The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DNS Clustering Duplicates?

Discussion in 'Bind / DNS / Nameserver Issues' started by sparek-3, Aug 3, 2009.

  1. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I thought that using a DNS cluster prevented you from having duplicate domain names in that cluster.

    For example, if you have two web servers (web1, web2) and they both sync to one nameserver (ns1), then if you set up an account on web1 (for example fakedomain.com) then you would not be able to set up fakedomain.com on web2.

    When fakedomain.com is set up on web1, then a DNS zone gets transferred over to ns1.

    If you try to set up fakedomain.com on web2, you would get an error that the domain already exists.

    At least this is how I thought DNS clustering used to work.

    Is this how DNS clustering is suppose to work?
     
  2. eth00

    eth00 Well-Known Member
    PartnerNOC

    Joined:
    Mar 30, 2003
    Messages:
    723
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    NC
    cPanel Access Level:
    Root Administrator
    Yeah if the domain name exists already in DNS it should bounce it back with an error.
     
  3. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    That is what I thought. I will look at it some more, it wouldn't be the first time that I've got something misconfigured.

    In this scenario both web1 and web2 should have the DNS role set to Synchronize Changes and ns1 should have the DNS role set to Stadalone. Is that correct?
     
  4. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Here's what that setup looks like:

    Web1 --> ns1
    Web2 --> ns1

    This means Web1 is sync'ing to ns1, but never sync'ing to Web2, hence no error on web2.

    If you changed ns1 to synchronize, here's what that would look like:

    Web1 <--> ns1
    Web2 <--> ns1

    Then records from Web1 would synchronize to ns1 and then to Web2.
     
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I thought this was the least ideal setup?

    Is this how most people have DNS clusters set up?

    I don't currently employ any type of DNS clustering on our servers, but I would really like to. For some reason, I'm not able to wrap my head around how to deal with domain duplicates. We don't have a lot of duplicates, but we have had times where we would set up accounts on two different servers. I am trying to figure out what the best way to handle those instances. I would like to prevent resellers from being able to create duplicate accounts on the clusters, and thereby overwriting DNS.
     
  6. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Usually, most people are synchronizing their records to their nameservers from their servers they're using for web content, as illustrated at:

    ConfigureCluster < AllDocumentation/WHMDocs < TWiki

    Is there any particular reason you want to use DNS clustering as a means to prevent duplicate domains rather than using the tweak settings in the domains section of WHM -> Server Configuration -> Tweak Settings? For example, not allowing customers to use the domains of other custmers should reduce these issues.
     
  7. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Well, what I'm trying to prevent is an instance where a reseller on another server can disrupt DNS for an account that is hosted on another server.

    Say I have web1 and web2 that are both webservers, they both sync DNS to ns1 and ns2.

    example.com is an account that is resolving to web1 and is using ns1 and ns2 nameservers.

    A reseller on web2 can create an example.com account, which would then overwrite the DNS for example.com. Now instead of example.com resolving to web1 it is resolving to web2. The reseller on web2 can delete the example.com account and now example.com resolves to nothing.



    I guess you could write something for prewwwacct that would check the DNS clusters and see if example.com already exists on the cluster.

    Are there any "prewrappers" for parked domains and addon domains? Because the resellers on web2 in my example could just as easily park example.com instead of creating a new account.
     
  8. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I'm confused. Why are you trying to build scripts and hooks for functionality that is already built into cPanel/WHM?
     
  9. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Maybe I am the one that is confused.

    How do I prevent this from happening:

    Is there a way to prevent that? I'm not saying that there isn't, I'm just asking if there is a way.

    Is the only way to prevent this to have web1 sync to ns1, ns2, and web2?

    This could be come quite cumbersome if you have 10 or more web servers. There also could be potential security implications because if web1 is hacked into, then hackers would also have access to web2 due to the root hash (wouldn't they?)

    Again, maybe I'm missing something.
     
  10. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I think I may have figured it out.

    You have to Disable BIND and NSD in Nameserver Selection on both web1 and web2.

    If BIND is selected, then web1 (or web2) will just check locally to see if the domain name of the account you are trying to add (or park) exists. Since it doesn't exist on that server, then this is allowed to go through.

    If Nameserver Selection is set to disable, then web1 (or web2) will check the cluster to see if a DNS entry already exists. This will prevent duplicates.
     
Loading...

Share This Page