cPanel: How to replicate DNS zones to external Bind server without views

cpanel logoisc bind logopowerdns logo

 

 

 

I’ve got a complain from the customer of my recent cPanel server installation that his DNS zones are not replicated by our main DNS servers and therefore they have problems.

We are using custom system to pull slave zone configuration from cPanel servers (I’ll explain it later in separate post) which allows us to use regular ISC Bind servers as slaves to the cPanel masters.
I’ve checked logs and they were right – zones were not replicating.

I manage more then one cPanel server with similar configuration and only this one most recent was giving me problems with zone update.
The only difference between other, working cPanel servers and the problematic was the Bind server software version – Centos7 ships with 9.11.4 version of it.
My first guess was that zone vew didn’t match – master server has one huge default view (don’t ask) while standard customer cPanel bind configuration has 3 separate view – “local_resolver”, “internal”, and “external” (I could have been wrong about views restriction, but I will get to that later).
For slave zone replication I am using slightly modified brilliant PHP script which saves me the hassle dealing with “dns-only” cPanel. Alas, while slave zones were properly configured on master Bind server it still refused to replicate zones from cPanel with an error “NOT AUTH” and I suspected that it wanted to replicate zones with the same view.
The obvious solution would be creating views on slave servers and move cPanel zones there, but that would be hundreds of zones and god knows what other complications.
Less obvious but more efficient was switching cPanels from Bind to PowerDNS. PowerDNS is not view-aware, so this restriction is gone. You will need to turn on zone replication in /etc/pdns/pdns.conf look for the line starting from “allow-axfr-ips” and add your slave DNS servers IP there.
After starting PowerDNS you will see that slave server can replicate zones from cPanel server. Problem solved.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">