DNSOnly, DNS Cluster "Could not communicate with remote API server."
Hello All,
Does anyone have any suggestions on rectifying this error?
I've attempted to cluster NS1 & NS2 to syncronize records. For the purpose of fault finding I've removed any limitations on the API token's access to include all privillages as well as removed specific whitelisted IP's for the API token, as well as network traffic to port 2087. When clustering it seems there is also an issue configuring a reverse trust relationship.
Name Server 1 (NS1)
CPanel DNSOnly
Cpanel Version: V98.0.8
DNS: PowerDNS
InBound Port Configuration: 22 TCP, 25 TCP, 53 TCP/UDP, 443 TCP, 953 TCP/UDP, 2087 TCP
OutBound Port Configuration: 25 TCP, 53 TCP/UDP, 443 TCP, 953 TCP/UDP, 2089 TCP
Resolver Configuration: 8.8.8.8, 8.8.4.4
Static IP Assigned
Name Server 2 (NS2)
CPanel DNSOnly
Cpanel Version: V98.0.8
DNS: PowerDNS
InBound Port Configuration: 22 TCP, 25 TCP, 53 TCP/UDP, 443 TCP, 953 TCP/UDP, 2087 TCP
OutBound Port Configuration: 25 TCP, 53 TCP/UDP, 443 TCP, 953 TCP/UDP, 2089 TCP
Resolver Configuration: 8.8.8.8, 8.8.4.4
Static IP Assigned
-
It's worth noting I have reviewed the following articles; . 0 -
Hey there! Are you getting the "Line 529" error as mentioned in the second article you linked? If so, that's a known issue and something that we're looking into. The current recommendation to ignore the error if the cluster is working is a valid workaround, as our developers are working to resolve the issue. If you're seeing a different error message, it would be best to submit a ticket to our team so we can check this out directly on the affected system(s) as it seems you've already done a good bit of troubleshooting to try and isolate the issue. 0 -
Hello cPRex, Unfortunatley I'm not seeing that, but could have missed it? Looking at the session_log there were several HTTP 200's for POST/GETs so it doesn't look to be timing out in anyway. I may purge all my logs to slim them down and see if I can Identify any timeouts., if I don't I shall raise a ticket. Out of interest can you confirm that "they" should be communicating over 2087 so I can remove 443 from my configured open ports? I'm also interested to know if the following token permissions are sufficent or can they be slimmed down futher for a "Synchronize Changes" Role between NS1 & NS2 ; Initial Privileges Managed DNS Records Nameserver Configuration DNS Add DNS Zones Remove DNS Zones Clustering DNS Clustering 0 -
I would be expecting communication to happen over 2087 for the cluster connection. You only need the DNS Clustering option for the token, and we have that outlined in the guide here: cPanel DNS Cluster Guide 0 -
Excellent, thanks for the quick responses. Will get back to digging through logs. Many thanks cPRex. 0 -
You're very welcome! 0 -
Perhaps the issue is related to this? cPanel We've had that issue for a long time now, and still waiting for a solution, and it seems like we're going to be waiting for a while... 0
Please sign in to leave a comment.
Comments
7 comments