Proper Setup with External Slave Nameservers

jethrodesign

Well-Known Member
Feb 17, 2012
60
2
58
cPanel Access Level
Root Administrator
Hi. We help manage a WHM/cPanel server that is hosted privately (not a big hosting firm). Our server admin is suggesting a setup that is just not as typical as we're familiar with, so just want to be sure we're setting things up properly.

WHM Webserver Hostname: webx.ourdomain.com
External Nameservers: ns1.ourdomain.com & ns2.ourdomain.com

The nameservers (ns1 & ns2) are on separate physical servers, with separate IPs, and we're told they're just running BIND and set to be push/pull slaves of webx. I don't believe they're cPanel servers.

Note: 'ourdomain.com' is hosted on ns2.

We manage sites, and therefor DNS Zone Files, on webx. We've been instructed to set DNS records to: SOA - ns1; NS - ns1, ns2, and webx.

QUESTIONS:
1)
Since ns1 is technically a 'slave' nameserver, is it OK to be set as SOA?

2) Does 'webx.ourdomain.com' need to be added to the list of nameservers in 'Basic WHM Setup'? Currently only ns1 & ns2 are listed.

3) Does 'webx.ourdomain.com' need to have a DNS zone file (at least A record) on this WHM server (webx)? Currently does not.

4) Is it OK for registrar records for hosted domains to only point to ns1 & ns2?

-------------

Any other tips/comments welcomed. Just not a DNS guru, and this may be more terms or semantics messing with my understanding (master/slave, etc.). All servers we've setup previously had nameservers on the same server as the webserver, and setup initially through WHM during setup.

THANKS!
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
1) Since ns1 is technically a 'slave' nameserver, is it OK to be set as SOA?
This should be fine - the SOA record stores information about the name of the server that supplied the data for the zone.

2) Does 'webx.ourdomain.com' need to be added to the list of nameservers in 'Basic WHM Setup'? Currently only ns1 & ns2 are listed.
No because it's the webserver not the nameserver, unless you're planning on assigning it as a nameserver (which I wouldn't recommend doing).

3) Does 'webx.ourdomain.com' need to have a DNS zone file (at least A record) on this WHM server (webx)? Currently does not.
If they're clustered it should, that's one of the biggest points OF having a dns cluster all the zone files present on the webserver should also be present on the nameservers. webx.ourdomain.com should be included in the ourdomain.com zone file if it's pointed to the webserver as well.

4) Is it OK for registrar records for hosted domains to only point to ns1 & ns2?
Can you explain this in a bit more detail? I think you mean is it ok to add the nameservers for the server at the registrar for the domain or Point the domain to the server's nameservers at the registrar - this is, in my opinion, the most reliable way to point the domain. Ultimately you want to control DNS for the domain/s in one centralized location, not at the registrar for the domains.
 

jethrodesign

Well-Known Member
Feb 17, 2012
60
2
58
cPanel Access Level
Root Administrator
Hi, thanks for the replies here! It seems like I may just misunderstand some of the terms & concepts regarding master & slave nameservers.

This should be fine - the SOA record stores information about the name of the server that supplied the data for the zone.
OK. Was I misunderstanding how the master/slave relationship works? I had assumed that since we were making modifications to DNS zone files on the webx cPanel server that at minimum the SOA (ns1) might not notice those changes right away, being a slave of webx. Is the refresh time (currently 1 hour) the wait until ns1 would poll webx to see if there were any changes made?

I guess I may have misunderstood the documentation stating that the SOA MNAME should describe the 'primary master' nameserver, which I assumed would be the server where the records were being stored & modified (webx). We have no actual access to the ns1 server (our sys admin manages that).

The previous server we migrated from had the hostname (e.g., webxold.ourdomain.com) listed as one of the nameservers (along with the same ns1 & ns2 as here) and it was the SOA. It had been setup properly as a nameserver following the cPanel instructions. And it seemed like it worked pretty seamlessly, with changes in records appearing to be picked up quickly.

No because it's the webserver not the nameserver, unless you're planning on assigning it as a nameserver (which I wouldn't recommend doing).
Well, we had added webx as one of the 3 nameservers listed on all DNS zones for the client accounts. This may have been due to how the old server was setup, and as a 'safety' in case either of the 2 slave nameservers hadn't picked up record changes.

Can you possibly explain a bit more the 'disadvantages' of doing this?

If we should remove webx from being listed as one of the 3 nameservers on records, we can do that.

If they're clustered it should, that's one of the biggest points OF having a dns cluster all the zone files present on the webserver should also be present on the nameservers. webx.ourdomain.com should be included in the ourdomain.com zone file if it's pointed to the webserver as well.
Not sure they're clustered if that's a specific setup that needs to be done, and if all servers would need to be running WHM/cPanel (don't think ns1 or ns2 do). But let me know if 'clustered' is more a term describing NS relationships than a specific setup.

Can you explain this in a bit more detail? I think you mean is it ok to add the nameservers for the server at the registrar for the domain or Point the domain to the server's nameservers at the registrar - this is, in my opinion, the most reliable way to point the domain. Ultimately you want to control DNS for the domain/s in one centralized location, not at the registrar for the domains.
This just goes back to having webx included in our list of nameservers, but not included in any of the domain registrar nameserver listings (for our client sites).
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
OK. Was I misunderstanding how the master/slave relationship works? I had assumed that since we were making modifications to DNS zone files on the webx cPanel server that at minimum the SOA (ns1) might not notice those changes right away, being a slave of webx. Is the refresh time (currently 1 hour) the wait until ns1 would poll webx to see if there were any changes made?

