The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DNS Question - Difficult One At That

Discussion in 'Bind / DNS / Nameserver Issues' started by OffbeatAdam, Oct 12, 2009.

  1. OffbeatAdam

    OffbeatAdam Active Member

    Joined:
    Jan 24, 2006
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    San Antonio, TX
    Greetings Everyone,

    I always seem to have difficult questions...

    Anyways.

    The problem: cPanel "DNS Clustering" is a misnomer. Distributed load does not mean distribute the exact same data on every server. A true clustered solution has distributed load for different portions of its service allowing for an exceptional increase in capacity. In cPanel's case, the maximum is still the same maximum, it is merely redundant. Therefore, one could easily say that DNS Clustering is not clustering at all, but merely replication for HA.

    My desired solution: While I know that cPanel will likely never support the likes of a custom DNS solution (even BIND has better custom solutions, note: "reload" is the wrong way to add a new zone), I do have the ability to develop certain solutions to "bridge the gap" so to speak. I've been googling my butt off trying to see if this has already been done.

    I assume that when a DNS update is pushed via cpanel in a dns clustered environment, it sends some sort of information via its API, be it soap, json or whatever. This information then is intercepted by the dns cluster, applied to its zone files (or created on this server if new), and then a reload is initiated.

    If this information IS in fact transmitted in this fashion, accessing it would make using -any- dns solution that CAN be truly clustered (and expandable into the millions of domains) relatively simple.

    Obviously there are different bits of information that are needed:

    Every server will need to know what zones exist, so that the cpanel client experience does not change.
    Every server will need to believe this clustered DNS solution is in fact a cpanel DNS system.

    And so on.

    Thats where the difficulty is.

    I don't want to build a complicated solution, I want to build an XML-ish listener in whatever language (probably PHP due to time and C as soon as I could complete it) that will update my database-driven DNS solution, and make it available to the community - ultimately because I'm sick of running a whole bunch of dns servers and them crashing once the reseller count reaches a certain height.

    Any assistance would be appreciated!

    Thanks,

    Adam
     
  2. ChrisFirth

    ChrisFirth Active Member
    PartnerNOC

    Joined:
    Apr 10, 2008
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    Hi Adam,

    Although I don't think I can help in your specific case, we also had a similar issue.

    I have not personally used the cPanel DNS "Clustering" in a production environment, although all of our cPanel servers do have centralised DNS on our own DNS cluster (using tinydns).

    Basically, we do the following (this is an environment with a large number of cPanels, when I refer to the mySQL database it is hosted on our mySQL cluster):

    1. All usernames, domain names and encrytped passwords for all cPanel accounts are in a central mySQL database. We use a perl script to do this on a cron. This way across all of our websites a customer can use 1 login form and it will grab the details for that user out of the database and redirect them to the appropriate cPanel server logging them in. Keep in mind if you go down a similar road chances are you will have duplicate usernames across the servers, so you must take this into account (the main issue I can think of at this stage with our solution is that we ask for the cPanel username rather than the domain on our login form. This issue is covered below)

    2. Another script is run on a cron that picks up any changes in the zone files on the server. If there is a change detected the zone file is parsed and entered into the mySQL database. Our DNS server syncs out of that database with a cron job, which then just scp's over to our other DNS servers the zone data file (a single file with tinydns).

    The two main issues we ran into were:

    - Duplicate usernames: If two accounts have the same username our script then checks to see if the password matches either account and then logs them in, so if two of the same usernames have the same password they will be able to log into one persons account only. This can be fixed by asking for the domain name rather than the cPanel username.

    - Duplicate accounts: In some cases accounts are moved from one cPanel server to another (eg. we have a set of cPanels that have some software installed that the others don't). If the old account is not removed from the previous server, this can confuse the DNS script (how does it know which server is the correct one?). To resolve this issue, in our shared mySQL database there is a list of servers and a priority assigned for each server. That way the account that is on the server with the highest priority is always used (except if the account is suspended on that server, then it will go to a lower priority one).

    Thats all of the issues I can think of off the top of my head.

    So far there have not been any issues with the above setup (in both WHM 11.24 and 11.25 as well as previously 10).

    The main advantages the above setup had for us is that we can move accounts between servers quickly and without making changes on the domain (assuming that the name servers are set to our ones), and adding new cPanel servers is as simple as deploying the clone image we have and assigning the server a priority in the database.

    As I said, I have not played around with the cPanel DNS clustering tools

    This is a basic overview on how I set up our DNS cluster for cPanel clients, so if you have any more questions feel free to ask.
     
