DNS Cluster work for a little while then bombs with "Requires cPanel update to support DNSSEC"

[eugenevdm.host]

I have the following configuration in my cluster:

1. WHM / cPanel server with lots of domains.
2. Separate standalone name server #1
3. Separate standalone name server #2
4. Separate standalone name server #3

In my opinion this is a pretty normal setup. Server #1 doesn't have to do name server resolution, but must replicate to #2, 3, and 4.

Server #1 = writer
Servers #2,3,and 4 are standalone.

Issue is, I get this message after a little while on #2, 3, and 4:

"Requires cPanel update to support DNSSEC"

All servers are v84.0.17

Honestly I'm not interested in DNSSEC but I don't see a global "switch off DNSSEC" button.

What do I do to get replication working?

 

[cPanelLauren]

Hello,

Is it stopping replication? This should just be a notice about DNSSEC but it is related to an internal case we have open currently - CPANEL-30161. As of right now if you Want DNSSEC to be usable you must have it enabled on ALL cluster members. In this instance, it doesn't sound like it's something that you want/need and as such, until the internal case is resolved I'm not seeing any reports of failures to synchronize.

 

[eugenevdm.host]

Hi @cPanelLauren, thanks for the reply.

Is it stopping replication?

Replication worked for one record, then stopped working.

should just be a notice about DNSSEC

When the notice appears the UI breaks, no more dropdown to choose type and click "Save" button. I'll wait for a fix.

you must have it enabled on ALL cluster members

How to I DISABLE DNSSEC on all cluster members? This would be a good start.

Could you confirm the following configuration is correct:

Web Server:

• Nameserver Selection - Disabled
• DNS Server #1 - Write only
• DNS Server #2 - Write only
• DNS Server #3 - Write only

DNS Server #1 :
* Web Server - Synchronize

DNS Server #2 :
* Web Server - Synchronize

DNS Server #3 :
* Web Server - Synchronize

 

[eugenevdm.host]

I've logged a ticket. This DNS Clustering is very confusing, and broken. A simple setup keeps on reverting to DNSSEC issues even though we don't use DNSSEC at all.

 

[cPanelLauren]

Hello,


That's the problem, right now, you can't disable DNSSEC and you MUST have PowerDNS on ALL cluster members. That's why the case was opened, initially.

Until it's resolved, the only workaround is to have a nameserver installed on all servers.

 

[eugenevdm.host]

you MUST have PowerDNS on ALL cluster members

Interesting, as we have two Web servers, the one is working perfectly, and it has no DNS server. It's disabled. The disabled one works. The enabled one doesn't work. The ticket is going on 48 hours now starting to loose faith that someone can tell me what's going on here. I'm still unsure if the architecture of standalone x 4 and write write is supposed to work. This is the most simple DNS configuration in the world.

 

[eugenevdm.host]

Any comment on why I have to repeatedly create new API tokens?

 

[cPanelLauren]

@eugenevdm.host

It's possible that's related to an issue with reverse trust being auto-generated when you select the checkbox in the configuration. I checked in on your ticket and it appears that this question was addressed in there as well and we were awaiting your response to confirm that everything is functioning as intended.