DNS Cluster Configuration

DNS Cluster Configuration, DNSOnly & DNS Admin

Presenters:Dave Lanning & Jesse Asklund

Sunday, October 18, 2009

Dave Lanning

• Studied Computer Science and Discreet Mathematics at Texas State University

• Began working in Webhosting in 2005• Started at cPanel in November 2007• Currently a Level III Technical Analyst with

cPanel and a member of the new Migrations Team


Jesse Asklund

• Began working in Webhosting at in 2003• Started at cPanel in July 2007• Currently a Technical Analyst, and the Migration

Team Coordinator at cPanel


Synopsis

• What are DNS Clusters?• How the synchronization process works• Cluster Topology• Cluster Maintenance/Administration• Cluster Troubleshooting


• In its simplest form a DNS Server is a single machine connecting a domain name to an IP

• A DNS Cluster is a group of DNS Servers working together as a robust infrastructure telling the world what IP a domain is associated with

• Most of the world’s DNS Clusters are Master/Slave

• In the eyes of cPanel Master/Slave DNS Clustering is not an acceptable solution

What is a DNS cluster anyway?


The cPanel DNS Cluster

• We take DNS clustering far past Master/Slave

• WHM allows you to configure as many cluster nodes as you wish

• cPanel offers a FREE DNS-Only WHM version

DNS-Only installerhttp://httpupdate.cpanel.net/latest-dnsonly


http://httpupdate.cpanel.net/latest-dnsonly

http://httpupdate.cpanel.net/latest-dnsonly

The main WHM process cpsrvd drives the cluster mechanism via dnsadmin• /usr/local/cpanel/cpsrvd ( non-SSL via port 2086 )

- /usr/local/cpanel/whostmgr/bin/dnsadmin• /usr/local/cpanel/cpsrvd-ssl ( SSL driven via port 2087 )

- /usr/local/cpanel/whostmgr/bin/dnsadmin-ssl

How the Synchronization Process Works

1. cpsrvd spans all cluster members locating zone files of the same name2. The serial number within each zone is referenced3. The zone containing the largest serial number is copied to all cluster members


Single Server DNS

• WHM offers 3 choices for standalone DNS configuration

• Cached DNS via BIND• DNS via NSD• Disabled DNS


Creating your cluster Schema

The One-To-One WHM Clusterone WHM node clustered with another WHM node


Creating your cluster SchemaMultiple WHM node-to-node Clustering

More than 2 Fully Functional WHM Servers

Scenario - 8 WHM machines- Each set to “synchronize changes”- Every DNS edit would cause each WHM machines to run a sync process➡49 connections would take place✴7 valid and 42 wasted connectionsIn relative terms if 1000 dnsadmin requests were to take place that would net 42000 useless connections.


Creating your cluster SchemaDNS-Only Clustering

1 or more WHM nodes + 1 or more WHM DNS-Only nodes


Creating your cluster SchemaImproper Cluster Arrangements

The Daisy Chain

A node connecting to a node ... connecting to a node ... connecting to a node ... connecting to a node ...


Creating your cluster SchemaImproper Cluster ArrangementsThe Chicken vs The Egg Cluster “Arrangement”

A node connecting to a node ... connecting to something ... arguing with a node ... connecting to Sarah Jessica Parker looking like a horse ... why am I here?


Cluster AdministrationCreating Your Cluster

★ Clustering is now enabled – Now nodes must be configured

• Login to WHM Main >> Cluster/Remote Access >> Configure Cluster

• Click “Enable DNS Clustering”• Click “Change”• Click “Return to Cluster Status”


• Cluster Administration• Below the “Add a new server to the cluster section within Main >> Cluster/Remote Access >> Configure Cluster you will see “Server Ip Address”.

• Enter the IP of the node you wish to add to the cluster and click Configure.

