The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DNS Cluster Setup Questions

Discussion in 'Bind / DNS / Nameserver Issues' started by Michael-Inet, Apr 20, 2014.

  1. Michael-Inet

    Michael-Inet Active Member

    Joined:
    Feb 20, 2014
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Austin, TX, USA
    cPanel Access Level:
    Root Administrator
    Question 1)
    If two-way sync configurations are no longer functional, what is the current solution to make one change, on any server in the cluster (as a site's primary DNS server may be down), and have it automatically update to all other servers in the cluster?

    Question 2)
    How does one "Edit a DNS Zone" on a DNSONLY server? In "CENTOS 6.5 x86_64 standard – WHM 11.42.0 (build 24)" there are no entries in "DNS Functions" beyond "Synchronize DNS Records" with cPanel DNSONLY.

    ### Details ###

    Current Setup (simplified):

    Server A: WHM/cPanel w/ multiple sites.
    Server B: WHM/cPanel w/ multiple sites, and FailOver backup for selected sites on A.

    Both A and B contain DNS entries for both A and B (manually propagated).
    All sites have A and B nameservers defined at their registrars.

    Works well, but it's a pain (as there are more than two Servers in reality).

    I'd like to add:

    C: cPanel DNSONLY.

    and enable Clustering. Such that, all have DNS records for all. So:

    A has A, B, and C.
    B has A, B, and C.
    C has A, B, and C.

    Per thread: Is cPanel DNS clustering working? - Hosting Software and Control Panels - Web Hosting Talk

    The solution use to be:

    In a simplified test with two servers (cPanel [Y] and cPanel DNSONLY [Z]) this still seems to work correctly. All the records from Y show up on Z and all the records from Z show up on Y, and any change to Y gets reflected on Z (see Question 2 though).


    But, per the newer WHM Guide to DNS Cluster Configuration: Guide to DNS Cluster Configuration

    How? Why? Because I'm stupid enough to make different changes to the same site on different servers at the same time, instead of some software problem?

    ### Repeating the Q's ###

    Question 1)
    If two-way sync configurations are no longer functional, what is the current solution to make one change, on any server in the cluster (as a site's primary DNS server may be down), and have it automatically update to all other servers in the cluster?

    Question 2)
    How does one "Edit a DNS Zone" on a DNSONLY server? In "CENTOS 6.5 x86_64 standard – WHM 11.42.0 (build 24)" there are no entries in "DNS Functions" beyond "Synchronize DNS Records" with cPanel DNSONLY.


    Best,
    Michael
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Regarding your quote:

    While this is not a recommended configuration, it should still function as you intend it to. Personally, I would setup two DNS-Only servers, and have it configured like this:

    A - Hosting Server
    B - Hosting Server
    C - DNS-Only Server
    D - DNS-Only Server

    A - Synchronize changes to C and D
    B - Synchronize changes to C and D
    C - Standalone
    D - Standalone

    In this scenario, you would not need to have the option to edit a DNS Zone on the DNS-Only servers. Simply edit them on the hosting servers and the changes are synced immediately.

    You may find the following document helpful:

    Guide To DNS Clustering

    Thank you.
     
  3. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider

    The setup for this is pretty simple:

    Server A -> DNSONLY C
    Server B -> DNSONLY C

    In other words, each hosting server should be directly clustered to the third server. Security is important here, so I would really recommend using write-only for this. However, this will result in the dnsonly server storing the zones for the two hosting servers, but the hosting servers will not have zones for each other. If you want this setup, you'd need to set the cluster type to 'sync' and configure a reverse trust relationship from the server C to servers A and B. This is really not a good idea though as far as security and performance is concerned. But it that's what you want, sync + reverse trust is how you do it.

    For question 2), that feature isn't listed, however, you can do either of the following:

    1) Switch to a full cPanel instance,
    2) Edit the zone from command line and use /scripts/dnscluster to sync it
     
  4. Michael-Inet

    Michael-Inet Active Member

    Joined:
    Feb 20, 2014
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Austin, TX, USA
    cPanel Access Level:
    Root Administrator
    Hi Michael

    The reason I'm reluctant to use your example is if a hosting server goes down (A), I must be able to edit the DNS to point their domains to their FailOver backup server (B).

