Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

DNS Clustering

Discussion in 'Bind/DNS/Nameserver' started by dstana, Jun 4, 2018.

  1. dstana

    dstana Well-Known Member

    Joined:
    Jul 6, 2016
    Messages:
    46
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Phoenix, AZ
    cPanel Access Level:
    Root Administrator
    I have a new setup I'm trying where I want to have the main server write DNS changes to 2 separate servers running cpanel DNS only. I'm trying to get the cluster setup but it doesn't seem to be working. I keep getting an error with the reverse trust relationship.

    What exactly is needed for permissions with the API token for:

    1. The main server
    2. The dns servers
     
  2. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,387
    Likes Received:
    92
    Trophy Points:
    103
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. dstana

    dstana Well-Known Member

    Joined:
    Jul 6, 2016
    Messages:
    46
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Phoenix, AZ
    cPanel Access Level:
    Root Administrator
    When you create the token you have to pick what permissions it grants.

    Nothing in the documentation says what's needed. Am I just supposed to grant everything?

    I guess if we're going to split hairs the documentation calls it "privileges".
     
  4. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,387
    Likes Received:
    92
    Trophy Points:
    103
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @dstana

    That's a good point, I do know that when I used the script:
    Code:
    /usr/local/cpanel/scripts/convert_accesshash_to_token
    It automatically granted all privileges but I believe that's more to do with the fact that it's the root user in my case. What I did do is create my api tokens with only the DNS cluster ACL enabled and I have no issues synchronizing DNS records
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. dstana

    dstana Well-Known Member

    Joined:
    Jul 6, 2016
    Messages:
    46
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Phoenix, AZ
    cPanel Access Level:
    Root Administrator
    Here's what I did.

    I setup API tokens through WHM with the DNS cluster enabled. At the end of creating the token, it gives what I assume is the access hash.

    Then I enabled clustering and set the DNS server to standalone and the Main server to Synchronize adding the access hash to each server.

    It says reverse trust isn't setup because it needs the hash on each server, even though it seems to be in place.

    On the DNS server, when I open DNS Functions and try to sync the zones, it says it's synchronized but there aren't any dns zones in /var/named.

    What am I missing?
     
  6. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,387
    Likes Received:
    92
    Trophy Points:
    103
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @dstana

    Can you confirm the following steps are what you're taking:

    Primary Server
    Step 1 - Go to WHM>>Clusters>>DNS Cluster -> enable DNS Clustering
    Step 2 - Configure [DNS Cluster]
    Step 3 - Fill in Boxes:
    Step 4. Once Remote cPanel & WHM DNS Host box is filled in the "Generate a remote API token" link should appear
    Step 5. Click the link which then has you log in to the remote server
    Step 6. Click +Generate Token
    Step 7. Select the ACL's you would like - As mentioned before I only used Clustering - DNS CLUSTERING
    Step 8. Copy the token/hash created:

    Step 9. Click "Yes I saved my token"
    Step 10. Enter the token/hash into the box "Remote server API token or access hash:"
    Step 11. Select Reverse Trust relationship
    Step 12. Select role
    Step 13. Click Submit
    Step 14. Repeat steps on the other server per the warning:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. dstana

    dstana Well-Known Member

    Joined:
    Jul 6, 2016
    Messages:
    46
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Phoenix, AZ
    cPanel Access Level:
    Root Administrator
    Yes, that's exactly what I've done. Still get this error:

    Code:
    The reverse trust relationship does not currently work without an access hash file on the remote server. You must login to the remote server and add this server to its cluster manager manually if you want the other server to be able to access this one.
    I've tried saving it again and still get the same results. The sync server shows the other server in it's path diagram and they both show the other server as green status.

    One thing I did notice is the DNS only server shows the hostname of the Main server, while vice versa does not.
     
  8. dstana

    dstana Well-Known Member

    Joined:
    Jul 6, 2016
    Messages:
    46
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Phoenix, AZ
    cPanel Access Level:
    Root Administrator
    I went through and did it again, and after the sync the zones came through.

    Made a test domain on the main server and the sync worked. I'm not sure what the problem was but it's resolved now.

    Thanks for your help.
     
  9. dstana

    dstana Well-Known Member

    Joined:
    Jul 6, 2016
    Messages:
    46
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Phoenix, AZ
    cPanel Access Level:
    Root Administrator
    I'm going through the same rigmarole trying to get a 2nd DNS only server working now. Using the same credentials for the main server but obviously a new api token generated for the 2nd dns server.

    I changed the modes a few times with the other pair and it worked. Not sure what the hang up is.

    Is there perhaps a service that has to be restarted for this to work correctly after they've been setup?
     
    #9 dstana, Jun 5, 2018
    Last edited: Jun 5, 2018
  10. dstana

    dstana Well-Known Member

    Joined:
    Jul 6, 2016
    Messages:
    46
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    Phoenix, AZ
    cPanel Access Level:
    Root Administrator
    So after trying a bunch of things I initiated the sync from the command line with
    Code:
    /scripts/dnscluster  syncall --full
    Now trying to sync from within WHM on cPanel DNS only works.
     
  11. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,387
    Likes Received:
    92
    Trophy Points:
    103
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @dstana

    It's odd because I didn't need to do that on my own cluster but it's possible that the fact I had previously had a cluster set up (which I removed to test this for you) that the syncall wasn't necessary.

    I'm going to turn my post for you into a tutorial and I'll test again on a fresh install of cPanel and DNSOnly before completing it.

    I'm glad to hear it's synchronizing and thanks for updating the thread.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice