Skip to main content

84.05 DNSSEC

Radeonpower
Hi, I just updated my WHM server to 84.05 and the DNS only servers as well. I cannot get the DNSSEC to work, I've tried to remove them and re-add enabling "Setup Reverse Trust Relationship" but the option does not stick after saving. "Server needs reverse trust set up to auto-propagate DNS updates." Any ideas?

Comments

13 comments

Date Votes
  • garconcn
    I've the same issue
    0
  • RazvanZ
    Hello! I just updated my WHM server and the 4 DNS Servers that are in the DNS Cluster, and I encounter the same error like you. I followed the next steps:
    • Full yum-update on all 4 DNS servers
    • Full update / upgrade via the GUI on the 4 DNS Servers
    • Full update on the WHM Bare Metal server
    • Restart on the 4 DNS Servers and the WHM server
    • Resync the API Key (I thought that this might be an issue, but is not)
    What I am missing?
    0
  • cPanelLauren
    Can you tell me the exact steps you've taken? The blog goes over a bit of this here as well: DNSSEC Clustering Now Available with PowerDNS | cPanel Blog
    0
  • cPanelLauren
    Hi @RazvanZ I believe there might be an issue here and to get you the fastest support, can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved. Thanks!
    0
  • RazvanZ
    Hi @cPanelLauren I've just opened a Support Ticket where you provided, but from my experience (I've been working with cPanel since 10 years) my ticket will get an response within ~14 days, and this will not help me. This server is in production, and we can't afford this kind of issues, generated by an "stupid" update of cPanel. I hope you got my kind of "frustration" and it's nothing personally. The ID of the ticket is: 13651337 Thanks a lot, Razvan
    0
  • slim
    I have the same issue.
    0
  • AlbertoFX
    Same error here after update to 84.0.5 How can we fix this? Its urgent Thanks
    0
  • Duplika
    Same issue here, though it happens only on a few servers. Not sure why 2 of our servers do not report this problem, all have same configuration.
    0
  • cPanelLauren
    Hi @cPanelLauren I've just opened a Support Ticket where you provided, but from my experience (I've been working with cPanel since 10 years) my ticket will get an response within ~14 days, and this will not help me. This server is in production, and we can't afford this kind of issues, generated by an "stupid" update of cPanel. I hope you got my kind of "frustration" and it's nothing personally. The ID of the ticket is: 13651337 Thanks a lot, Razvan

    Thank you for opening a ticket, I've worked here and with tickets for quite a while and I've never seen anyone wait 14 days for a response from tech support. I am sorry if that's the experience you've had at any point in the past but I can assure you that it is not the standard. In this instance, I see that you received a response 10 minutes after you opened the ticket and the issue appears to have been resolved. The analyst noted the following: [QUOTE]The error indicates that your DNSONLY servers are not configured to connect back to the main WHM server. The fact that we display an error in the DNS clustering interface regarding this is new in 84. Prior to 84, there wouldn't be any problem noted in the interface In version 86, we'll have a way for this to be auto-configured when setting up the cluster members on your WHM server, but for now, it needs to be manually set up on each cluster member.
    And he took the following steps to resolve the issue for you: [QUOTE]1. On The webserver, generate an API token for each cluster member with the DNS clustering and server-status privileges. You could also use one single token, but that is not the best practice. Using a separate token for each server makes it so you can revoke a token for one specific server without affecting the others. 2. On the DNSONLY server, enable DNS clustering, and then configure it to connect to the webserver server in standalone mode, using the API token you created in step 1.
    Can you confirm that the issue is now resolved? Also for anyone else experiencing this issue, please let us know if this does not resolve the issue. Thanks!
    0
  • cPanelLauren
    I didn't want to create a new thread for something similar but I can't get DNSSEC working.
    • CentOS Linux release 7.7.1908 (Core) / 11.84.0.5 / virtuozzo
    • Nameserver Selection > PowerDNS
    • clicked "requires external nameservers in resolv.conf) > Left 3 resolver IP's as default.
    • DNS Cluster - tried while enabled and then disabled. When enabled, status states "Requires cPanel update to support DNSSEC." Multiple backend types but don't want to edit anything as I've never configured that before.
    • DS record added at registrar.
    • DNSViz states RRset bogus and .com to domain is bogus
    • dnssec-analyzer.verisignlabs.com states no DNSKey records found and No RRSIGs found
    What am I missing?

    Are all of the servers running 84.0.5 or just the webserver? DNSSEC with Clustering while using PowerDNS is brand new as of this release if you'd like to use it all servers in the cluster need to be on 84.0.5
    0
  • RazvanZ
    Thank you for opening a ticket, I've worked here and with tickets for quite a while and I've never seen anyone wait 14 days for a response from tech support. I am sorry if that's the experience you've had at any point in the past but I can assure you that it is not the standard. In this instance, I see that you received a response 10 minutes after you opened the ticket and the issue appears to have been resolved. The analyst noted the following: And he took the following steps to resolve the issue for you: Can you confirm that the issue is now resolved? Also for anyone else experiencing this issue, please let us know if this does not resolve the issue. Thanks!

    Yes, now it functions. This was the fix in my case. Thanks.
    0
  • garconcn
    1. On The webserver, generate an API token for each cluster member with the DNS clustering and server-status privileges. You could also use one single token, but that is not the best practice. Using a separate token for each server makes it so you can revoke a token for one specific server without affecting the others. 2. On the DNSONLY server, enable DNS clustering, and then configure it to connect to the webserver server in standalone mode, using the API token you created in step 1 Thanks!

    This does solve the issue. I didn't know that I need to enable dns cluster on the two dns-only namesservers as well. Here's my setup: on cPanel server, enable dns cluster, add two nameservers and chose "Synchronize Changes" role. Create API token on cpanel server and add it to both nameservers. On nameservers, enable dns cluster, add the cpanel server and chose "Standalone" role. Create API token on two nameservers and add them to cpanel server. Thanks
    0
  • cPanelLauren
    @cPanelLauren, thanks for the prompt reply. It's just my VPS. I'm unsure about the parent server. I don't care if it's DNSSEC using PowerDNS or BIND, but I read BIND isn't supported well yet. So are there any steps I'm missing or do I just need to find out the version for parent server(s)?

    We only support DNSSEC with PowerDNS and prior to the v84 release we didn't support the use of it with DNS Clustering. So, if you would like DNSSEC, I'd recommend updating all servers in the cluster to v84
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post