TransWikia.com

cPanel incorrectly identifying remote DNS server type

Webmasters Asked by Christopher H on December 11, 2020

I have installed cPanel on three servers, 1 x hosting server and 2 x DNSOnly servers.

cPanel is using PowerDNS as the default DNS service. I have created a DNS cluster (as one would when installing cPanel with DNS clustering) however, the hosting server has come back stating the remote server type is BIND and the status of "Requires cPanel update to support DNSSEC."

I have tried to convert both NS to BIND then back to PowerDNS, to no avail. Is anyone aware of what would be causing the hosting server to report both NS as BIND?

cPanel DNS Server Cluster

One Answer

IMPORTANT: Make sure that you're running an up to date version of cPanel and cPanel DNSOnly. Specifically 88 or higher. There are a number of DNS Clustering defects that were fixed recently in 86.

First things first, Any particular reason that you're using "Write Only" as the relationship?

Using "Write Only" as the relationship (as viewed from your WHM server) is problematic for a couple of reasons:

  • You don't get the overwrite protection that the sync relationship provides. If you have more than one WHM server configured with "Write Only" to your name servers, it is possible for one WHM server to overwrite changes made by the other WHM server. If you use the Sync relationship, one WHM server will check to make sure the other WHM server in the cluster does not already control the zone before writing to it. You want to use the sync relationship unless you're doing something strange.
  • You don't get the automation. The "Write Only" relationship makes it so that you have to manually sync changes from your WHM server to your name servers. If you use the sync relationship a change that your customer makes in the cPanel interface is automatically pushed out to the name servers without them needing to open a ticket with you to have you manually push the button.

Check out this guide for some diagrams: Guide to DNS Clustering

And this doc for an explanation of the roles: DNS Cluster Docs

The server’s DNS role. You can choose from the following options:
Standalone — This method fetches DNS records from the remote server, but does not write records from the local server to the remote server.
Synchronize changes — This method synchronizes records between the local server and the remote server. However, you must also select Synchronize changes on the remote server for changes to propagate to the local server. Most administrators use this setting.
Write-only — This method pushes the local server’s records to write to the remote server, but does not query records from the remote server to write to the local server.
Important:
A Write-only server pushes records to the remote server without conflict resolution or checks. Two Write-only servers that attempt to write changes to a matching record on the same remote DNS server will cause a conflict and may corrupt data.

Now onto your actual question (which as you'll see is related to the above):

My bet is that there is a problem with the reverse trust relationship on your existing write only configurations. You can probably solve this by recreating them as sync relationships.

Do this by first removing the relationships entirely.

When you recreate the relationships, choose the sync relationship, and then also select the "Reverse Trust" relationship checkbox in the process of recreating them, it should end up working its self out.

That is assuming that your name servers are legitimately running PDNS and not bind.

Answered by thahostingadmin on December 11, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP