Yet another dns cluster question

[classical]

Hello again in the previous thread i didn't get answer, so now i create following scheme:

My goal is to use web2 and ns3 as primary and secondary namservers for web1, if i add/change dns zone on web1 it must synchronize to web2 and web3, but i do not want in web1's WHM to be able to change web2's dns zones. for this purpose i firstly configure web1's cluster and add there web2.example.com and set dns role as synchronize same i did at web2.example com but instead of synchronize dns role i set stand alone.(note: web2.example.com is linked to ns3.example.com) Now when i add zone in web1.example com changes synchronizing to web2.example.com and ns3.example.com but the problem is that im able in web1's interface to change/delete web2's zones (which was there before) i don't need this, so how can it be disabled ?

 

[cPanelDavidG]

Standalone vs. Synchronize doesn't affect if a zone is synchronized/editable by a server, it only influences the mechanism driving when those zones are shared.

On Synchronize (which should be used for cPanel&WHM servers): all updates are immediately pushed out to all other cluster members, including those set to "standalone"

On Standalone (which should be the DNSONLY servers): updates are not pushed automatically as they happen. Instead, they synchronize when a server set to "Synchronize" goes to synchronize its records with this server.

By adding a server to the DNS cluster, you are explicitly creating root trust relationships. The only way to keep one server from editing another server's records is to keep it entirely out of the DNS cluster.

That diagram is also very inefficient and closely mirrors our diagram of what NOT to do on Guide to DNS Cluster Configuration . I recommend having any cPanel&WHM servers be connected directly to the DNSONLY server rather than through another cPanel&WHM server to get to the DNSONLY server.