I've had an incredibly difficult time trying to correctly create a DNS cluster, although I do believe that I've finally figured it out. hah... I can only hope that's the case this time!
A few days ago when I first set this up, I had my DNSonly server at the top tier. Unless I'm mistaken, the DNSonly server should actually be on the tail end of the sync. (am I correct there?) All of the cPanel diagrams confused me a little, but then I finally noticed "web server" and "name server" labels. I'm really not sure how that didn't click until now, but it just didn't.
One of my big questions what the "be very afraid of WHM to WHM sync" line. I'm actually still unsure of the solid answer. I can understand the obvious of what that's saying, but does that imply that WHM to DNSonly 2 way sync is 100% safe? If not, what is the most ideal sync hierarchy?
So, my issue developed from what looks like the cPanel upgrade, to v68+. The other day, if I'm remembering correctly, I was able to create the API Token easily enough on my DNSonly server, but I'm just not able to since the upgrade yesterday. The error below is what I'm seeing (see copy/paste text & screenshot of same). Also worth noting, I tried deselecting all options, selecting all options, some, etc. Nothing seemed to work. It's working totally fine on my cPanel servers. Only seems to be a problem on the DNSonly server.
The server is a Google Cloud VM. I was thinking that their promo would probably get me 1 free year of the DNSonly server, then under $7/mo afterwards. Can't go wrong with that price!
As a side note, I'd like to suggest having a few more example diagrams of how NOT to set up a DNS cluster. As well, having a diagram of what the cluster looks like on the "name server" AND what it looks like on the "web server" would probably take a little bit more of the puzzle out of it. Even if it looks exactly the same on both of them, at least the user can feel comfortable knowing that they're headed in the right direction. I searched and searched online, but I really couldn't find much, other than people having issues. I wasn't able to find enough success stories for me to feel comfortable thinking, "oh wow, so THAT'S how you do it!"
I have waaaay too many people relying on me at this point, hosting wise. I just haven't had the time to truly get caught up on every area of sysadmin knowledge. I love learning, it's just that my client base has grown faster than I can keep up. I might have been confusing myself when it came down to proper DNS cluster setup, as I couldn't help but think how horrible of an effect that the wrong move could potentially have on a few hundred clients.
...so anyhow, thank you all for your help and time
- splaquet
A few days ago when I first set this up, I had my DNSonly server at the top tier. Unless I'm mistaken, the DNSonly server should actually be on the tail end of the sync. (am I correct there?) All of the cPanel diagrams confused me a little, but then I finally noticed "web server" and "name server" labels. I'm really not sure how that didn't click until now, but it just didn't.
One of my big questions what the "be very afraid of WHM to WHM sync" line. I'm actually still unsure of the solid answer. I can understand the obvious of what that's saying, but does that imply that WHM to DNSonly 2 way sync is 100% safe? If not, what is the most ideal sync hierarchy?
So, my issue developed from what looks like the cPanel upgrade, to v68+. The other day, if I'm remembering correctly, I was able to create the API Token easily enough on my DNSonly server, but I'm just not able to since the upgrade yesterday. The error below is what I'm seeing (see copy/paste text & screenshot of same). Also worth noting, I tried deselecting all options, selecting all options, some, etc. Nothing seemed to work. It's working totally fine on my cPanel servers. Only seems to be a problem on the DNSonly server.
The server is a Google Cloud VM. I was thinking that their promo would probably get me 1 free year of the DNSonly server, then under $7/mo afterwards. Can't go wrong with that price!
Code:
The system failed to create the API token: Invalid or unauthorized ACLs specified: cpanel-api, add-pkg-ip, acct-summary, list-accts, edit-account, limit-bandwidth, demo-setup, kill-acct, upgrade-account, manage-oidc, allow-shell, allow-unlimited-pkgs, quota, ssl-buy, edit-dns, allow-parkedcreate, allow-emaillimits-pkgs, cors-proxy-get, digest-auth, edit-mx, viewglobalpackages, allow-unlimited-bw-pkgs, show-bandwidth, allow-addoncreate, news, park-dns, list-pkgs, suspend-acct, add-pkg-shell, resftp, rearrange-accts, edit-pkg, public-contact, cpanel-integration, add-pkg, create-acct, thirdparty, track-email, generate-email-config, locale-edit, mysql-info, allow-unlimited-disk-pkgs, ssl-gencrt, and mailcheckAs a side note, I'd like to suggest having a few more example diagrams of how NOT to set up a DNS cluster. As well, having a diagram of what the cluster looks like on the "name server" AND what it looks like on the "web server" would probably take a little bit more of the puzzle out of it. Even if it looks exactly the same on both of them, at least the user can feel comfortable knowing that they're headed in the right direction. I searched and searched online, but I really couldn't find much, other than people having issues. I wasn't able to find enough success stories for me to feel comfortable thinking, "oh wow, so THAT'S how you do it!"
I have waaaay too many people relying on me at this point, hosting wise. I just haven't had the time to truly get caught up on every area of sysadmin knowledge. I love learning, it's just that my client base has grown faster than I can keep up. I might have been confusing myself when it came down to proper DNS cluster setup, as I couldn't help but think how horrible of an effect that the wrong move could potentially have on a few hundred clients.
...so anyhow, thank you all for your help and time
- splaquet
Last edited:
