Operating System & Version
Centos 7.7
cPanel & WHM Version
84.0.21

cambelbruce

Registered
Feb 17, 2020
1
0
1
greece
cPanel Access Level
Root Administrator
Hi,
we need some clarifications regarding dns-only servers in a dns cluster since we cant find specifics.
We need to transfer some old centos 5.5 dns-only VMs to newer machines.This is the topology:

Code:
Webserver1 ---> Sync changes ---> ns.example.com (centos 5.5)
Webserver1 ---> Sync changes ---> ns2.example.com

Webserver2 ---> Sync changes ---> ns2.example.com
Webserver2 ---> Sync changes ---> ns85.example.com

ns.example.com ---> no cluster set
ns2.example.com ---> no cluster set
ns85.example.com ---> no cluster set

-------After migration-------

Webserver2 ---> cluster with ----> ns, ns2, ns85
We need to make a new ns.example.com in another machine with a new IP and keep the name the same since we have a lot of customers using that DNS
The new ns.example.com will be added to a cluster with Webserver2 and Webserver1 will also be shut down after the migration of ns.
So a couple of questions:

1)If we shutdown or remove the old ns.example.com while transitioning to the new ns.example.com is it going to delete the dns entries everywhere due to synchronization?What is the best way to do the transition?

2)Webserver1 and Webserver2 share the same zones because they're syncing to the same ns2.example.com.The webservers are set with the option "setup reverse trust" in their cluster settings and there is no cluster activated on the dns-only side so we assumed it would be like standalone?If that is the case then why the zones entered in webserver2 pass to webserver1?This could lead to complications even with ns85 since they too share zones, when we temporarily drop ns.example.com .


Thank you for any insight you might have.
 
Last edited:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
1)If we shutdown or remove the old ns.example.com while transitioning to the new ns.example.com is it going to delete the dns entries everywhere due to synchronization?What is the best way to do the transition?
No, it shouldn't at all - when you shut it down it will not be able to synchronize either way but regardless of this transition you're doing, I wouldn't advise a two-way sync between the web server and the DNS server which looks like this:

Two-Way Synchronization


Screenshot at Feb 21 12-10-33.png

Direct Links

One way synchronization is all that's needed in a direct link cluster

Screenshot at Feb 21 12-12-22.png

Or to multiple servers like what you have set up currently:

DNSCLUSTER.png

2)Webserver1 and Webserver2 share the same zones because they're syncing to the same ns2.example.com.The webservers are set with the option "setup reverse trust" in their cluster settings and there is no cluster activated on the dns-only side so we assumed it would be like standalone?If that is the case then why the zones entered in webserver2 pass to webserver1?This could lead to complications even with ns85 since they too share zones, when we temporarily drop ns.example.com .
The difference between Reverse Trust and Two-Way Synchronizations

  • Reverse trust and two-way synchronizations are different
    • A Reverse Trust relationship allows servers in a DNS cluster to share records with one another.
      • You need it for either Standalone or Synchronize Changes roles
    • Synchronize records has a few forms which are discussed here: Synchronize DNS Records | cPanel & WHM Documentation
      • Ultimately though we recommend that you do not set up the nameserver to synchronize data to a web server, because this creates extraneous zones on the webserver. This means that you do not need to log in to WHM on the nameserver and set the web server’s DNS role to Synchronize changes.
  • The above being said the only way the zones from Web Server 1 are present on Webserver 2 (and vice versa) is either at some point the cluster was set to synchronize both ways or the cluster was synchronized manually.
Before making changes to your DNS cluster
  • I'd advise you to check the configuration of all cluster members for both web servers
    • Setting up reverse trust relationship is required
    • Ensure the web servers are set to synchronize to the DNS Servers
    • Ensure that the DNS Only servers are notset to synchronize with the webservers - this can look like one of the following:
      • DNS clustering hasn't been modified on the DNS Only Server
      • DNS Clusters has been modified on the DNS Only Server and the role is set to Standalone
        • This method fetches DNS records from the remote server but does not write records from the local server to the remote server.
  • Once the configuration has been checked, I'd advise removing the zones from WebServer 1 on WebServer 2 and vice versa.