Guide to DNSSEC Manager Cluster Edition (cPanel)

Where do I install Plug-in for signing zones in a Cluster?

This plugin gives you the WHM interface for signing/unsigning domains. You can install the plugin on any server in the cluster as long as zone changes in that server are reflected throughout the cluster. If your present configuration involves multiple servers and you are adding DNS records in just one server, then the plugin is needed only in that server.

Where do I install Tracker and Listener?

Key point to note is that Tracker is needed for a server if it is syncing it's DNS records to any server in Cluster. Any server that only accepts DNS records needs the Listener daemon.

What are Tracker and Listener Daemons?
Installing DNSSEC plug-in in a server alone will not enable DNSSEC throughout the cluster. Tracker and Listener daemons are needed for this.
Tracker: A service that pushes signed zones to other server's Listeners in its reach
Listener: A service that accepts signed zones from a Tracker

The following are typical scenarios where clustering is configured in cPanel.


Scenario 1




Scenario Description:

Based on the diagram above, let us assume that Server 1 (number “1”), is the Web Server. This server runs the full version of cPanel/WHM (v.11.38 or later). The rest of the servers - server 2 (number “2”), server 3 (number “3”), server 4 (number “4”), server 5 (number “5”) can run DNS-only versions of cPanel or the full version of cPanel.

Server 1 need not have the DNSSEC plugin installed. This is where the changes are made to the zone files. These changes are synced over to Server 2 via cPanel's native clustering setup. Server 2 is where the signing of the zones takes place. Once the zones are signed, these changes are propagated to Server 3, Server 4 and Server 5 using our DNSSEC plugin. The main DNSSEC plugin is installed on Server 2. The tracker daemon is also installed on Server 2. The listener daemon is installed on Servers 3, 4 and 5. Once installed, these listener daemons listen for any changes which are pushed from Server 2 by the tracker daemon.

 

Scenario 2

 

 

 Scenario Description:

 Based on the diagram above, let us assume that Server 1 (number “1”), is the Web Server. This server runs the full version of cPanel/WHM (v.11.38 or later). The rest of the servers - server 2 (number “2”), server 3 (number “3”) an run DNS-only versions of cPanel or the full version of cPanel.


Server 1 need not have the DNSSEC plugin installed. This is where the changes are made to the zone files. These changes are synced over to Server 2 via cPanel's native clustering setup. Server 2 is where the signing of the zones takes place. Once the zones are signed, these changes are propagated to Server 3  using our DNSSEC plugin. The main DNSSEC plugin is installed on Server 2. The tracker daemon is also installed on Server 2. The listener daemon is installed on Server 3. Once installed, these listener daemons listen for any changes which are pushed from Server 2 by the tracker daemon.


Scenario 3

 

Scenario Description:

Based on the diagram above, let us assume that Server 1 (number “1”), is the Web Server. This server runs the full version of cPanel/WHM (v.11.38 or later). The rest of the servers - server 2 (number “2”), server 3 (number “3”) an run DNS-only versions of cPanel or the full version of cPanel.

Server 1 need not have the DNSSEC plugin installed. This is where the changes are made to the zone files. These changes are synced over to Server 2 and Server 3 at the same time via cPanel's native clustering setup. However, Server 2 is where the signing of the zones takes place (not on Server 3). The main DNSSEC plugin is installed on Server 2. The tracker daemon is also installed on Server 2. The listener daemon is installed on Server 3. Once installed, these listener daemons listen for any changes which are pushed from Server 2 by the tracker daemon.

 

Note: if changes are made in Server 3, these are propagated to Server 2 via cPanel's native clustering setup but initially these, will not be signed. These zones are eventually signed later when the cron for signing is run.

IMPORTANT: If your clustering set-up does not fall into one of the categories above, and if you have questions about where to install our DNSSEC components in your cluster, we would be happy to guide you with the installation. Please contact us at support@admin-ahead.com and include a similar schematic diagram of your cluster.

 



  • 210 Users Found This Useful
Was this answer helpful?

Related Articles

How to use DNSSEC Manager Cluster Edition (cPanel)

DNSSEC Manager Cluster Edition (cPanel) v2.1 Home consist of the following :* Listeners*...

Compatibilities and Dependencies

Supported OS : Centos/RHEL 7 and up Supported cPanel versions : WHM cPanel 70 and up

How to Install DNSSEC Manager Cluster Edition (cPanel)

Install DNSSEC Manager Cluster Edition (cPanel) plugin & Tracker daemon, and Listener daemon...