have a “A record” for NS1 in NS1 and NS2 ? I mean is it a duplicate or a necessity and why ?
2) Is it necessary to activate Clustering services on cPanel DNS Only Servers ?
3) Why “Synchronize Changes” and not “Standalone” or ”Write Only“ ?
4) I got this error message : "The reverse trust relationship could not be established from the remote server to this server. You must login to the remote server and add this server to it's cluster manager manually if you want the other server to be able to access this one" ==> Why ? And is it necessary to have reverse trust ?

Thank you.

cPanelMichael · May 2, 2013

Hello

1. I actually recommend adding the "A" records for your name servers and hostname on the cPanel server you use for hosting the accounts. These records would then be synced over to your DNS-Only servers so you would not have to add them to those servers manually.

2. It's a good idea to activate clustering on the DNS-Only server and ensure the cPanel server's DNS Role is set as "Standealone".

3. Here is a description of each DNS role:

Synchronize changes: All changes made on this server will propagate to any server in the cluster that is linked to this server. Synchronization is one-way: changes made on another server will not propagate to this server unless Synchronize changes is selected on the other server as well.

Standalone: No changes made on this server will propagate to any other servers.

Write Only: This server will write changes to the remote server, but when this server loads zone files, it will not obtain zone data from the remote server.

4. The reverse trust relationship is not required. It's primary purpose is prevent the need to log into the WHM Configure Cluster screen on the remote server.

Thank you.

marcju11 · May 2, 2013

cPanelMichael said:
Hello

1. I actually recommend adding the "A" records for your name servers and hostname on the cPanel server you use for hosting the accounts. These records would then be synced over to your DNS-Only servers so you would not have to add them to those servers manually.

2. It's a good idea to activate clustering on the DNS-Only server and ensure the cPanel server's DNS Role is set as "Standealone".

3. Here is a description of each DNS role:

Synchronize changes: All changes made on this server will propagate to any server in the cluster that is linked to this server. Synchronization is one-way: changes made on another server will not propagate to this server unless Synchronize changes is selected on the other server as well.

Standalone: No changes made on this server will propagate to any other servers.

Write Only: This server will write changes to the remote server, but when this server loads zone files, it will not obtain zone data from the remote server.

4. The reverse trust relationship is not required. It's primary purpose is prevent the need to log into the WHM Configure Cluster screen on the remote server.

Thank you.

Ok so at the installation of cPanel DNS Only I do not add A records ? I'll do it on the main web server ?

And is it ok if I deactivate DNS services (Bind) on the main server after the clustering configured ?

Thank you again!

cPanelMichael · May 2, 2013

marcju11 said:
Ok so at the installation of cPanel DNS Only I do not add A records ? I'll do it on the main web server ?

Yes, that is correct.

marcju11 said:
And is it ok if I deactivate DNS services (Bind) on the main server after the clustering configured

Yes, you can set the name server to "Disabled" in "WHM Home » Service Configuration » Nameserver Selection".

Thank you.

marcju11 · May 3, 2013

cPanelMichael said:
Yes, that is correct.

Yes, you can set the name server to "Disabled" in "WHM Home » Service Configuration » Nameserver Selection".

Thank you.

Just to be sure everything is ok now :

1) Is it normal that in my DNS Zones : ns1.mydomain.com is the SOA for my zones : ns1.mydomain.com , ns2.mydomain.com AND hostname..mydomain.com ?

2) Is it normal that there is a "NS record" for ns1.mydomain.com pointing to my ns1.mydomain.com and ns2.mydomain.com (and a "NS record" for ns2.mydomain.com pointing to ns1.mydomain.com and ns2.mydomain.com) ?

Thank you !

lorio · May 4, 2013

cPanelMichael said:
Hello
2. It's a good idea to activate clustering on the DNS-Only server and ensure the cPanel server's DNS Role is set as "Standealone".

Since the documenation is a bit lacking about how different concepts of dns clustering can be setup I allow myself to add a few questions.

Question A: Why should be clustering activated on the DNSOnly ???

Lets say you have one WHM and use ns1 and ns2 DNSOnlyServer. When you add a Zone the WHM Server will write the zone to each DNSOnlyServer. If you only activate clustering on the WHM you're done in that scenario.

If ns1 or ns2 DNSOnly is hacked no direct access is possible to other servers.

Question B: If you want to add a ns3 after some while, is there a way to automatically add the ns3 to the existing zonefiles?

lorio · Sep 16, 2013

Are the questions too silly? Forgive for asking again after a few months. Had to confess that found my own post and was happy someone asked the same question like me. Then I saw that it was me.

From a security perspective I see a benefit in not placing access keys of servers on nameservers.

cPanelMichael · Sep 16, 2013

marcju11 said:
Just to be sure everything is ok now :

1) Is it normal that in my DNS Zones : ns1.mydomain.com is the SOA for my zones : ns1.mydomain.com , ns2.mydomain.com AND hostname..mydomain.com ?

2) Is it normal that there is a "NS record" for ns1.mydomain.com pointing to my ns1.mydomain.com and ns2.mydomain.com (and a "NS record" for ns2.mydomain.com pointing to ns1.mydomain.com and ns2.mydomain.com) ?

Thank you !

1. Yes, this is normal.
2. Yes, this is normal as well.

marcju11 said:
Question A: Why should be clustering activated on the DNSOnly ???
Question B: If you want to add a ns3 after some while, is there a way to automatically add the ns3 to the existing zonefiles?

A. Yes, that is correct. It's not required to setup the reverse trust relationship from the DNS-Only server to the hosting server.

B. No, you would have to edit the zones through a custom script or manually to add the additional NS record to the zone files.

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
L	Modsecurity - Configure Individual Domains	Domain Management	2	Apr 20, 2020
S	How to configure the base domain	Domain Management	7	May 1, 2019
S	Configure CNAME Records per Domain?	Domain Management	6	Apr 11, 2019
	How to configure subdomain from another server?	Domain Management	9	Apr 4, 2019
T	Configure domains in new installation	Domain Management	4	Mar 16, 2018

Search

Search

Configure Main cPanel Server with 2 cPanel DNS Only Servers

marcju11

Member

cPanelMichael

Administrator

marcju11

Member

cPanelMichael

Administrator

marcju11

Member

lorio

Well-Known Member

lorio

Well-Known Member

cPanelMichael

Administrator