DNS Cluster: setup reverse trust from CLI or API
Not Planned
As a System Administrator, I would like to have the ability to enable DNS reverse trust from CLI or API, so that allows me to fully automate cPanel servers deployments without any manual steps.
In our setup, this is the only outstanding manual step we have to perform on each newly deployed cPanel server.
Files:
reverse trust.png
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
This was also an issue for me.
With many WHM servers and DNSONLY servers inside a VPC upgrading the fleet is very tedious b/c Reverse Trust cannot be established with the DNSONLY machines.
This is b/c when WHM requests the reverse relationship, it sends its private IP address to the DNSONLY machine - which will not work b/c the DNSONLY machine cannot communicate with the WHM server over private IP.
This is an oversight in cPanel functionality as it should not be using private IP addresses to establish this connection. It should always use Public IP addresses to allow NAT setups to work.
I spent a while on this and here's what I found.
There is an official cPanel Case (CPANEL-36284) and article for a manual fix. However this is not ideal and I needed to automate and rely on a solution going forward.
https://support.cpanel.net/hc/en-us/articles/360056344314-DNS-Cluster-reverse-trust-setup-fails-for-NAT-to-non-NAT-systems
I ended up using a iptables rule that would let you direct the traffic from private to public:
You would replace $private with the private IP and $public with the Public IP address.This was also an issue for me.
With many WHM servers and DNSONLY servers inside a VPC upgrading the fleet is very tedious b/c Reverse Trust cannot be established with the DNSONLY machines.
This is b/c when WHM requests the reverse relationship, it sends its private IP address to the DNSONLY machine - which will not work b/c the DNSONLY machine cannot communicate with the WHM server over private IP.
This is an oversight in cPanel functionality as it should not be using private IP addresses to establish this connection. It should always use Public IP addresses to allow NAT setups to work.
I spent a while on this and here's what I found.
There is an official cPanel Case (CPANEL-36284) and article for a manual fix. However this is not ideal and I needed to automate and rely on a solution going forward.
https://support.cpanel.net/hc/en-us/articles/360056344314-DNS-Cluster-reverse-trust-setup-fails-for-NAT-to-non-NAT-systems
I ended up using a iptables rule that would let you direct the traffic from private to public:
You would replace $private with the private IP and $public with the Public IP address.Howdy,
Going to mark this not planned as it's not on our current roadmap. We will update this in the future when we have more information on when it will be roadmapped.
Dustin Scherer (he/him) | Product Owner | @dustinscherer
Howdy,
Going to mark this not planned as it's not on our current roadmap. We will update this in the future when we have more information on when it will be roadmapped.
Dustin Scherer (he/him) | Product Owner | @dustinscherer
As of now, creating the DNS cluster connection will not work without this step. I wouldn't say this is a feature... more like a regression.
As of now, creating the DNS cluster connection will not work without this step. I wouldn't say this is a feature... more like a regression.
Yep, it also appears that we aren't able to edit the failure threshold settings or I presume re-enable the nameservers without logging into WHM on each server.
Yep, it also appears that we aren't able to edit the failure threshold settings or I presume re-enable the nameservers without logging into WHM on each server.
Replies have been locked on this page!