DNSCluster with DNSOnly Questions

[ronaldst]

I have two dedicated web servers running WHM, and one VPS running DNSOnly. My DNSOnly server recently had a disk failure and I realized my redundancy isn't at the level I need it to be. I have acquired second VPS to run another DNSOnly server.

After fiddling about on my own I am left with a few questions regarding the proper way of setting up DNS Cluster, and in particular how to configurate the zone files for my nameservers.

Overview of my setup
server1.domain.com (running ns7.domain.com, ns8.domain.com)
server2.domain.com (running ns9.domain.com, ns10.domain.com)

vps1.domain.com (running ns1.domain.com, ns2.domain.com)
vps2.domain.com (running ns3.domain.com, ns4.domain.com)

Each nameserver is running on a dedicated IP address, in current setup a total of 8 IP's just for nameservers. I don't know if this is the optimal setup but it seem to be the logical thing to do.

Registrar
I've set the domain to use ns1, ns2, ns3, ns4 to be used at the registrar (GoDaddy in this case). I've also added a hostname (and their IP's) to each of the servers/vps/nameservers.

Cluster
On server1.domain.com and server2.domain.com, I've added (WHM - Clusters - DNS Cluster) vps1.domain.com and vps2.domain.com to "Write Only" configuration, and enabled "Reverse Trust".

On vps1 and vps2 I have "Enable DNS Cluster", but not added any servers to the list.


Now comes the part where I am having issues, and will keep this part to server1 to simplify things. At this point I haven't done any extra configuration to server2 as I am seeing issues with my setup already.

server1
I have used "Add DNS Zone" and added a zone for vps1, vps2, ns1, ns2, ns3 and ns4. One zone for each. I also added A records to domain.com for ns3 and ns4.

My domain.com zone file looks like this (edited to show relevant info only)

domain.com.     86400   IN      SOA     ns1.domain.com.  domainhost.gmail.com.
domain.com.     86400   IN      NS      ns1.domain.com.
domain.com.     86400   IN      NS      ns2.domain.com.
domain.com.     86400   IN      NS      ns3.domain.com.
domain.com.     86400   IN      NS      ns4.domain.com.
ns7                14400   IN      A       1.1.1.7
ns8             14400   IN      A       1.1.1.8
domain.com.     14400   IN      A       1.1.1.100
ns1             14400   IN      A       1.1.1.1
ns2             14400   IN      A       1.1.1.2
ns3             14400     IN         A          1.1.1.3
ns4             14400     IN         A          1.1.1.4

My ns1.domain.com file looks like this (edited to show relevant info only)

ns1.domain.com.  86400   IN      SOA     ns7.domain.com.  domainhost.gmail.com.
ns1.domain.com.  86400   IN      NS      ns7.domain.com.
ns1.domain.com.  86400   IN      NS      ns8.domain.com.
ns1.domain.com.  14400   IN      A       1.1.1.1

My ns2.domain.com SOA record show

ns2.domain.com.  86400   IN      SOA     ns1.domain.com.  domainhost.gmail.com.

What puts me off here is that ns1 SOA points to ns7. ns2 SOA points to ns1. Am I supposed to point ns3 to ns7, and ns4 to ns3 and follow the same pattern? This is what I did:

ns3 SOA now points to ns7.domain.com. ns4 SOA points to ns3.domain.com.

(but I realize that I am now over my head and I am again having such struggle with DNS. It's the one topic my brain just fails to understand the logic of)

Using DNS Check tool at pingdom I am not getting any errors on domain.com.

However, if I run DNS Check on ns1, ns2 they come up with errors:

- Failed to find name servers of ns1.domain.com/IN.

- No name servers found at child.
No name servers could be found at the child. This usually means that the child is not configured to answer queries about the zone.

- Not enough nameserver information was found to test the zone ns1.domain.com, but an IP address lookup succeeded in spite of that.

DNS Check on ns3.domain.com and ns4.domain.com has no errors.


Is anyone able to enlighten me on what these errors are, and what I am doing wrong here?

What should the zone files of ns1,ns2,ns3,ns4 look like? What should SOA point to and should there be A and NS records for each nameserver in each zone file?

What about server2,ns9,ns10. How do I puzzle all of this together?

Thank you.

 

[cPanelLauren]

Hi @ronaldst

The SOA (Start Of Authority) defaults to the primary nameserver or the 1st nameserver in the nameserver list for the domain.

What should the zone files of ns1,ns2,ns3,ns4 look like? What should SOA point to and should there be A and NS records for each nameserver in each zone file?

Personally, I keep them all in the same zone file - so domain.com would carry ns1-ns8 NS records and A records and both should be present - this, in my opinion, helps keep things organized and there's less management of separate zone files. This should automatically be synchronized to the secondary servers in the cluster.

- Failed to find name servers of ns1.domain.com/IN.

- No name servers found at child.
No name servers could be found at the child. This usually means that the child is not configured to answer queries about the zone.

- Not enough nameserver information was found to test the zone ns1.domain.com, but an IP address lookup succeeded in spite of that.

All of these indicate that the nameservers aren't being recognized when doing a DNS lookup at some point it fails to retrieve the A record from the child record indicating that one one or more of the servers (besides the authoritative) the NS record is not present.

 

[lorio]

Personally, I keep them all in the same zone file - so domain.com would carry ns1-ns8 NS records and A records and both should be present - this, in my opinion, helps keep things organized and there's less management of separate zone files.

Isn't that the only way which works? The ns records inside the main zone of the domain sees to be the only way it is working (at least in the dns cluster setup).

BTW: What is default behavior when differen WHM server are in the DNScluster.
I have setup a new CentOS7 dnscluster and added a few WHM server. Each WHM only shows the DNS zones which are related to that specific WHM host. In the older days I was able to edit each DNS zone on the DNS cluster from each WHM host. Which made it risky to share the DNS cluster with different people.

 

[cPanelLauren]

Isn't that the only way which works? The ns records inside the main zone of the domain sees to be the only way it is working (at least in the dns cluster setup).

It should be but I've seen countless numbers of people who have them in two places - the root domain's DNS Zone as well as a separate zone file for the nameserver.

BTW: What is default behavior when differen WHM server are in the DNScluster.
I have setup a new CentOS7 dnscluster and added a few WHM server. Each WHM only shows the DNS zones which are related to that specific WHM host. In the older days I was able to edit each DNS zone on the DNS cluster from each WHM host. Which made it risky to share the DNS cluster with different people.

It would depend on your configuration but any zone present in /var/named/ will appear in the DNS Zone Editor at WHM>>DNS Functions>>Edit DNS Zone


Thanks!