Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

RNDC with non-cPanel server

Discussion in 'Bind/DNS/Nameserver' started by kenneth-vkd, Feb 21, 2018.

  1. kenneth-vkd

    kenneth-vkd Member

    Joined:
    Apr 1, 2017
    Messages:
    21
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Denmark
    cPanel Access Level:
    DataCenter Provider
    Hi
    We have built a new infrastructure and use WHM/cPanel for our Linux webhosting and it works really great.
    However we have about 200 websites running in Microsoft ASP.NET, which does require a Windows-based system. In our case with have provisioned a server with Windows Server 2016 and Plesk 17. According to their documentation, we need to generate and RNDC-key and then modify the bind/named configuration on the DNS-server. However I cannot seem to find the correct location to do this on our WHM DNSOnly instances.

    How can I add an external RNDC-key to WHM DNSOnly so that we can sync DNS-zones from Windows to WHM?
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,214
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi Kenneth,

    Here are some key paths to note when making custom configuration changes to Bind on cPanel DNSOnly:

    /etc/named.conf - Bind configuration file
    /etc/rndc.key - Existing RNDC key

    Here's a link to Bind documentation as provided by RedHat:

    11.2. BIND - Red Hat Customer Portal

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. kenneth-vkd

    kenneth-vkd Member

    Joined:
    Apr 1, 2017
    Messages:
    21
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Denmark
    cPanel Access Level:
    DataCenter Provider
    Hi
    Thank you for the reply.

    So I can basically make changes to these files as if it was a custom configured BIND-server?
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,214
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes, although you may want to setup DNSOnly on a test machine first to verify the custom modifications don't result in any issues with the cPanel servers that sync to the DNSOnly machine.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. kenneth-vkd

    kenneth-vkd Member

    Joined:
    Apr 1, 2017
    Messages:
    21
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Denmark
    cPanel Access Level:
    DataCenter Provider
    Hi
    I have now configured and tested that the required RNDC configuration does not break existing cPanel functionality.
    However there is an issue with syncing DNS zones to the cPanel DNSonly.
    We get the following error in /var/log/named/named.log
    Code:
    23-Mar-2018 12:01:03.329 xfer-in: error: transfer of 'mydomain.com/IN/internal' from X.X.X.X#53: failed while receiving responses: REFUSED
    I tried to check how this is normally fixed using BIND nameservers and the configuration is done. But it seems that it tries to create the zone different than the ones created between the cPanel servers.

    Is there a way to allow creating the zones, or would that require a change in the configuration of the sending server, so that it structures the zones differently
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,214
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Could you provide specific details about the changes you made and the differences in the zone file? Please provide step-by-step instructions of what you are doing.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. kenneth-vkd

    kenneth-vkd Member

    Joined:
    Apr 1, 2017
    Messages:
    21
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Denmark
    cPanel Access Level:
    DataCenter Provider
    First I generate the RNDC key on the foreign system and add a new file on the cpanel DNSOnly server.
    I then add this line in the top of /etc/named.conf, so that it now looks like this:
    Code:
    include "/etc/rndc.key";
    include "/etc/rndc-5-206-197-215.key";
    I then modify the control block so that it listens on the public facing interface
    Before:
    Code:
    controls {
            inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
    };
    After:
    Code:
    controls {
            inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
            inet 172.16.11.55 port 953 allow { 5.206.197.215; 127.0.0.1; localhost; } keys { "rndc-key"; "rndc-key-5.206.197.215"; };
    };
    Next I modify the options block so that it should allow zone transfers from the listed hosts:
    Code:
    allow-transfer    { 5.206.197.215; 172.16.11.56; };
        allow-update      { 5.206.197.215; 172.16.11.56; };
        allow-notify      { 5.206.197.215; 172.16.11.56; };
        allow-new-zones yes;
    The rest of /etc/named.conf is the default generated from cPanel installation.

    The zonefile it self looks the same on both systems, but the source server does not seem to encapsulate the zones in the "internal" view.
     
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,214
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. kenneth-vkd

    kenneth-vkd Member

    Joined:
    Apr 1, 2017
    Messages:
    21
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Denmark
    cPanel Access Level:
    DataCenter Provider
    So I have now found out why RNDC was not working and zones are now coming to my cPanel DNS only servers without errors.
    However as they are not automatically registered in the configuration file, I cannot perform lookups from outside clients.
    If I try to perform a lookup on a domain that was not created on a connected cPanel server, then it fails with "server can't find domain.tld: REFUSED"
    Is there some kind of tool available for cPanel to have it look in the /var/named directory for any DNS zones that are not listed in /etc/named.conf and then create entries for them.
    It seems the transferred zones are saved like domain.tld and not domain.tld.db, like the other zones. I can create a manual zone entry in /etc/named.conf, but that will leave some manual work when someone is ordering af new domain that is not hosted on a cPanel server.
     
  10. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,214
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    The following command will do this:

    Code:
    /scripts/rebuilddnsconfig
    However, the zone needs to be named $domain.tld.db in the /var/named/ directory for the script to pick them up. Thus, you'd need to setup a hook with your custom script or add a cron job that renames the zone file to the correct format.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice