DNS Cluster Setup Questions
Question 1)
If two-way sync configurations are no longer functional, what is the current solution to make one change, on any server in the cluster (as a site's primary DNS server may be down), and have it automatically update to all other servers in the cluster?
Question 2)
How does one "Edit a DNS Zone" on a DNSONLY server? In "CENTOS 6.5 x86_64 standard " WHM 11.42.0 (build 24)" there are no entries in "DNS Functions" beyond "Synchronize DNS Records" with cPanel DNSONLY.
### Details ###
Current Setup (simplified):
Server A: WHM/cPanel w/ multiple sites.
Server B: WHM/cPanel w/ multiple sites, and FailOver backup for selected sites on A.
Both A and B contain DNS entries for both A and B (manually propagated).
All sites have A and B nameservers defined at their registrars.
Works well, but it's a pain (as there are more than two Servers in reality).
I'd like to add:
C: cPanel DNSONLY.
and enable Clustering. Such that, all have DNS records for all. So:
A has A, B, and C.
B has A, B, and C.
C has A, B, and C.
Per thread: [url=http://www.webhostingtalk.com/showthread.php?t=1308165]Is cPanel DNS clustering working? - Hosting Software and Control Panels - Web Hosting Talk
The solution use to be:
[QUOTE]1. Log into whm on server A, go to the Clustering page, and then add server B with the role of "Synchronize".
2. Log into whm on server B, go to the Clustering page, and then add server A with the role of "Synchronize".
Now when you make a zonefile update on either WHM/cpanel, it will sync to the other server.
In a simplified test with two servers (cPanel [Y] and cPanel DNSONLY [Z]) this still seems to work correctly. All the records from Y show up on Z and all the records from Z show up on Y, and any change to Y gets reflected on Z (see Question 2 though). But, per the newer WHM Guide to DNS Cluster Configuration: [url=http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/ConfigureCluster]Guide to DNS Cluster Configuration [QUOTE]"Warning: Do not use WHM-to-WHM two-way sync configurations. These configurations may cause DNS errors on your servers."
How? Why? Because I'm stupid enough to make different changes to the same site on different servers at the same time, instead of some software problem? ### Repeating the Q's ### Question 1) If two-way sync configurations are no longer functional, what is the current solution to make one change, on any server in the cluster (as a site's primary DNS server may be down), and have it automatically update to all other servers in the cluster? Question 2) How does one "Edit a DNS Zone" on a DNSONLY server? In "CENTOS 6.5 x86_64 standard " WHM 11.42.0 (build 24)" there are no entries in "DNS Functions" beyond "Synchronize DNS Records" with cPanel DNSONLY. Best, Michael
In a simplified test with two servers (cPanel [Y] and cPanel DNSONLY [Z]) this still seems to work correctly. All the records from Y show up on Z and all the records from Z show up on Y, and any change to Y gets reflected on Z (see Question 2 though). But, per the newer WHM Guide to DNS Cluster Configuration: [url=http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/ConfigureCluster]Guide to DNS Cluster Configuration [QUOTE]"Warning: Do not use WHM-to-WHM two-way sync configurations. These configurations may cause DNS errors on your servers."
How? Why? Because I'm stupid enough to make different changes to the same site on different servers at the same time, instead of some software problem? ### Repeating the Q's ### Question 1) If two-way sync configurations are no longer functional, what is the current solution to make one change, on any server in the cluster (as a site's primary DNS server may be down), and have it automatically update to all other servers in the cluster? Question 2) How does one "Edit a DNS Zone" on a DNSONLY server? In "CENTOS 6.5 x86_64 standard " WHM 11.42.0 (build 24)" there are no entries in "DNS Functions" beyond "Synchronize DNS Records" with cPanel DNSONLY. Best, Michael
-
Hello :) Regarding your quote: [QUOTE]and enable Clustering. Such that, all have DNS records for all. So: A has A, B, and C. B has A, B, and C. C has A, B, and C.
While this is not a recommended configuration, it should still function as you intend it to. Personally, I would setup two DNS-Only servers, and have it configured like this: A - Hosting Server B - Hosting Server C - DNS-Only Server D - DNS-Only Server A - Synchronize changes to C and D B - Synchronize changes to C and D C - Standalone D - Standalone In this scenario, you would not need to have the option to edit a DNS Zone on the DNS-Only servers. Simply edit them on the hosting servers and the changes are synced immediately. You may find the following document helpful: Guide To DNS Clustering Thank you.0 -
[quote="Michael-Inet, post: 1625522"> Question 1) If two-way sync configurations are no longer functional, what is the current solution to make one change, on any server in the cluster (as a site's primary DNS server may be down), and have it automatically update to all other servers in the cluster? Question 2) How does one "Edit a DNS Zone" on a DNSONLY server? In "CENTOS 6.5 x86_64 standard " WHM 11.42.0 (build 24)" there are no entries in "DNS Functions" beyond "Synchronize DNS Records" with cPanel DNSONLY.
