DNSOnly, DNS Cluster "Could not communicate with remote API server."

[Ross Healy]

Hello All,

Does anyone have any suggestions on rectifying this error?

I've attempted to cluster NS1 & NS2 to syncronize records. For the purpose of fault finding I've removed any limitations on the API token's access to include all privillages as well as removed specific whitelisted IP's for the API token, as well as network traffic to port 2087. When clustering it seems there is also an issue configuring a reverse trust relationship.

Name Server 1 (NS1)
CPanel DNSOnly
Cpanel Version: V98.0.8
DNS: PowerDNS
InBound Port Configuration: 22 TCP, 25 TCP, 53 TCP/UDP, 443 TCP, 953 TCP/UDP, 2087 TCP
OutBound Port Configuration: 25 TCP, 53 TCP/UDP, 443 TCP, 953 TCP/UDP, 2089 TCP
Resolver Configuration: 8.8.8.8, 8.8.4.4
Static IP Assigned

Name Server 2 (NS2)
CPanel DNSOnly
Cpanel Version: V98.0.8
DNS: PowerDNS
InBound Port Configuration: 22 TCP, 25 TCP, 53 TCP/UDP, 443 TCP, 953 TCP/UDP, 2087 TCP
OutBound Port Configuration: 25 TCP, 53 TCP/UDP, 443 TCP, 953 TCP/UDP, 2089 TCP
Resolver Configuration: 8.8.8.8, 8.8.4.4
Static IP Assigned

 

[Ross Healy]

It's worth noting I have reviewed the following articles;

DNS Cluster - Could not communicate with remote API server

Symptoms Within the DNS Clusters interface of WHM, you may find that a DNS Cluster reports the following error: Could not communicate with remote API server. Description The message coul...

support.cpanel.net

.

cPanel

support.cpanel.net

.

cPanel

support.cpanel.net

.

The workaround of ignoring the error doesn't sit well with me.

 

[cPRex]

Hey there! Are you getting the "Line 529" error as mentioned in the second article you linked? If so, that's a known issue and something that we're looking into. The current recommendation to ignore the error if the cluster is working is a valid workaround, as our developers are working to resolve the issue.

If you're seeing a different error message, it would be best to submit a ticket to our team so we can check this out directly on the affected system(s) as it seems you've already done a good bit of troubleshooting to try and isolate the issue.

 

[Ross Healy]

Hello cPRex,

Unfortunatley I'm not seeing that, but could have missed it? Looking at the session_log there were several HTTP 200's for POST/GETs so it doesn't look to be timing out in anyway.

I may purge all my logs to slim them down and see if I can Identify any timeouts., if I don't I shall raise a ticket.

Out of interest can you confirm that "they" should be communicating over 2087 so I can remove 443 from my configured open ports?

I'm also interested to know if the following token permissions are sufficent or can they be slimmed down futher for a "Synchronize Changes" Role between NS1 & NS2 ;

Initial Privileges

Managed DNS Records​

Nameserver Configuration​

​

DNS

Add DNS Zones​

Remove DNS Zones​

​

Clustering

DNS Clustering​

 

[cPRex]

I would be expecting communication to happen over 2087 for the cluster connection.

You only need the DNS Clustering option for the token, and we have that outlined in the guide here: cPanel DNS Cluster Guide

 

[Ross Healy]

Excellent, thanks for the quick responses. Will get back to digging through logs.

Many thanks cPRex.

 

[cPRex]

You're very welcome!

 

[DennisMidjord]

Perhaps the issue is related to this? cPanel

We've had that issue for a long time now, and still waiting for a solution, and it seems like we're going to be waiting for a while...