Synchronising the deletion of zones...
This might be one for a support ticket, but I'd appreciate any advice anyone can give me on this...
We are using a standard DNSOnly cluster - configured the recommended way. i.e as follows...
1. Four DNSOnly cluster nameservers
2. Each cpanel server is configured to "synchronise changes" with these servers individually
3. The cluster nameservers do not sync with each other
4. Each cpanel server does not have the nameserver service enabled
BUT - in addition to this, we have a 5th cluster server configured in the following way...
All cpanel servers are set to "synchronise changes" with this server in the same way as above - however, this DNSOnly nameserver also syncs with the four main cluster servers (as if it was a standard cpanel server).
We had to do this to allow for DNS management from our billing system for domains that are not in cpanel. There is no other way around it as far as I know. So when a client wants to configure the DNS for a domain that is not hosted, we use a module in the client software which creates a new DNS Zone on NS5 and this then syncs with the rest of the cluster. It also allows them to manage their existing DNS (hosted) zones from within their client account, outside of the cpanel interface.
If we look on any of the cpanel servers, we can see all DNS zones from all servers. I think that's due to the additional syncing of NS5 with the other nameservers. It has to be done this way to allow the client to edit their DNS zone from the client area.
Everything works ok, except that when a zone is deleted from any cpanel server, it is correctly removed from that server and the nameservers, but is retained on all the other cpanel servers. So in a scenario where a client deletes an addon domain from one plan and then wants to add it to a different plan on a different server, they will always receive the error that a DNS Zone already exists and we have to manually kill the zone.
I can't find a way to make sure that when a zone is deleted from one server, it is deleted from all servers. There is no problem with the domain being deleted from the nameservers - that works fine, but the zone is always left behind on the remaining cpanel servers.
I'm sure we've got this wrong somewhere but as yet we've not found a solution that works to provide the functionality we need.
Looking for some advice.
-
If I have the right of it the configuration is something like this: Webserver -> NS5 -> NS1-NS4 Are you syncing NS5 back to the webserver? I can't think of any other way for the Webservers to get the DNS zones added on NS5 0 -
Thanks for your reply Lauren. All the web servers are syncing with NS1 to NS5 i.e each of the nameservers has been added to every web server via the "DNS Cluster" option in WHM with "synchronise changes". The web servers synchronise independently with each nameserver in the standard way. At the same time, NS1 to NS4 have been added to NS5 in the same way as above - as if NS5 is a web server. Only NS1 to NS4 are used as actual nameservers, NS5 is purely used to manage the zones. The client can edit their existing zone in their client area and it will modify the zone on NS5 - they can of course also modify their zone in cpanel too on the actual web server it is on (if the domain is hosted). So it's more like Web Server --> NS1-NS5 And NS5 --> NS1-NS4 We had to set this up to provide an option for the clients to have DNS services for domains that are not hosted - just registered. There has never been any other way to do this - than use a different DNS system and different nameservers, then ask the client to switch nameservers if they want to host the domain - which is not a desirable situation. It stands to reason that we would want to allow the client to manage all their DNS records from one interface on our main nameservers. The only other way to do it would be to set up every domain with a cpanel account - but again, that's not really appropriate. Your introduction of a "DNS Node" according to my current understanding - will highlight this problem more. It doesn't allow for a seamless transition between hosting plans - or upgrades as you will always end up with the problem of the DNS zone already existing. Anyway...So when a client creates a new Zone from their client area, it essentially creates this on NS5 and then it is saved and synced with the four other nameservers. We could easily have simply used a cpanel web server as the "DNS management" server here. All we want to do is add and edit the zones on a server which is then syncing with the main nameservers. We use a DNSOnly license for this because it is currently free of charge. Because of the way it is configured, all zones on all servers end up being copied to all web servers too. As mentioned, the problem arises when you delete a zone from any web server, or from NS5. the zone is removed from NS1 to NS5 and from the web server you delete it from - but it doesn't get deleted from any of the other web servers, making it impossible to add a domain that was previously hosted, without manually deleting the zone first. I think you may have hinted at a possible solution though. Should we set up NS5 as an "interim" nameserver - in the middle? So... set up NS5 on all web servers to sync - but then only add NS1 to NS4 onto NS5 so it goes Web Server --> NS5 -->NS1 NS2 NS3 NS4 as you mentioned? My worry about that is - if there's a problem with NS5 - all the other nameservers could be affected. In the standard set up - all nameservers are independent. 0 -
I think you may have hinted at a possible solution though. Should we set up NS5 as an "interim" nameserver - in the middle?
Yea it seems the best way to do this is set up NS5 as the middle man so to speak - Ultimately what you want to avoid is NS5 syncing back to the webservers All webservers sync to it then it syncs to the NS but you're correct, doing it this way does pose the concern if there is an issue with NS5 everything could be affected. But syncing all the nameservers to NS5 is an issue. This is a pretty standard configuration - using the primary NS as an intermediary:0 -
I'm still not sure it would work. You said syncing all the nameservers to NS5 is an issue - but strictly speaking the nameservers are not syncing with anything. NS5 syncs to the nameservers just like one of the web servers and that would be essential in order to make sure any edited zones are updated correctly. The problem would more likely be the fact that all the web servers are syncing with NS5 - or have I got my wires crossed? I'm not 100% sure about what causes the zones to get pushed to all the web servers and what causes the deleted ones to remain on the web servers. I don't want to make drastic changes if it's not going to work. Can you help me understand what is the specific cause of this issue? What I really want to do is make sure there is the functionality for our customers to manage their DNS seamlessly, whether their domain is simply registered and they don't have hosting, or whether it is hosted. I see this as a basic, fundamental requirement for a web host to offer to their clients - and for at least the last decade, it has been a huge source of frustration for us that there is not a good workable solution for this. The introduction of a "DNS Node" appears to be designed specifically to allow clients to manage their "non hosted" domains - but it doesn't look like any thought has been put into how they would transition between that and a hosted solution, so this will continue to be a problem going forward. We need a seamless process. Customer purchases a domain and can avail of DNS services using our nameservers and then when they want to host the domain, it should be added to a server without any hiccups. Currently and with your new DNS Node, we don't / won't have any automation at all - which I see as a definite step backwards. 0 -
The only thing that you want to restrict is NS5 syncing back to the webservers. It's fine for NS5 to have all the zones, in fact, it should have them all being the intermediary - you mentioned above that it was syncing back to the webservers and that would definitely cause them all to have ALL zones. I just realized something else you mentioned and I missed it: All the web servers are syncing with NS1 to NS5 i.e each of the nameservers has been added to every web server via the "DNS Cluster" option in WHM with "synchronise changes". The web servers synchronise independently with each nameserver in the standard way.
To clarify - if the web servers are all synchronizing with ns1-ns5 what is the configured DNS role on the nameservers in relation to the webservers? IMO this should be standalone with an exception for NS5 I see a couple of options for NS5 based off of what you need. - If NS5 does not need the DNS records for the webservers you could configure it to write-only its changes to the nameservers ns1-ns4 and their relationship to it would be standalone - If NS5 does need the DNS records for the webservers and needs to send its records to the nameservers the best way would be the relationship as follows:- ALL webservers sync changes with NS5 only
- NS5 does not sync back to the nameservers (standalone) in the DNS Cluster config back to the webserver
- NS5 syncs as write-only to the nameservers
- NS1-NS4 are linked to NS5 as standalone
The introduction of a "DNS Node" appears to be designed specifically to allow clients to manage their "non hosted" domains - but it doesn't look like any thought has been put into how they would transition between that and a hosted solution, so this will continue to be a problem going forward. We need a seamless process. Customer purchases a domain and can avail of DNS services using our nameservers and then when they want to host the domain, it should be added to a server without any hiccups. Currently and with your new DNS Node, we don't / won't have any automation at all - which I see as a definite step backwards.
DNS node is specifically for non-hosted domains, you're correct. I believe your concerns have already been brought up internally as well. I do know as they move through iterations of versions they had discussed this being a point they wanted to address.0 -
Thanks for talking this through with me Lauren it helps. I don't want to have a weak point in the middle of it so I think that solution is probably not going to work either. I want to avoid having separate nameservers for domain registrations only and I want to avoid having a point of failure with the "intermediary" nameserver idea. Surely others must have achieved this while still having a resilient cluster - it shouldn't be so difficult. It actually works fine the way we set it up, with the exception of the zones not getting deleted, so I think I will need to go back to my original thought - which is "how do I get the zones deleted from all servers when a zone is deleted on one of them"? I'll put some thinking time into that one. 0
Please sign in to leave a comment.
Comments
6 comments