Skip to main content

DNS Cluster work for a little while then bombs with "Requires cPanel update to support DNSSEC"

Comments

7 comments

  • cPanelLauren
    Hello, Is it stopping replication? This should just be a notice about DNSSEC but it is related to an internal case we have open currently - CPANEL-30161. As of right now if you Want DNSSEC to be usable you must have it enabled on ALL cluster members. In this instance, it doesn't sound like it's something that you want/need and as such, until the internal case is resolved I'm not seeing any reports of failures to synchronize.
    0
  • eugenevdm.host
    Hi @cPanelLauren, thanks for the reply. [QUOTE] Is it stopping replication?
    Replication worked for one record, then stopped working. [QUOTE] should just be a notice about DNSSEC
    When the notice appears the UI breaks, no more dropdown to choose type and click "Save" button. I'll wait for a fix. [QUOTE] you must have it enabled on ALL cluster members
    How to I DISABLE DNSSEC on all cluster members? This would be a good start. Could you confirm the following configuration is correct: Web Server:
    • Nameserver Selection - Disabled
    • DNS Server #1 - Write only
    • DNS Server #2 - Write only
    • DNS Server #3 - Write only
    DNS Server #1 : * Web Server - Synchronize DNS Server #2 : * Web Server - Synchronize DNS Server #3 : * Web Server - Synchronize
    0
  • eugenevdm.host
    I've logged a ticket. This DNS Clustering is very confusing, and broken. A simple setup keeps on reverting to DNSSEC issues even though we don't use DNSSEC at all.
    0
  • cPanelLauren
    Hello, That's the problem, right now, you can't disable DNSSEC and you MUST have PowerDNS on ALL cluster members. That's why the case was opened, initially. Until it's resolved, the only workaround is to have a nameserver installed on all servers.
    0
  • eugenevdm.host
    [QUOTE] you MUST have PowerDNS on ALL cluster members
    Interesting, as we have two Web servers, the one is working perfectly, and it has no DNS server. It's disabled. The disabled one works. The enabled one doesn't work. The ticket is going on 48 hours now starting to loose faith that someone can tell me what's going on here. I'm still unsure if the architecture of standalone x 4 and write write is supposed to work. This is the most simple DNS configuration in the world.
    0
  • eugenevdm.host
    Any comment on why I have to repeatedly create new API tokens?
    0
  • cPanelLauren
    @eugenevdm.host It's possible that's related to an issue with reverse trust being auto-generated when you select the checkbox in the configuration. I checked in on your ticket and it appears that this question was addressed in there as well and we were awaiting your response to confirm that everything is functioning as intended.
    0

Please sign in to leave a comment.