The setup for this is pretty simple: Server A -> DNSONLY C Server B -> DNSONLY C In other words, each hosting server should be directly clustered to the third server. Security is important here, so I would really recommend using write-only for this. However, this will result in the dnsonly server storing the zones for the two hosting servers, but the hosting servers will not have zones for each other. If you want this setup, you'd need to set the cluster type to 'sync' and configure a reverse trust relationship from the server C to servers A and B. This is really not a good idea though as far as security and performance is concerned. But it that's what you want, sync + reverse trust is how you do it. For question 2), that feature isn't listed, however, you can do either of the following: 1) Switch to a full cPanel instance, 2) Edit the zone from command line and use /scripts/dnscluster to sync it0 -
Hi Michael The reason I'm reluctant to use your example is if a hosting server goes down (A), I must be able to edit the DNS to point their domains to their FailOver backup server (B). Both Hosting Server A and B already contain the same domain record (pointing at A), and I'm not seeing how both A and B trying to Synchronize changes for the same domain to C and D are any different than all being sync'd. Is there a round robin conflict problem? Where you make a change at server A, A sync's to B, B sync's to C, C sync's to A, A doesn't understand it's the original change and then sync's to B, creating an endless loop? {Okay, it's not exactly a loop, but let's keep it simple for the example.} At the end of the day, I just need something without a single point of failure, everybody sync'd to everybody seemed easy and convenient. The warning "two-way sync ... may cause DNS errors" is never explained. So, maybe I should just ask why that is? Best, Michael [COLOR="silver">- - - Updated - - - Thanks Vanessa, [quote="vanessa, post: 1626061">but the hosting servers will not have zones for each other.
Mine have to for FailOver purposes, which is why the long involved question... [quote="vanessa, post: 1626061">2) Edit the zone from command line and use /scripts/dnscluster to sync it
I figured I'd have to go command line... For those that don't know, the zone files are located in the directory '/var/named', files are '*.db' Best, Michael0 -
[quote="Michael-Inet, post: 1626091"> The reason I'm reluctant to use your example is if a hosting server goes down (A), I must be able to edit the DNS to point their domains to their FailOver backup server (B).
In cPanelMichael's example, I don't see any reason why this would not work. Both dnsonly servers would have copies of all the zones from servers A and B, so if either server A or B had an issue, you can edit the zones from any of the other 3 servers. Both his example and mine would resolve this problem for you, but his factors in a little more redundancy.0 -
Hi Vanessa, [quote="vanessa, post: 1626092">In cPanelMichael's example, I don't see any reason why this would not work.
cPanelMichael's example has the same issue with sync that the cPanel documents both he and I linked to warn, "may cause DNS errors on your servers." [quote="vanessa, post: 1626092">Both dnsonly servers would have copies of all the zones from servers A and B, so if either server A or B had an issue, you can edit the zones from any of the other 3 servers.
In his example all changes would have to be made on a hosting server, which would NOT update DNS entries in the other hosting servers in the cluster. {Yes, I kept the example to only three total servers, but there are more than three.} # # # # # # Let's get back to finding the reason behind the warning: - Is the warning because of user idiocy? - Is the warning because of software limitations? Best All, Michael0 -
[quote="Michael-Inet, post: 1626691"> In his example all changes would have to be made on a hosting server, which would NOT update DNS entries in the other hosting servers in the cluster. {Yes, I kept the example to only three total servers, but there are more than three.}
If you have a reverse trust relationship set up, I fail to see how this would be the case. With this setup, if you sync the zone from server A, for example, it will sync to the dnsonly server, and then back to both server A and server B. This setup is obviously inefficient in the fact that it's creating more transactions than necessary, and the more servers you have in the cluster, the worse this is going to be (trust me - I've seen this god knows how many times). But this does accomplish what you want. When you affirmatively stated that it will not work, did you actually test it exactly how it was described? I tried it within one of our labs and it seems to work fine: ServerA -> dnsonly A (sync) ServerA -> dnsonly B (sync) ServerB -> dnsonly A (sync) ServerB -> dnsonly B (sync) (You can also leave out dnsonlyB and the result will be the same) When changes were made to a zone on ServerA, ServerB also received the update. I still also fail to see the reason why you would want server a's zones on server b, and vice-versa. I get the need for redundancy in the event of failure, but you're approaching that problem in the most inefficient way possible. With the setup both of us suggested, if either hosting server fails, all you have to do is re-cluster the other in sync mode and sync all the zones down from the dnsonly server. With that being said, @cPanelMichael's setup is best for your usage case. The setup I previously described accomplishes exactly what you're asking for, but what you are asking for is not ideal in terms of how a DNS cluster should be set up when multiple servers are involved. [quote="Michael-Inet, post: 1626691"> Let's get back to finding the reason behind the warning: - Is the warning because of user idiocy? - Is the warning because of software limitations?
This message is due to the fact that when you have a large number of servers in a dns cluster that are all set to sync mode, the number of transactions required to update all clusters creates more points of failure. It's an inefficient setup. When you have, say, 3 hosting servers in a cluster, a change on one server has to sync to all three, and back to the origin. That's a lot of waste, and one of those servers being down can create a break in the chain, especially if you're daisy-chaining. [QUOTE] How? Why? Because I'm stupid enough to make different changes to the same site on different servers at the same time, instead of some software problem?
Yes. Not you in particular, but cPanel has to take into account that they have novice users too. Sort of like the "WARNING: CONTENTS HOT" message on your coffee cup. #thestruggleisreal0 -
Thank you Vanessa, [quote="vanessa, post: 1626711">Yes. Not you in particular, but cPanel has to take into account that they have novice users too. Sort of like the "WARNING: CONTENTS HOT" message on your coffee cup. #thestruggleisreal
I can work with this. As I stated in the initial post, I have already tested it in a scaled down scenario. In the end I just needed to know that the software itself didn't have a hidden issue in regard to that warning. Best, Michael0
Please sign in to leave a comment.
Comments
7 comments