  3. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The individual cluster members use /usr/local/cpanel/Cpanel/Accounting.pm to interact with their immediate peers.

    Communication is initiated by /usr/local/cpanel/whostmgr/bin/dnsadmin. There are a number of commands, such as:

    GETZONE
    GETZONELOCAL

    If you look through the dnsadmin Perl script you'll see the commands executed. You can also exercise the dnsadmin script directly from the command line:

    Code:
    root@huxley [~]# /usr/local/cpanel/whostmgr/bin/dnsadmin
    GETZONE 
    zone=super.genius
    ; cPanel 11.25.0-NIGHTLY_40039
    ; Zone file for super.genius
    $TTL 14400
    @      86400	IN      SOA     ns1.cpanel.com. cpanelqa.gmail.com. (
    		2009100900	; serial, todays date+todays
    		86400		; refresh, seconds
    		7200		; retry, seconds
    		3600000		; expire, seconds
    		86400 )		; minimum, seconds
    
    super.genius. 86400 IN NS ns1.cpanel.com.
    super.genius. 86400 IN NS ns2.cpanel.com.
    
    
    super.genius. IN A 192.168.99.236
    
    localhost.super.genius. IN A 127.0.0.1
    
    super.genius. IN MX 0 super.genius.
    
    mail IN CNAME super.genius.
    www IN CNAME super.genius.
    ftp IN CNAME super.genius.
    wizard 14400 IN A  192.168.99.236
    www.wizard 14400 IN A  192.168.99.236
    
    When WHM or cPanel modify a zone locally, and the local server is a member of a cPanel DNS Cluster, then an appropriate command ( e.g. SAVEZONE ) is sent to the local dnsadmin-ssl binary ( same as the dnsadmin script, but with SSL capabilities ). The dnsadmin-ssl binary is what triggers the interaction among the peers.

    A typical interaction is:

    1. Local server requests a zone from the cluster
    2. Local server compares serial numbers from the peer provided zones
    3. If local zone is newer it is transmitted to the peers

    Please note the above interaction is greatly simplified.
     
  4. OffbeatAdam

    OffbeatAdam Active Member

    Joined:
    Jan 24, 2006
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    San Antonio, TX

    Thanks for the awesome idea!

    Unfortunately the way that I'm hoping to go about this, which I admit is likely a fools hope, is removing some of the sacrificed horsepower on these boxes. We have a bit of a budget shop and extra powerful hardware just isn't easy to come by, especially with the downturn recently.

    So, removing the need for named at all would be optimal, which if I remember correctly can be done with postwwacct scripting. The problem is, no one seems to know what data is sent to this script, or the dnsadmin script, after creating a wwaccount or modifying a zone. If I had this, we could skip over monitoring for changes on files, and just go straight to direct injection from cpanel itself.

    This seems like it'd be pertinent information to have for developers if you can write replacements for these tools (dnsadmin and postwwacct) no?
     
  5. ChrisFirth

    ChrisFirth Active Member
    PartnerNOC

    Joined:
    Apr 10, 2008
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    The end product of what we have done has completely removed the need for named running on the cPanel servers locally (the DNS zone files are still written the same way etc, just the name server is no longer running).

    I agree, it would be great if there was some way we could get cPanel to even just execute another script open editing a zone or something.
     
  6. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    You can use /var/cpanel/prednsadmin to short-circuit the use of dnsadmin. dnsadmin is called for 99% of the Zone modification functions in WHM and cPanel, even when a server is not in a cluster.
     
  7. ChrisFirth

    ChrisFirth Active Member
    PartnerNOC

    Joined:
    Apr 10, 2008
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    Thanks Kenneth - is that script called with any arguments (such as the domain name?)

    It would be handy if it was so you can sync a specific zone.

    Edit: Sorry, I misread what the file does.. it just stops dnsadmin from running.
     
    #7 ChrisFirth, Oct 14, 2009
    Last edited: Oct 15, 2009
  8. ChrisFirth

    ChrisFirth Active Member
    PartnerNOC

    Joined:
    Apr 10, 2008
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    Hi Kenneth,

    It seems as though if the name server in WHM is set to disabled, this script is not executed at all (which makes sense). Is there any script that is executed on change of a DNS zone?
     
  9. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I know it's more work, but at this time the best option is to use the various hooks we provide to capture the required information. More information about the hooks is in our documentation: Hooking into cPanel Functionality
     
Loading...

Share This Page