The DNS Cluster feature set is flexible to allow for an array of configurations. The following guide explains some best practices for cPanel DNS clusters that will help you to avoid problems and unnecessary complexity in your DNS clusters.
- Use direct links from WHM/Web Servers to DNSOnly servers.
- Use Sync relationships with reverse trust enabled. **See "About Reverse Trust Relationships" below.
- Avoid chaining multiple servers between the WHM/Web server and the DNSOnly server for speed.
- Avoid using WHM/Web Servers as the authoritative nameserver for simplicity.
The following diagram shows a very simple example of a DNS Cluster setup with two WHM/Web Servers and two nameservers on DNSOnly:
Although it is possible to use other configuration schemes for your DNS clusters, the above setup provides the best performance, is simple which helps when troubleshooting, and allows for proper communication between all of the servers in the cluster.
In the above configuration, changes to DNS are made in the Zone Editor on the WHM/Web Server and are automatically propagated out to the DNSOnly servers.
The DNSOnly servers serve as the authoritative nameservers for all of the domains on both web servers.
The Reverse Trust relationships (** See below) prevent Webserver-01 from creating/editing a zone that already exists on Webserver-02 and vice-versa.
To set up this kind of configuration, do the following:
- Log in to WHM as the root user on ns1.example.com (DNSOnly).
- Navigate to Home »Development »Manage API Tokens.
- Select the "Generate Token" button.
- Enter a name for your token: "webserver-01 dnsCluster".
- Put a check next to the "DNS Clustering" privilege to enable it.
- Select the Save button at the bottom of the page.
- Copy the API token that you are presented.
- Log in to WHM as the root user on Webserver-01.example.com.
- Navigate to Home »Clusters »DNS Cluster.
- Enable DNS Clustering if it is not already enabled.
- Select the Configure button to add a new cluster member.
- Enter the IP address or hostname of ns1.example.com.
rootas the username.
- Paste the API token into the box.
- Ensure that "Setup Reverse Trust Relationship" is selected. **See "About Reverse Trust Relationships" below.
- Only select "Synchronize Zones Immediately" for newly formed clusters. If you are adding a server to a previously established cluster, ensure that this option is not selected.
- Select "Synchronize Changes" as the DNS Role.
- Select the Submit button.
Repeat the above process until each of your web servers has a Sync relationship with each of your nameservers.
** About Reverse Trust Relationships
A "Reverse Trust Relationship" is defined as one of the following:
- When ServerA has a synchronize relationship configured to ServerB, and ServerB has a standalone relationship configured back to ServerA. This is the ideal and recommended reverse trust variant.
- When ServerA has a synchronize relationship configured to ServerB, and ServerB also has a synchronize relationship configured back to ServerA. This is not ideal because zones will be distributed out to WHM servers that do not own those zones in a multi WHM cluster. While technically not a problem, managing these zones properly can quickly become confusing, and can easily result in problems from user error due to the complexity of the setup.
In step 15 of the above example configuration steps, when selecting "Setup Reverse Trust Relationship", this option automatically configures a standalone relationship from ns1.example.com back to Webserver-01.example.com.
As long as Webserver-01.example.com already has a sync relationship to ns1.example.com, manually logging into ns1.example.com and configuring a standalone relationship back to Webserver-01.example.com is the exact same thing as enabling a "Reverse Trust Relationship".
Reverse trust relationships are important because they allow the servers within the cluster to communicate and properly coordinate DNS synchronization functions.