DNS Cluster work for a little while then bombs with "Requires cPanel update to support DNSSEC"

eugenevdm.host

Active Member
Oct 21, 2019
25
2
3
Cape Town
cPanel Access Level
DataCenter Provider
I have the following configuration in my cluster:

1. WHM / cPanel server with lots of domains.
2. Separate standalone name server #1
3. Separate standalone name server #2
4. Separate standalone name server #3

In my opinion this is a pretty normal setup. Server #1 doesn't have to do name server resolution, but must replicate to #2, 3, and 4.

Server #1 = writer
Servers #2,3,and 4 are standalone.

Issue is, I get this message after a little while on #2, 3, and 4:

"Requires cPanel update to support DNSSEC"

All servers are v84.0.17

Honestly I'm not interested in DNSSEC but I don't see a global "switch off DNSSEC" button.

What do I do to get replication working?
 
Last edited by a moderator:

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
9,012
762
263
Houston
cPanel Access Level
DataCenter Provider
Hello,

Is it stopping replication? This should just be a notice about DNSSEC but it is related to an internal case we have open currently - CPANEL-30161. As of right now if you Want DNSSEC to be usable you must have it enabled on ALL cluster members. In this instance, it doesn't sound like it's something that you want/need and as such, until the internal case is resolved I'm not seeing any reports of failures to synchronize.
 

eugenevdm.host

Active Member
Oct 21, 2019
25
2
3
Cape Town
cPanel Access Level
DataCenter Provider
Hi @cPanelLauren, thanks for the reply.

Is it stopping replication?
Replication worked for one record, then stopped working.

should just be a notice about DNSSEC
When the notice appears the UI breaks, no more dropdown to choose type and click "Save" button. I'll wait for a fix.

you must have it enabled on ALL cluster members
How to I DISABLE DNSSEC on all cluster members? This would be a good start.

Could you confirm the following configuration is correct:

Web Server:
  • Nameserver Selection - Disabled
  • DNS Server #1 - Write only
  • DNS Server #2 - Write only
  • DNS Server #3 - Write only

DNS Server #1 :
* Web Server - Synchronize

DNS Server #2 :
* Web Server - Synchronize

DNS Server #3 :
* Web Server - Synchronize
 

eugenevdm.host

Active Member
Oct 21, 2019
25
2
3
Cape Town
cPanel Access Level
DataCenter Provider
you MUST have PowerDNS on ALL cluster members
Interesting, as we have two Web servers, the one is working perfectly, and it has no DNS server. It's disabled. The disabled one works. The enabled one doesn't work. The ticket is going on 48 hours now starting to loose faith that someone can tell me what's going on here. I'm still unsure if the architecture of standalone x 4 and write write is supposed to work. This is the most simple DNS configuration in the world.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
9,012
762
263
Houston
cPanel Access Level
DataCenter Provider
@eugenevdm.host

It's possible that's related to an issue with reverse trust being auto-generated when you select the checkbox in the configuration. I checked in on your ticket and it appears that this question was addressed in there as well and we were awaiting your response to confirm that everything is functioning as intended.