Using one set of DnsOnly for multiple customers

[ilanh]

We provide VPS with cPanel for customers and want to provide a predefined set of DnsOnly servers that WHM server owners can use.

Current problem is that even if we define sync changes from customer to DNS and no reverse from DNS to customer, customers can see and edit all zones stored on DNS servers.

Do I need to create a separate BIND user for each reseller?
Is it possible to limit the zone sharing between servers?

 

[cPanelMichael]

Hello

It's not advised to configure a DNS cluster with cPanel DNS-Only if the servers in the cluster belong to separate individuals or companies due to the nature of how zones are shared. There's an open feature request for this at:

Ownership and access control of zones in the dns server.

Thank you.

 

[alex[nl]]

I read the ownership link in detail but it is unclear to me, and as I am currently setting it up a follow up question to the above scenario. I try to be as clear as possible. If you would setup as following, with 2 webservers and 2 dns only servers:

If you would add the 2 dnsonly servers in the cluster on each of the web servers
web1
web1.bla.com -> synchronise changes -> dns1.bla.com
web1.bla.com -> synchronise changes -> dns2.bla.com

web2
web2.bla.com-> synchronise changes -> dns1.bla.com
web2.bla.com-> synchronise changes -> dns2.bla.com

And you would add
web1.bla.com -> standalone on dns1.bla.com
web2.bla.com -> standalone on dns1.bla.com

If I would change somedomainonweb1.com hosted on web1.bla.com, would it apear in the dns settings on web2.bla.com ? Is there a need to add web1/web2 on any of the dns1/2 servers in their respective cluster settings at all? If you do not add them web1 will send all records to dns1/2 even though it is not mentioned in the cluster settings on dns1/2.

 

[cPanelMichael]

If I would change somedomainonweb1.com hosted on web1.bla.com, would it apear in the dns settings on web2.bla.com ? Is there a need to add web1/web2 on any of the dns1/2 servers in their respective cluster settings at all? If you do not add them web1 will send all records to dns1/2 even though it is not mentioned in the cluster settings on dns1/2.

Both hosting servers will show the zones from both servers listed under "Edit A DNS Zone" in WHM if you connect both servers to the same DNS cluster. DNS clusters are not designed for sharing between separate hosting companies, which is what the feature request seeks to address.

Thank you.

 

[alex[nl]]

That's too bad. I hope the feature request eventually gets picked up (it was opened after a forum discussion more than 5 years ago).