    Both Hosting Server A and B already contain the same domain record (pointing at A), and I'm not seeing how both A and B trying to Synchronize changes for the same domain to C and D are any different than all being sync'd.

    Is there a round robin conflict problem? Where you make a change at server A, A sync's to B, B sync's to C, C sync's to A, A doesn't understand it's the original change and then sync's to B, creating an endless loop? {Okay, it's not exactly a loop, but let's keep it simple for the example.}

    At the end of the day, I just need something without a single point of failure, everybody sync'd to everybody seemed easy and convenient. The warning "two-way sync ... may cause DNS errors" is never explained.

    So, maybe I should just ask why that is?

    Best,
    Michael

    - - - Updated - - -

    Thanks Vanessa,

    Mine have to for FailOver purposes, which is why the long involved question...


    I figured I'd have to go command line...

    For those that don't know, the zone files are located in the directory '/var/named' , files are '*.db'

    Best,
    Michael
     
  5. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    In cPanelMichael's example, I don't see any reason why this would not work. Both dnsonly servers would have copies of all the zones from servers A and B, so if either server A or B had an issue, you can edit the zones from any of the other 3 servers. Both his example and mine would resolve this problem for you, but his factors in a little more redundancy.
     
  6. Michael-Inet

    Michael-Inet Active Member

    Joined:
    Feb 20, 2014
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Austin, TX, USA
    cPanel Access Level:
    Root Administrator
    Hi Vanessa,

    cPanelMichael's example has the same issue with sync that the cPanel documents both he and I linked to warn, "may cause DNS errors on your servers."

    In his example all changes would have to be made on a hosting server, which would NOT update DNS entries in the other hosting servers in the cluster. {Yes, I kept the example to only three total servers, but there are more than three.}

    # # # # # #

    Let's get back to finding the reason behind the warning:

    - Is the warning because of user idiocy?
    - Is the warning because of software limitations?

    Best All,
    Michael
     
  7. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    If you have a reverse trust relationship set up, I fail to see how this would be the case. With this setup, if you sync the zone from server A, for example, it will sync to the dnsonly server, and then back to both server A and server B. This setup is obviously inefficient in the fact that it's creating more transactions than necessary, and the more servers you have in the cluster, the worse this is going to be (trust me - I've seen this god knows how many times). But this does accomplish what you want. When you affirmatively stated that it will not work, did you actually test it exactly how it was described? I tried it within one of our labs and it seems to work fine:

    ServerA -> dnsonly A (sync)
    ServerA -> dnsonly B (sync)
    ServerB -> dnsonly A (sync)
    ServerB -> dnsonly B (sync)

    (You can also leave out dnsonlyB and the result will be the same)

    When changes were made to a zone on ServerA, ServerB also received the update.

    I still also fail to see the reason why you would want server a's zones on server b, and vice-versa. I get the need for redundancy in the event of failure, but you're approaching that problem in the most inefficient way possible. With the setup both of us suggested, if either hosting server fails, all you have to do is re-cluster the other in sync mode and sync all the zones down from the dnsonly server. With that being said, @cPanelMichael's setup is best for your usage case. The setup I previously described accomplishes exactly what you're asking for, but what you are asking for is not ideal in terms of how a DNS cluster should be set up when multiple servers are involved.

    This message is due to the fact that when you have a large number of servers in a dns cluster that are all set to sync mode, the number of transactions required to update all clusters creates more points of failure. It's an inefficient setup. When you have, say, 3 hosting servers in a cluster, a change on one server has to sync to all three, and back to the origin. That's a lot of waste, and one of those servers being down can create a break in the chain, especially if you're daisy-chaining.


    Yes. Not you in particular, but cPanel has to take into account that they have novice users too. Sort of like the "WARNING: CONTENTS HOT" message on your coffee cup. #thestruggleisreal
     
  8. Michael-Inet

    Michael-Inet Active Member

    Joined:
    Feb 20, 2014
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Austin, TX, USA
    cPanel Access Level:
    Root Administrator
    Thank you Vanessa,

    I can work with this. As I stated in the initial post, I have already tested it in a scaled down scenario. In the end I just needed to know that the software itself didn't have a hidden issue in regard to that warning.

    Best,
    Michael
     
Loading...

Share This Page