Introduction
The following guide outlines the steps required to convert an existing DNS cluster to use PowerDNS.
The order of the steps is important especially if you start to use DNSSEC on any of the domains.
This guide assumes that your DNS Cluster is configured in the same manner that is outlined in our DNS Clustering guide:
Performing this on a cluster that is set up in a different manner may not produce the exact same results that are explained in this guide.
You should proceed with caution and be sure that you have backups of all of your accounts before attempting this. Making use of the "Write Only" relationship within your cluster could result in data loss in some situations and is not recommended.
Procedure
1. First convert just one of your DNSOnly servers to PowerDNS with the following guide:
How to switch from BIND to PowerDNS on a cPanel Server
Both BIND and PowerDNS servers can co-exist within the same cluster without issue. However, if you have PowerDNS running on a WHM server, and have enable DNSSEC for a domain, it could cause problems. So enabling PowerDNS on one of your DNSOnly servers should not introduce a risk of problems from that situation.
2. Use the PDNS tools to verify that all zones have been loaded without error.
You can learn how to do this with the following guide:
How to use PowerDNS tools to find zone errors
If there are any errors, you should address those issues before moving forward.
2. Test the DNSOnly member that you have converted to verify that it will resolve all of the zones that it is configured to serve.
One way of doing this would be to run the following script on the DNSOnly server to generate a list of the domains that is configured to serve:
awk -F'"' '/zone/ {print $2}' /etc/named.conf | sed '/^\./d;/^\t*$/d;/\.*\/.*/d;/^view$/d;/^authoritative$/d;/^external$/d;/^internal$/d' | sort -u > domainList.txt
Then, copy the domainlist.txt file that it generated to a different linux server, or to your local linux PC and run the following script to make a dig request for each domain in the list. Please ensure that the dig utility is installed on whatever Linux computer you attempt to use this script on.
awk -F'"' '/zone/ {print $2}' /etc/named.conf | sed '/^\./d;/^\t*$/d;/\.*\/.*/d;/^view$/d;/^authoritative$/d;/^external$/d;/^internal$/d' | sort -u > domainList.txt
If you have trouble using those scripts, you would need to manually test each domain to be sure that it is resolving.
3. If everything has worked fine so far, make an edit to one of the zones from one of your WHM servers to ensure that changes can still be synced to the PowerDNS server without issue.
4. If the edit was successfully synced to the PDNS cluster member and other BIND members without issue or error, repeat steps 1 - 4 for another cluster member.
5. Now that all of the DNSOnly cluster members have been converted to PDNS, Convert one of the WHM servers to PDNS and use PDNS tools to verify that there are no zones that are having trouble.
6. If all goes well, enable DNSSEC for one of the domains on the WHM server, and then configure DNSSEC at the registrar of that domain.
7. Test the domain to be sure that DNSSEC is enabled and working without issue.
8. If that has completed successfully, you are free to begin the process of enabling DNSSEC for the rest of the domains on that WHM server.
Or if you prefer, you could start the process of converting the rest of the WHM servers in the cluster to PowerDNS, and then enable DNSSEC for all of the domains in the entire cluster afterward.
Comments
0 comments
Article is closed for comments.