DNS cluster setting bind view of internal by default

[Alcedema]

The view of each zone on the master cpanel server is set as "external" which is fine, but once the zone has replicated over to the DNS cluster slaves (DNSONLY) the zones are placed in the "internal" view; so are not available for external lookups by default.

Is this a setting in cpanel or is it a bind default? I need to change this as soon as possible!

Thanks,
-Tim

 

[cPanelDon]

The view of each zone on the master cpanel server is set as "external" which is fine, but once the zone has replicated over to the DNS cluster slaves (DNSONLY) the zones are placed in the "internal" view; so are not available for external lookups by default.

Is this a setting in cpanel or is it a bind default? I need to change this as soon as possible!

Thanks,
-Tim

What is the full version number with build ID of the cPanel/WHM server(s) and DNSONLY server(s); more specifically, how many servers are in your cluster and what version+build of cPanel is on each?

The full version number with build ID may be obtained using either of the following two commands via root SSH access:

# /usr/local/cpanel/cpanel -V
# cat /usr/local/cpanel/version && echo

I apologize for the number of questions that follow, but it helps to gather as much detail as possible to better diagnose what may be happening to cause the problem. If you prefer, our support team can investigate more thoroughly once a ticket is submitted.

It will also help to know the following:
1.) Does the issue affect more than one DNSONLY server in your cluster?
2.) Does the issue affect other cPanel/WHM servers that receive the DNS zone from the source server that created it?
3.) Does the "external" view exist on the affected DNSONLY server(s), and if yes, are there any zones within the external view?
4.) Are any errors or warnings displayed when manually restarting BIND/named via root SSH access on the DNSONLY server(s)? This can be done using the following command:

# /etc/init.d/named restart

5.) Are any errors or warnings displayed when running the following command via root SSH access on the DNSONLY server(s)?

# named-checkconf /etc/named.conf

 

[Alcedema]

Hi, thanks for the reply.

Main Cpanel server
11.24.5-RELEASE_38506

DNS1
11.24.4-DNSONLY_33314

DNS2
11.24.4-DNSONLY_33314

DNS3
11.24.4-DNSONLY_33314

Main Cpanel server syncs with the other 3. Other 3 set to standalone.

1) Affects all dnsonly servers
2) No other servers in cluster.. but I've seen that the main cpanel server creates a zone in the internal view aswell as the external view when an account is set up. Is it meant to create 2 zones for the same account?
3) External view is on all servers. The DNSonly servers also have our own zones (not in a cpanel account) in the external view.
4) Stopping named on 2 of the 3 DNSONLY servers failed. Forceful shutdown and start revealed no errors.
5) No errors on any of the servers.

Thanks,
-Tim

 

[cPanelDon]

1) Affects all dnsonly servers
2) No other servers in cluster.. but I've seen that the main cpanel server creates a zone in the internal view aswell as the external view when an account is set up. Is it meant to create 2 zones for the same account?
3) External view is on all servers. The DNSonly servers also have our own zones (not in a cpanel account) in the external view.
4) Stopping named on 2 of the 3 DNSONLY servers failed. Forceful shutdown and start revealed no errors.
5) No errors on any of the servers.

When a new zone is created, only one copy of it exists (e.g., in "/var/named/"); however, depending on the preexisting BIND configuration (if "/etc/named.conf" has views or not) there should be an entry in both the internal view and the external view, or if no views exist there should be only one entry for the zone file.

How many DNS zones are in your cluster?

Was named.conf ever manually edited to add new DNS zone entries, or was cPanel/WHM used exclusively to add new DNS zones? To note, WHM may be used to add DNS zones without requiring association with a specific cPanel user account.

Are you able to verify if each DNSONLY server fails to respond to queries for hosted DNS zones (e.g., using "dig" via command-line SSH access)?

Here are two example "dig" commands; please test first quering the loopback IP address from the server's console, then test using the external DNS/name server IP address of each server running either cPanel/WHM or DNSONLY. To note, in the second command, replace "1.2.3.4" with your server's external (public/WAN) IP address:

# dig @127.0.0.1 +all +multiline domain.tld ANY
# dig @1.2.3.4 +all +multiline domain.tld ANY

 

[Alcedema]

This is a completely new installation, so we have 0 customer zones in the cluster, but are testing by adding accounts to the main cpanel server. We have the default bind zones as well as 5 slave zones in external view. These are our production zones, added by webmin, which have a master on the internal network (not the cpanel server).

Interesting, the DNSONLY server that shutdown without problems is now the only one that creates the zone in both external and internal views. Therefore the only one that serves results to a dig.

Okay, I found the problem. By comparing the config files I found that for some reason, the start of the external view was:

view external {

instead of the form that cpanel likes:

view "external" {

Changing this to "external" now has all zones replicating both internal and external views.

Thanks for your help Don!

-Tim