In my mind the DNSONLY documentation / Cluster Configuration documentation absolutely does not explain how to achieve what I'm wanting to achieve.
1. For now, I want to use the primary IP of each CPANEL hosting server as the primary nameserver
No problem here, already doing this.
2. I'd like to use a DNSOnly server as the secondary nameserver for all CPANEL servers
3. I don't want any CPANEL servers to know about any DNS zones from any other servers.
This seems like this is how it should be. But if this cannot be accomplished, I'd ask that somebody help me to understand why it shouldn't be this way.
Below is a description of my setup and what i expected [just testing now].
cp1 through cp5 CPANEL servers are handling primary nameserver chores on each server respectively.
On the DNSONLY box I enabled clustering. I did NOT add any trust relationships / CPANEL servers or DNSONLY servers under the DNS Cluster section on the DNSONLY box.
On cp5 I enabled DNS Clustering. then, on cp5 I went and added a new server to the cluster. I set the backend as "cpanel". I entered in the hostname of the DNSONLY server. I entered in the access hash from the "Remote access key" area of the DNSONLY box. I set the DNS Role to "write-only". I UNcheckmarked the "setup reverse trust relationship" box and created the server association.
cp5 has been successfully syncing records, one-way, TO the DNSONLY server for many many months now.
Today, I logged into cp4 and enabled DNS Clustering. Then, on cp4 I went and added a new server to the cluster. I set the backend as "cpanel". I entered in the hostname of the DNSONLY server. I entered in the access hash from the "Remote access key" area of the DNSONLY box. I set DNS Role to "write-only". I UNcheckmarked the "setup reverse trust relationship" box and created the server association.
On the DNSONLY box no servers show up under DNS Clustering -- and I would not expect them to.
On cp4 and cp5, the DNSONLY box shows up as a server under DNS Clustering, "write-only". That is what I would expect.
In the end it was my expectation that cp4 and cp5 would sync records ONE-WAY _UP_ to the DNSONLY box. That seems to be working. On the DNSONLY box I see the DNS Zones from cp4 and cp5.
On cp4 and cp5, in /var/named, the only DNS zones I see anywhere are ones local to the machine -- meaning that on cp4 I see _only_ locally hosted website domains in /var/named/* and on cp5 I see _only_ locally hosted website domains in /var/named/*. Again, this is what I would expect/hope.
Now, here is where the confusion comes in...
If I log into cp4's WHM and go to "Edit DNS Zone", I see a list all of all of the local DNS zones from cp4 PLUS all of the DNS zones from cp5. Conversely, if I log into cp5's WHM and go to "Edit DNS Zone", I see a list of all of the local DNS zones from cp5 PLUS all of the DNS zones from cp4.
I understand how/why this would be. There are no servers configured under DNS Cluster on the DNSONLY box. And on cp4 and cp5 there is just one server configured, the DNSONLY server -- and the configuration is "write-only" and, when I initially set those associations up, I specifically unchecked the box to "setup reverse trust relationship."
So presumably, there would be no way for cp4 to see/access/edit any of cp5's domains, or vice versa.
I don't get it. I'd really like some enlightenment from somebody at cPanel regarding this.
a. IS this expected behavior?
Maybe this is how it should be and maybe I'm just not understanding the ramifications of having [what I expected] absolute isolation of cp4 and cp5 zones so that one couldn't see/edit cp4 zones in cp5's "Edit DNS Zone" and vice versa.
b. I simply would not expect cp4 to be able to see a list of cp5 zones, and vice versa, considering there are no servers configured in DNS Cluster on the DNSONLY box AND there is not supposed to be any reverse trust.
Please help me to understand this, cPanel folks.
Thanks!
Mike
1. For now, I want to use the primary IP of each CPANEL hosting server as the primary nameserver
No problem here, already doing this.
2. I'd like to use a DNSOnly server as the secondary nameserver for all CPANEL servers
3. I don't want any CPANEL servers to know about any DNS zones from any other servers.
This seems like this is how it should be. But if this cannot be accomplished, I'd ask that somebody help me to understand why it shouldn't be this way.
Below is a description of my setup and what i expected [just testing now].
cp1 through cp5 CPANEL servers are handling primary nameserver chores on each server respectively.
On the DNSONLY box I enabled clustering. I did NOT add any trust relationships / CPANEL servers or DNSONLY servers under the DNS Cluster section on the DNSONLY box.
On cp5 I enabled DNS Clustering. then, on cp5 I went and added a new server to the cluster. I set the backend as "cpanel". I entered in the hostname of the DNSONLY server. I entered in the access hash from the "Remote access key" area of the DNSONLY box. I set the DNS Role to "write-only". I UNcheckmarked the "setup reverse trust relationship" box and created the server association.
cp5 has been successfully syncing records, one-way, TO the DNSONLY server for many many months now.
Today, I logged into cp4 and enabled DNS Clustering. Then, on cp4 I went and added a new server to the cluster. I set the backend as "cpanel". I entered in the hostname of the DNSONLY server. I entered in the access hash from the "Remote access key" area of the DNSONLY box. I set DNS Role to "write-only". I UNcheckmarked the "setup reverse trust relationship" box and created the server association.
On the DNSONLY box no servers show up under DNS Clustering -- and I would not expect them to.
On cp4 and cp5, the DNSONLY box shows up as a server under DNS Clustering, "write-only". That is what I would expect.
In the end it was my expectation that cp4 and cp5 would sync records ONE-WAY _UP_ to the DNSONLY box. That seems to be working. On the DNSONLY box I see the DNS Zones from cp4 and cp5.
On cp4 and cp5, in /var/named, the only DNS zones I see anywhere are ones local to the machine -- meaning that on cp4 I see _only_ locally hosted website domains in /var/named/* and on cp5 I see _only_ locally hosted website domains in /var/named/*. Again, this is what I would expect/hope.
Now, here is where the confusion comes in...
If I log into cp4's WHM and go to "Edit DNS Zone", I see a list all of all of the local DNS zones from cp4 PLUS all of the DNS zones from cp5. Conversely, if I log into cp5's WHM and go to "Edit DNS Zone", I see a list of all of the local DNS zones from cp5 PLUS all of the DNS zones from cp4.
I understand how/why this would be. There are no servers configured under DNS Cluster on the DNSONLY box. And on cp4 and cp5 there is just one server configured, the DNSONLY server -- and the configuration is "write-only" and, when I initially set those associations up, I specifically unchecked the box to "setup reverse trust relationship."
So presumably, there would be no way for cp4 to see/access/edit any of cp5's domains, or vice versa.
I don't get it. I'd really like some enlightenment from somebody at cPanel regarding this.
a. IS this expected behavior?
Maybe this is how it should be and maybe I'm just not understanding the ramifications of having [what I expected] absolute isolation of cp4 and cp5 zones so that one couldn't see/edit cp4 zones in cp5's "Edit DNS Zone" and vice versa.
b. I simply would not expect cp4 to be able to see a list of cp5 zones, and vice versa, considering there are no servers configured in DNS Cluster on the DNSONLY box AND there is not supposed to be any reverse trust.
Please help me to understand this, cPanel folks.
Thanks!
Mike
