DNS Cluster shows Bind not PowerDNS

thowden

Well-Known Member
May 17, 2013
91
16
58
Australia
cPanel Access Level
Root Administrator
Hi All

I have just noticed an issue with the "Remote Server Type" in my DNS Cluster which is showing as "Bind" on all my servers even though it was originally showing "PowerDNS" and the remote servers are still using PowerDNS, and I have checked that they are.

This is only recent as I was updating my cluster API tokens in December and PowerDNS was reported. I only spotted the change this morning as I was configuring a new hosting server and adding it to use the DNS cluster. I then checked all the existing servers and they are all showing "Bind". I expect it is related to a recent WHM/CPanel update.

Config: 4 x DNS Only servers all on the same WHM/CPanel CentOS versions. CentOS v8.5.2111 DNSONLY xen hvm v100.0.9 - these are all Stand-Alone accepting Write-Only updates from the hosting servers.

Hosting Servers: 5 x Various CentOS and AlmaLinux as the base install, CloudLinux / WHM / Cpanel versions vary over different ages.

1644701361296.png
Screenshot example from one of the hosting servers, but representative of all the hosting servers. Should be showing and were showing PowerDNS previously.

No error reported, no apparent impact on the DNS service, just disconcerting at 0600 Sunday morning when its not expected.

Bug? Setting change? Ideas please.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
It's interesting to me that the "Status" column is also empty. Could you run this command on one of the DNSOnly systems?

Code:
whmapi1 installed_versions | egrep 'bind|powerdns'
If you could let me know the output of that we can go from there.
 

cPanelPeter

Senior Technical Analyst
Staff member
Sep 23, 2013
585
25
153
cPanel Access Level
Root Administrator
Interesting. It shows both DNS servers installed at the same time. This shouldn't be possible. Please consider opening a ticket so that we can take a further look at your DNS Only server.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,707
353
438
Finland
cPanel Access Level
Root Administrator
Interesting. It shows both DNS servers installed at the same time. This shouldn't be possible. ...
In a DNSONLY server:

Code:
[[email protected] ~]# whmapi1 installed_versions | egrep 'bind|powerdns'
  bind: 9.11.4-26.P2
  powerdns: 4.4.1-2.cp11100
Remote Server Type shows powerdns as expected.

I checked that in several servers and in all both bind and powerdns are installed.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,707
353
438
Finland
cPanel Access Level
Root Administrator
Very odd. Can you please run this on both a WHM and a DNS Only server?
Code:
grep local_nameserver_type /var/cpanel/cpanel.config
WHM:
[[email protected] ~]# grep local_nameserver_type /var/cpanel/cpanel.config
local_nameserver_type=powerdns

DNSONLY:
[[email protected] ~]# grep local_nameserver_type /var/cpanel/cpanel.config
local_nameserver_type=powerdns
 

cPanelPeter

Senior Technical Analyst
Staff member
Sep 23, 2013
585
25
153
cPanel Access Level
Root Administrator
Please open a ticket. I'm very interested in reviewing this. There was a past case we had for version 92 that had an issue similar to this. We might need to file a new case if this issue has returned.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,707
353
438
Finland
cPanel Access Level
Root Administrator
I am not the OP of this thread, haven't had any issues with DNS clustering, but I got interested and noticed that both bind and powerdns are installed.
 

cPanelPeter

Senior Technical Analyst
Staff member
Sep 23, 2013
585
25
153
cPanel Access Level
Root Administrator
OK, thank you. It seems we may have changed the way we detect which DNS Server is running/installed in the UI. It used to be with the installed_versions whmapi1 call but that may no longer be the case. I just tested it on my own server and it also shows both installed (which still shouldn't be possible), but if your UI is correct and mine is correct, then that means it's no longer relevant.

If the original poster @thowden could please open a ticket, it would be a great help to determine if we have a new or different defect that needs to be addressed. It might just be a misconfiguration on the server too, so I really am interested in finding out what the issue is.
 

cPanelPeter

Senior Technical Analyst
Staff member
Sep 23, 2013
585
25
153
cPanel Access Level
Root Administrator
Hello,

Thank you for the update and ticket number. I see my colleague Jeff responded to you and provided instructions on how to add the additional servers. The message you get (above) happens if you have more than 1 tab or browser window open and are logged on more than once.

The ns1 server Jeff had access to, shows that DNS Clustering is enabled, but there are currently no servers defined. (no reverse trust). That's likely part of the issue.
I'm monitoring the ticket and will assist Jeff or any of our analysts as needed.
 
  • Like
Reactions: cPRex

thowden

Well-Known Member
May 17, 2013
91
16
58
Australia
cPanel Access Level
Root Administrator
Hi

As at January 5th and for the past 12 months or more, the 4 DNS servers have operated ok, showing PowerDNS.

The DNS Only servers were newly deployed in April/May 2021 replacing my older servers. Specifically using PowerDNS and not Bind. So I know that PowerDNS was configured on these servers and Bind was not (at least not visibly noted as installed and not expected).

Further, I know Jan 5th as it is in my documentation when I updated some of the API keys connecting to the 4 DNS servers. i.e. The cluster information displayed on the hosting servers showed PowerDNS as the Remote DNS for all. If Bind had been displayed then I would have started this thread on January 5th.

As at last Sunday the hosting servers show Bind as the remote DNS. That status change in the webhosts DNS cluster page has changed between Jan 5th and Feb 13th.

If both Bind and PowerDNS are installed on the DNS Only hosts, then that has occurred since Jan 5th and prior to today. The only change that I am aware of was the update to v100.0.9 applied at some point in time recently, but I do not track minor updates (I am starting to do so now).

In relation to reverse trust, I have never had that. The goal was to have the DNS servers do nothing other than receive the zones from the web hosting servers and serve zones to the interwebs. Each DNS Only server acts independently with Write Only configured from the webhost servers to the DNS Only servers. There is no synchronisation or relationship between the DNS Only servers. This method ensures that all zones are processed to all DNS servers and that any server can fail without impacting any other server (at least that is the expectation) and all zones will still be available.

If there is a requirement for Reverse Trust, it would appear to be redundant, as the configuration has worked without it for 5+ years.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
Thanks for the additional details. It's likely best to continue with the ticket since it seems like we'll need to examine the specific configurations on at least one WHM and DNSOnly system in order to come up with more information about this behavior.
 

thowden

Well-Known Member
May 17, 2013
91
16
58
Australia
cPanel Access Level
Root Administrator
Hi All

The resolution to this was provided via a support ticket. I am documenting the solution here for any follow up.

The issue is that the CentOS 8 repo's for yum are failing. The /var/log/dnf.log showed

Code:
CentOS Linux 8 - AppStream                       20 kB/s | 246  B     00:00   
Error: Failed to download metadata for repo 'appstream': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
(XID s5s363) “/usr/bin/yum” reported error code “1” when it ended:
To avoid this error I have disabled 2 repo's. The second was made apparent after disabling the appstream and presented an error on baseos repo.

Code:
#yum-config-manager --disable appstream
#yum-config-manager --disable baseos
I then ran

Code:
#yum update
and restarted the server.

The command previously suggested is still showing both name servers, but that might be a false positive:

Code:
[[email protected] ~]# whmapi1 installed_versions | egrep 'bind|powerdns'
bind: 9.11.26-6
  powerdns: 4.4.1-2.cp11100
But checking a webhosting server for DNS Cluster config shows PowerDNS as desired which confirms the fix.
1645092187913.png
That said and done, it is obviously an issue with the underlying CentOS 8 and I will now bring forward my upgrade plan and provision new AlmaLinux base for DNS Only which will hopefully avoid further issues.

Thanks to all who assisted.
 
  • Like
Reactions: cPRex