The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DNS Cluster Question

Discussion in 'Bind / DNS / Nameserver Issues' started by NT, Jul 28, 2006.

  1. NT

    NT Well-Known Member

    Joined:
    May 4, 2004
    Messages:
    137
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    Hi,

    Is it possible to allow other servers to use the same secondary DNS server as I am?

    Each server would have different domain records, so server A might host example.com and server B might host example.co.uk - would this cause any problems with DNS lookups on the secondary machine (trying to associate the correct record with the correct primary server)?

    Also, does anyone have an easy way to setup some kind of maintenance page if the main server is down? I've been told that I'd need to modify the A record for the domain to point to the secondary machine, and then serve the page from that machine, but I don't know if anyone has a script to do that, or any alternatives?

    Thanks for your time,
    Nick.
     
  2. NT

    NT Well-Known Member

    Joined:
    May 4, 2004
    Messages:
    137
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    Any ideas guys?

    I reckon it's possible, but not sure if it's recommended!
     
  3. NT

    NT Well-Known Member

    Joined:
    May 4, 2004
    Messages:
    137
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    Well, I tried it and it seems to work fine :)
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The only real risk is if you don't trust the zones from any of the servers as a bad zone can bring the whole of the DNS service down. Also, if a malicious zone were created it would affect the cluster, for example if you allow a user to park a domain and they park hotmail.com or googlemail.com for example. Other than those risks, having one-way synchronization of servers to a "master" DNS cluster member is a good idea, so that you have diverse authoratative DNS servers.
     
  5. NT

    NT Well-Known Member

    Joined:
    May 4, 2004
    Messages:
    137
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    Hi Jonathan,

    Thanks for confirming what I thought.

    Should the WHM Remote Access Key be kept private? I know it allows people to run commands on the remote server, but surely the DNS-ONLY build can't have much to actually run? Can the key be decrypted, and if so, does it hide the root password anywhere?

    Regards,
    Nick.
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    AFAIK, the key system is a public/private key pair, not an encryption mechanism in itself. So, access is granted if you have the correct public key to root functionality on a server. As to how much you can do with it - it'll be restricted to the API, however, I would definitely say that revealing your public key is a 100% no-no.
     
  7. NT

    NT Well-Known Member

    Joined:
    May 4, 2004
    Messages:
    137
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    Excellent, thanks!
     
  8. NT

    NT Well-Known Member

    Joined:
    May 4, 2004
    Messages:
    137
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    Do you know of a good way to host some kind of maintenance page if the primary server went down?

    I believe this'd involve changing all IPs on the slave to point to itself (or another server) whenever the primary goes down (maybe by a ping test?), but I was wondering if there's any better or easier way?

    Thanks,
    Nick.
     
Loading...

Share This Page