Error with force sync dns records

[virtical]

When i force synchronize our dns records to the dns cluster i get the following error.

A fatal error or timeout occured while processing this directive

dnsadmin failed to answer a request that it accepted. at /usr/local/cpanel/Cpanel/DnsUtils/AskDnsAdmin.pm line 130.
 at /usr/local/cpanel/Cpanel/DnsUtils/AskDnsAdmin.pm line 130.
    Cpanel::DnsUtils::AskDnsAdmin::askdnsadmin_sr("GETZONES", 0, "domaina.nl,domainb.nl,domainc.com,domaind"..., 0, 0, HASH(0x45a5c00)) called at /usr/local/cpanel/Cpanel/DnsUtils/AskDnsAdmin.pm line 52
    Cpanel::DnsUtils::AskDnsAdmin::askdnsadmin("GETZONES", 0, "domaina.nl,domainb.nl,domainc.com,domaind"..., 0, 0, HASH(0x45a5c00)) called at /usr/local/cpanel/Cpanel/DnsUtils/Sync.pm line 79
    Cpanel::DnsUtils::Sync::_sync_zones(0, 1, undef) called at /usr/local/cpanel/Cpanel/DnsUtils/Sync.pm line 100
    Cpanel::DnsUtils::Sync::sync_zones(1) called at whostmgr/bin/whostmgr.pl line 2581
    main::makesec() called at whostmgr/bin/whostmgr.pl line 439
    main::__ANON__(__CPANEL_HIDDEN__) called at /usr/local/cpanel/Whostmgr/Dispatch.pm line 366
    Whostmgr::Dispatch::_do_call("makesec", HASH(0x3e2e528), HASH(0x3e2ec78)) called at /usr/local/cpanel/Whostmgr/Dispatch.pm line 178
    Whostmgr::Dispatch::dispatch("makesec", 1, ARRAY(0x3e3bf80), HASH(0x3e2ec78)) called at whostmgr/bin/whostmgr.pl line 441

Any idea how to resolve this?

 

[cPJustinD]

Hi there! Are the DNS-only cluster members set to sync or write-only? Also, is a reverse trust relationship already established?

I may suggest reviewing this article here and ensuring your configurations are similar to those outlined here:

cPanel DNS Cluster Guide

 

[virtical]

Hi,

My setup is as follows.

I have one whm/cpanel server called whcp001
I have 2 seperate nameservers called ns1 & ns2.
Ns1 & ns2 are setup the same, i created the api token on them, then i went to server whcp001 enabled dns clustering and added both servers.
The option synchronize changes is used on both, and they have a reverse trust relationship (i assume as it did work before i updated to v98)
The WHM server also has a connection to both ns servers as seen in the screenshot

 

[cPJustinD]

I see. One thing that stands out to me is the use of synchronization on both servers while in a reverse trust relationship.

• When ServerA has a synchronize relationship configured to ServerB, and ServerB also has a synchronize relationship configured back to ServerA. This is not ideal because zones will be distributed out to WHM servers that do not own those zones in a multi WHM cluster. While technically not a problem, managing these zones properly can quickly become confusing, and can easily result in problems from user error due to the complexity of the setup

It is recommended that users utilize both standalone and synchronize options:

• When ServerA has a synchronize relationship configured to ServerB, and ServerB has a standalone relationship configured back to ServerA. This is the ideal and recommended reverse trust variant.

Would it be possible to switch the DNS server to standalone and see if the issues persist?

 

[virtical]

Hi this would certainly be possible, but the way described above is not how we set it up.

I have the WHM server, connected to ns1 and ns2, with sync. But ns1 and ns2 are not directly connected to eachother.

So it is setup up as follows

WHM -> NS1 with reverse trust relationship
WHM -> NS2 with reverse trust relationship

So should i still try your solution?

 

[cPJustinD]

Hello again! To clarify, I was rather suggesting that ns1 and ns2 be set only to write to WHM separately, but for WHM set to synchronize. WHM already appears to be set to synchronize, but I would suggest verifying what each DNS-only member is set to. However, as you clarified reverse trust is established, I think it would be best to open a support ticket so that our analysts can review the issue more thoroughly and determine what exactly is occurring.

You can submit a support request using the "Submit a ticket" link in my signature below. Please be sure to link this thread when opening the ticket and provide the ticket number here so that we can track the issue appropriately. If possible, please post the resolution on this thread as it may help other community members with similar issues.

 

[virtical]

Hi,

Both the ns servers are setup as standalone.
I created a support ticket and the id is: #94365232

 

[cPRex]

Thanks for providing us with the ticket number - I'm following along on my end now.

 

[virtical]

Hi again,

Apparently there is an issue syncing domains which have dnssec enabled. This is being investigated by the Cpanel team in case CPANEL-38222 Syncing a DNSSEC secured zone in DNS cluster results in error
For now the workaround is disabling dnssec on the domains that are giving errors.

 

[cPRex]

Thanks for posting that!