The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need advise on correct DNS Cluster configuration

Discussion in 'Bind / DNS / Nameserver Issues' started by October, Apr 26, 2014.

  1. October

    October Registered

    Joined:
    Apr 17, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I realize similar questions have been discussed and resolved, and I've read the documentation, but I'm uncertain how to apply it all to my scenario. So please set me straight.

    Brief overview:
    - 3 old cPanel webservers, all serving their own DNS,
    - now adding 2 new DNS-Only and hoping to cluster them and merge DNS,
    - also I'll be migrating the 3 web servers to 3 other web servers. I would like to set up the 3 new ones (which would temporarily give me 6 servers total) and them Transfer accounts slowly and carefully to the new ones, then remove and decommission the 3 old ones.

    I had someone recommend that I make all 5 (3 old web servers, 2 new DNS servers) into one big cluster, "Synchronize Changes" set on all.

    But then I saw the warning on https://documentation.cpanel.net/display/CKB/Guide+to+DNS+Cluster+Configurations "Do not use WHM-to-WHM two-way sync configurations. These configurations may cause DNS errors on your servers. " that's scary and agrees with my gut feeling that the web servers shouldn't serve DNS anyway. (BTW, what kind of errors would they be, exactly, and what causes them?)

    The diagrams on Guide to DNS Cluster Configuration seem to imply that a web server should directly sync to 2 DNS-Only servers, and I noticed the following:

    "You do not need to link dedicated nameservers to each other"
    "DNSONLY server(s) should always be set as Standalone"

    Why wouldn't you want the 2 DNS-only servers to synchronize with each other? Is there a benefit to keeping them each standalone that I'm missing? What is expected to go wrong if they are set to synchronize with each other?

    Is this scenario (one webserver to 2 standalone DNS-Only servers) still recommended when there's multiple web servers involved? In my case there will only be 2 or 3 in the short run, but what if there were 100, or 1000? It kind of gives me the feeling like there's all these overlapping, individual connections, but no "master controller" to mediate between them all. That strikes me as having the potential to cause a lot of harm at least in the form of conflicts.

    What keeps all the servers in agreement, or at lest the 2 DNS-Only servers in agreement? What would happen if a zone for the same domain is set up on more than one web server? I try to keep records clean but occasionally I move sites (accounts) to a new server and every once in a while I accidentally leave then behind on the old which effectively causes a "duplicate". Also if I do end up with all 6 servers (3 old, 3 new) in the cluster at once, obviously there will be at least 1 exact duplicate of every account. In that case, who "wins" and how to I tell the DNS server to point the newly-transferred site's DNS records to the correct new webserver?

    (One possibility is to put only the 3 new servers in the cluster, and let the zones get added as I transfer each account. Would that be the best way to do it?)

    On the topic of duplicates, I've noticed there are some zones on each that are sort of orphaned, I think from the WHM configuration. For example, each server has zones like: ns1.mydomain.com ns2.mydomain.com (and I do mean one zone for each, on each server, not just a record each but a separate zone). Do I need to delete those from each server or will they be ok?

    A final problem: originally I also had my first webserver set up as ns1 and ns2 (with A records to match, using 1 IPs). Now I would like the new DNS-Only servers to have the name ns1. and ns2 but I'm afraid there will be some sort of conflict. Is there some way I can name the new servers ns1 and ns2 and then merge (sync) the records from the webservers in to the new DNS-Only servers without causing conflicts?

    Thanks.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    652
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's mostly about efficiency and ensuring DNS requests resolve as fast as possible. Some administrators will synchronize the changes from all hosting servers to a single DNS-Only server, and then synchronize changes on that DNS-Only server to another DNS-Only server. This method is described in this document under "Use the primary nameserver as an intermediary". It's suitable, but not as efficient as using direct links.

    The second zone would fail to create because of the existing zone. cPanel/WHM would disallow the creation of the duplicate zone unless it's from a transfer/restore of the account. In such a case, the zone with the most recently updated serial would take precedence. That being said, it's better to disable the cluster for the new server until after all accounts have been transferred over and are ready for activation. Then, simply disable clustering on the original servers and enable it for the new servers.

    You do not need to delete these zones. This is normal behavior, but you are welcome to remove those zones and add the individual entries to the zone associated with the primary domain name if you prefer.

    There should not be a conflict if you change the name server IP addresses at the registrar and update the "A" records on the cPanel server. The zones are synced automatically after you have configured the cluster to sync changes to the DNS-Only servers.

    Thank you.
     
  3. October

    October Registered

    Joined:
    Apr 17, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks cPanelMichael.

    I've been re-reading the docs and a lot of threads here. I think I understand pretty well the point of having each individual web server connect to the separate DNS-Only servers, and setting the DNS-Only servers to "Standalone".

    However, the guides and threads I'm finding are split about 50/50 on setting each web server to "Synchronize" vs "Write-Only".

    At this point I have 3 DNS-Only servers that I will use as ns1, ns2, ns3 and 2 cPanel web servers (more probably coming later).

    Should I set the web servers to Sync or Write-Only - and can you explain why?

    Thanks!
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    652
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Here is the description from our documentation:

    Synchronize — This method synchronizes records between the local server and the remote server.

    Write-only — This method pushes the local server's records to write to the remote server, but does not query records from the remote server to write to the local server.

    Note that if you set a server in a DNS cluster to the write-only role, WHM will not check whether a DNS zone exists before you create an account. Because of this, it is possible to create the same domain name on two or more of the hosting servers. If this occurs, the servers will compete for updates to that domain.

    Thank you.
     
  5. October

    October Registered

    Joined:
    Apr 17, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ok I think I'll stick with Synchronize. The Write-Only method sounds like it's asking for trouble. I suppose in the new cluster if I transfer an account from one web server to another the zone gets adjusted on the fly to point to the new webserver?

    Last question: In my new cluster-group (meaning all the new DNS-Only servers and the webservers that sync with them) I have each webserver configured to use my new DNS-Only ns1, ns2, ns3 by default for new sites. I'm going to start pulling in sites (accounts) from my old servers using the Transfer function. Each of those accounts on each old server was previously configured to use itself as the nameserver, e.g. ns1.myfirstdomain.com ns2.myfirstdomain.com. The new cluster is configured with a different domain, ns1.newdomain.com, ns2.newdomain.com, ns3.newdomain.com.

    When I Transfer the account, will it update all the DNS settings accordingly, I mean of course I will have to log in to each domain's registrar and manually switch the nameserver to my 3 new NS servers, but "internally" on the cluster (if that's the right way to say it) will it retain the former nameserver settings per account zone, or will it update it? I do not want to use the "Express" option because the docs say it will make several changes to the old server - and I want to be able to rapidly fall back to the old server in case something goes wrong with the new server or transfer.

    Maybe the right way to say that is: how do I transfer an account to a web server in the new cluster and also make sure everything is set right in its DNS settings in the process (without using "Express" . . .)? I would like everything to be adjusted automatically, and not have to edit or double-check each zone by hand.

    Thanks for all the help.

    - - - Updated - - -

    At the same time, accounts which are set to use "remote DNS" and "remote mail exchange" will retain those settings when transferred and not be converted to a Local NS / Local MX setting, is that correct?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    652
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, that is correct.

    I suggest completing a test transfer of one account to get a better idea of how the zone is copied over. Here is a good post on how to replace the NS records in all zones in-case it does not copy over how you expect it to:

    Changing All NS Records

    Email routing settings should be retained.

    Thank you.
     
Loading...

Share This Page