I guess I may have misunderstood the documentation stating that the SOA MNAME should describe the 'primary master' nameserver, which I assumed would be the server where the records were being stored & modified (webx). We have no actual access to the ns1 server (our sys admin manages that).
I believe you had the behavior you had (the hostname as the SOA) because you had the hostname added as a nameserver on the previous configuration. Because for example in my case ns1 supplied the data for my zones ns1.mydomain.tld is my SOA. I'd let cPanel auto create the zone files as well, this shouldn't cause an issue if it's configured properly.

The previous server we migrated from had the hostname (e.g., webxold.ourdomain.com) listed as one of the nameservers (along with the same ns1 & ns2 as here) and it was the SOA. It had been setup properly as a nameserver following the cPanel instructions. And it seemed like it worked pretty seamlessly, with changes in records appearing to be picked up quickly.
I'm not saying it can't be a nameserver, just that it really shouldn't be. It should be separate but if you want it to be configured identically to the old configuration (which worked for you) there shouldn't be an issue doing this.

Well, we had added webx as one of the 3 nameservers listed on all DNS zones for the client accounts. This may have been due to how the old server was setup, and as a 'safety' in case either of the 2 slave nameservers hadn't picked up record changes.

Can you possibly explain a bit more the 'disadvantages' of doing this?

If we should remove webx from being listed as one of the 3 nameservers on records, we can do that.
It can cause confusion, it leads to displaying the hostname of your server for anyone that can query a domain which isn't always something folks want. I suppose ultimately it's preference, I personally like to keep my hostnames separate from the nameservers, especially if you ever change the hostname or get a new IP.

Not sure they're clustered if that's a specific setup that needs to be done, and if all servers would need to be running WHM/cPanel (don't think ns1 or ns2 do). But let me know if 'clustered' is more a term describing NS relationships than a specific setup.
What you've been describing sounds like a DNS cluster, ultimately the configuration you want is a cluster and you should take a look at the documentation here: DNS Cluster - Version 74 Documentation - cPanel Documentation
 

jethrodesign

Well-Known Member
Feb 17, 2012
60
2
58
cPanel Access Level
Root Administrator
What you've been describing sounds like a DNS cluster, ultimately the configuration you want is a cluster and you should take a look at the documentation here: DNS Cluster - Version 74 Documentation - cPanel Documentation
Hmm, that makes a bit more sense. But I don't think the other servers (ns1 & ns2) are WHM/cPanel servers, and I doubt the sys admin would want to convert them to that. That documentations says it's required.

Maybe that's part of the reason why I was thinking the web host server, which IS running WHM/cPanel, needed to be included in the list of nameservers and/or SOA somehow?!?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
Hi @jethrodesign


You might want to look up manually configuring DNS Clusters if you're using non-cPanel servers, as far as I am aware it's really complicated to set up without all cPanel servers.
 

jethrodesign

Well-Known Member
Feb 17, 2012
60
2
58
cPanel Access Level
Root Administrator
Thanks for the continued support here, much appreciated!

You might want to look up manually configuring DNS Clusters if you're using non-cPanel servers, as far as I am aware it's really complicated to set up without all cPanel servers.
So the slave nameservers (ns1 and ns2) are indeed just Linux boxes running Bind and a few other services.

- Based on this, and the complexity of getting a true DNS cluster working here, would we be better off then sticking with our initial idea of having the hostname (webx) be one of the listed nameservers and the SOA record??

- Would this be the best way to ensure any edits made to DNS zone records on our WHM server would be picked up right away, then propagating to our slave NS (ns1 & ns2) for redundancy??

Thanks for helping me find clarity here. All of the documentation I was finding focuses more on a total cPanel solution (whether clustered or not), so wasn't finding much detailing our setup.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston

jethrodesign

Well-Known Member
Feb 17, 2012
60
2
58
cPanel Access Level
Root Administrator
@jethrodesign

Unfortunately I'm not an expert in this. I did find the following:
How To Configure Bind as an Authoritative-Only DNS Server on Ubuntu 14.04 | DigitalOcean
[SOLVED] Secondary (slave) DNS server - CentOS

which I know both provide reliable information
Thanks for the links. I read through them and tried to follow as best I could. From what I can tell, however, they seem to imply that new or updated domain zone files will be created/updated on the authoritative nameserver, with the slave(s) picking up the changes and serving as redundancy. That's what I've been wondering about all along, since we make all DNS changes on our WHM/cPanel web server (webx), NOT directly on the slave nameservers (ns1 & ns2). Just not positive I'm fully understanding the concept of where the DNS files are 'created' and/or 'stored'.

If nobody else has any additional insight here, it seems like we should try to set our WHM web server as the authoritative nameserver (SOA) so at least that is kept within the WHM/cPanel ecosystem...
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
I know they'd have to be created on the webserver then transferred to the nameservers, the issue is without cPanel or even dnsonly on the nameservers you have to manage the transfer manually.
 

jethrodesign

Well-Known Member
Feb 17, 2012
60
2
58
cPanel Access Level
Root Administrator
I know they'd have to be created on the webserver then transferred to the nameservers, the issue is without cPanel or even dnsonly on the nameservers you have to manage the transfer manually.
OK, so you're saying that the slave nameservers (ns1 & ns2), running vanilla BIND, would not regularly poll or receive a notification of new or changed DNS files on the authoritative nameserver (web server - webx - in our case)?

I was under the impression, and told by our sys admin, that that's how the slave nameservers were setup. But I don't know enough about the process to verify. I suppose we could always run a test once everything's setup to make sure the slave NS do receive updated records properly.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
They aren't going to see a change if you don't have the zone files present, if you're hosting two separate nameservers the DNS zone files need to be present on all the servers. Ultimately this is something the system administrator needs to manage, non-cPanel DNS clusters/replication like what you're wanting to set up is beyond our ability to provide assistance with and you're best off going with a qualified system administrator.