• The Create A Trust Relationship page should now be displayed.‣ Reseller vs Root

Cluster configuration

Creating Your Cluster


Cluster Administration

The Server Remote Access Key

• Obtaining the Server Remote Access key of the node via WHM Main >> Cluster/Remote Access >> Setup Remote Access Key• Obtaining Server Remote Access Key via Command Line Interface ( SSH )

✴ located within file /root/.accesshash

‣ Recreating the Remote Access key access key from WHM Main >> Cluster/Remote Access >> Setup Remote Access Key

✓ Click Generate New Key‣ Recreation of the Remote Access key from Command Line Interface ( SSH ) /usr/local/cpanel/whostmgr/bin/whostmgr ./sethashpwd



Cluster AdministrationThe Server Remote Access Key

• Once all fields are properly filled out – Click Submit✓ You should now see output describing the addition of

the node into the Trust Relationship




• Login to your WHM node Main >> Cluster/Remote Access >> Configure Cluster

• Each cluster member will display it's Hostname, IP Address, Username, Status, and DNS Role.

Assigning DNS Roles

Here you can see that our machine is set to Synchronize DNS changes to the DNS-Only machines but not the WHM node.• Machines you wish to send records to should have the Sync Role• Machines you wish to Simply read records from should be set to Standalone



Synchronizing a zone from the cluster to the local machine‣ via WHM

Main >> DNS Functions >> Synchronize DNS Records >>

Maintaining your clusterCluster Synchronization

‣ via SSH/scripts/dnscluster synczonelocal domain.tld



Synchronizing all zones from the cluster to the local machine‣ via WHM

Main >> DNS Functions >> Synchronize DNS Records >>


‣ via SSH /scripts/dnscluster synczalllocal --full



Synchronizing one zone within the cluster

‣ via WHM Main >> DNS Functions >> Synchronize DNS Records >>


‣ via SSH/scripts/dnscluster synczone domain.tld





‣ via SSH/scripts/dnscluster syncall

Synchronizing all local zones within the cluster





‣ via SSH/scripts/dnscluster syncall --full

Synchronizing all zones within the cluster


Cluster AdministrationMaintaining your clusterProper Zone Administration

Editing Zones

‣ Via WHM

•DNS Alterations within WHM will always be your best bet

‣Via SSH/CLI

• Stick to ee, vi/vim, nano/pico -w• Remember to increment the Serial number within zone file• Finalized? Then sync.


Cluster AdministrationMaintaining your clusterProper Zone AdministrationZone Creation and Termination

‣ Via WHM

‣Via SSH/CLI

• Use /scripts/adddns & /scripts/killdns

Main >> DNS Functions >> Add a DNS Zone&

Main >> DNS Functions >> Delete a DNS Zone


Cluster AdministrationTroubleshooting your cluster

• Are your machines able to reach ports 2086/2087 on peers?➡ Telnet from one host machine to another via those ports to test

vs.



• Use DNSADMIN’s GETZONELIST /usr/local/cpanel/whostmgr/bin/dnsadmin ( 2086 - non-SSL) /usr/local/cpanel/whostmgr/bin/dnsadmin-ssl ( 2087 - SSL)

1) Start DNSADMIN - /usr/local/cpanel/whostmgr/bin/dnsadmin - <press Enter> 2) Give your command - GETZONELIST <press Enter> 3) Execute the command - <press CTRL+d>



• Use DNSADMIN’s GETZONE /usr/local/cpanel/whostmgr/bin/dnsadmin ( 2086 - non-SSL) /usr/local/cpanel/whostmgr/bin/dnsadmin-ssl ( 2087 - SSL)

1) Start DNSADMIN - /usr/local/cpanel/whostmgr/bin/dnsadmin - <press Enter> 2) Give your command - GETZONE <press Enter> 3) Specify the zone - zone=domain.tld <press Enter> 3) Execute the command - <press CTRL+d>


Questions & Answers


Documents

DNS Cluster Configuration