Express transfers to linked mailnode breaks DNS zone

[did-vmonroig]

We're currently migrating accounts from one obsolete server with cPanel v86 to two brand new with cPanel v98. The new servers are a standard role linked to a secondary with mail only role. They are all in a DNS Cluster and we've changed TTL to 1200 before starting transfers.

Transfers are going pretty well except for DNS zone that mixes IPs from mailnode as domain A record and resets TTL to 14400, so we've to correct all of them by hand, introducing downtime and unwanted additional hours in process. Doing express or "normal" transfers is not a difference. Problem seems related to DNS templates, but I don't know how to correct them.

Any thoughts?

Thanks in advance.

 

[cPRex]

Hey there! We usually advise that customers remove the server from the cluster before any transfers happen, as it can cause confusion in the cluster. If two servers were migrated in a cluster, you could end up with a scenario where two different DNS zones exist for the same domain.

I don't believe the mailnode portion would be related to what you're seeing. If you temporarily remove that server from the cluster, do things work normally then?

 

[did-vmonroig]

Hello, @cPRex! Thanks for your help, but after removing new servers from the DNS cluster and deleting already transferred zones prior to transfer, problem still shows. I'll post an example of how DNS zones resulted:

Original:

; cPanel first:11.42.1.20 (update_time):1629365890 Cpanel::ZoneFile::VERSION:1.3 hostname:kalel.hoster.tld latest:86.0.40
; Zone file for client.es
$TTL 14400
client.es.      1200    IN      SOA     ns3.hoster.tld. hoster.gmail.com.       (
                                                2021081900 ;Serial Number
                                                4800 ;refresh
                                                3600 ;retry
                                                1209600 ;expire
                                                7200 ;minimum
        )
client.es.      1200    IN      NS      ns3.hoster.tld.
client.es.      1200    IN      NS      ns1.hoster.tld.
client.es.      1200    IN      A       %OLD_IP%
localhost       1200    IN      A       127.0.0.1
client.es.      1200    IN      MX      10      client-es.mail.protection.outlook.com.
www     1200    IN      CNAME   client.es.
ftp     1200    IN      A       %OLD_IP%
cpanel  1200    IN      A       %OLD_IP%
webdisk 1200    IN      A       %OLD_IP%
whm     1200    IN      A       %OLD_IP%
webmail 1200    IN      A       %OLD_IP%
client.es.      1200    IN      TXT     "v=spf1 +a +mx +ip4:%OLD_IP% +include:outlook.com ~all"
client.es.      1200    IN      TXT     ms=msXXXXXXXX
cpcalendars     1200    IN      A       %OLD_IP%
cpcontacts      1200    IN      A       %OLD_IP%
default._domainkey      1200    IN      TXT     "v=DKIM1; k=rsa; p=BLAHBLAHBLAH;
_cpanel-dcv-test-record 1200    IN      TXT     _cpanel-dcv-test-record=BLAHBLAHBLAH
_acme-challenge.mail    1200    IN      TXT     BLAHBLAHBLAH
client.es.      1200    IN      TXT     google-site-verification=BLAHBLAHBLAH

After express transfer in original server (authoritative):

; cPanel first:11.42.1.20 (update_time):1629373888 Cpanel::ZoneFile::VERSION:1.3 hostname:kalel.hoster.tld latest:86.0.40
; Zone file for client.es
$TTL 14400
client.es.      1200    IN      SOA     ns3.hoster.tld. hoster.gmail.com.       (
                                                2021081902 ;Serial Number
                                                4800 ;refresh
                                                3600 ;retry
                                                1209600 ;expire
                                                7200 ;minimum
        )
client.es.      1200    IN      A       %NEW_WEB_IP%
client.es.      1200    IN      NS      ns5.hoster.tld.
client.es.      1200    IN      NS      ns3.hoster.tld.
localhost       1200    IN      A       127.0.0.1
client.es.      1200    IN      MX      10      client-es.mail.protection.outlook.com.
www     1200    IN      CNAME   client.es.
ftp     1200    IN      A       %NEW_WEB_IP%
cpanel  1200    IN      A       %NEW_WEB_IP%
webdisk 1200    IN      A       %NEW_WEB_IP%
whm     1200    IN      A       %NEW_WEB_IP%
webmail 1200    IN      A       %NEW_WEB_IP%
client.es.      1200    IN      TXT     "v=spf1 +a +mx +ip4:%OLD_IP% +ip4:%NEW_WEB_IP% +include:outlook.com ~all"
client.es.      1200    IN      TXT     ms=msXXXXXXXX
cpcalendars     1200    IN      A       %NEW_WEB_IP%
cpcontacts      1200    IN      A       %NEW_WEB_IP%
default._domainkey      1200    IN      TXT     "v=DKIM1; k=rsa; p=BLAHBLAHBLAH;
_cpanel-dcv-test-record 1200    IN      TXT     _cpanel-dcv-test-record=BLAHBLAHBLAH
_acme-challenge.mail    1200    IN      TXT     BLAHBLAHBLAH
client.es.      1200    IN      TXT     google-site-verification=BLAHBLAHBLAH

After express transfer in destination server:

; cPanel first:98.0.5 (update_time):1629373902 Cpanel::ZoneFile::VERSION:1.3 hostname:kendall.hoster.tld latest:98.0.5
; Zone file for client.es
$TTL 14400
client.es.      86400   IN      SOA     ns3.hoster.tld. hoster.gmail.com.       (
                                                2021081904 ;Serial Number
                                                3600 ;refresh
                                                1800 ;retry
                                                1209600 ;expire
                                                86400   )

client.es.      86400   IN      NS      ns3.hoster.tld.
client.es.      86400   IN      NS      ns5.hoster.tld.


client.es.      14400   IN      A       %NEW_MAIL_IP%

client.es.      14400   IN      MX      10      mailserver.hoster.tld.

mail               14400   IN      CNAME   mailserver.hoster.tld.
www             14400   IN      CNAME   client.es.
ftp             14400   IN      A       %NEW_MAIL_IP%
default._domainkey      14400   IN      TXT     "v=DKIM1; k=rsa; p=BLAHBLAHBLAH;
client.es.      14400   IN      TXT     "v=spf1 +a +mx +ip4:%NEW_MAIL_IP% ~all"
whm             14400   IN      A       %NEW_MAIL_IP%
webmail         14400   IN      A       %NEW_MAIL_IP%
cpcalendars     14400   IN      A       %NEW_MAIL_IP%
cpanel          14400   IN      A       %NEW_MAIL_IP%
cpcontacts      14400   IN      A       %NEW_MAIL_IP%

Result in original server is correct this time but I'm afraid that when we change authoritative server to the new one we're going to get into problems. TTL, MX, Google verifications, nothing is respected. Even IP is not correct, as A is pointing to mail server, instead that to web server.

Also, this is a simpler case, as there is no different IP for mail server involved. I'll try to post one in which %OLD_IP% has to become %NEW_WEB_IP% for A record and %NEW_MAIL_IP% for mail record.

Maybe this could be related to DNS templates. At first, we made a transfer of system config and templates are equal in all servers. May I know how are original DNS templates in fresh installed WHM?

 

[cPRex]

Thanks for the detailed reply. I believe that is how the DNS is designed to work, as custom records don't get moved over. We do mention this in our migration documentation here:

How to Move All cPanel Accounts from One Server to Another | cPanel & WHM Documentation

This tutorial explains how to migrate your cPanel accounts, SSL certificates, and main server IP address from one server to another. Typically, you would do this when you need to replace your server.

docs.cpanel.net

The DNS templates can be adjusted in WHM >> Edit Zone Templates, and you'll likely want to edit the "standard" and "standardvirtualftp" templates as those are the ones that primarily get used.

 

[did-vmonroig]

I could live with this, as being very careful when restoring DNS cluster and being old server zones transferred to new and not to the other side, should be correct.

The problem is that DNS zone in authoritative server does not get correct IP for mail.client.tld, using web IP instead. There is a linked maild node and I don't know if you have experience in this scenario, but this could be a bug in transfer.

This is an example of how zones result when MX has to change from local to new server with linked node:

Original:

; cPanel first:11.38.2.2 (update_time):1629377306 Cpanel::ZoneFile::VERSION:1.3 hostname:oldserver.hoster.tld latest:86.0.40
$TTL 14400
client.es.            1200    IN      SOA     ns3.hoster.tld. hoster.gmail.com.       (
                                                2021081900 ;Serial Number
                                                10800 ;refresh
                                                3600 ;retry
                                                604800 ;expire
                                                10800 ;minimum
        )
www             1200    IN      CNAME   client.es.
client.es.            1200    IN      MX      10      mail.client.es.
ftp             1200    IN      CNAME   client.es.
smtp            1200    IN      CNAME   mail.client.es.
mail            1200    IN      A       %OLD_IP%
pop3            1200    IN      CNAME   mail.client.es.
webmail         1200    IN      CNAME   mail.client.es.
ns              1200    IN      A       %OLD_IP%
client.es.            1200    IN      A       %OLD_IP%
client.es.            1200    IN      TXT     "v=spf1 +a +mx +ip4:%OLD_IP% -all"
client.es.            1200    IN      NS      ns1.hoster.tld.
client.es.            1200    IN      NS      ns3.hoster.tld.
imap            1200    IN      CNAME   mail.client.es.
webdisk         1200    IN      A       %OLD_IP%
whm             1200    IN      A       %OLD_IP%
cpanel          1200    IN      A       %OLD_IP%
cpcalendars         1200    IN      A       %OLD_IP%
cpcontacts          1200    IN      A       %OLD_IP%
default._domainkey      1200    IN      TXT     "v=DKIM1; k=rsa; p=BLAHBLAHBLAH

Result in original server:

; cPanel first:11.38.2.2 (update_time):1629379401 Cpanel::ZoneFile::VERSION:1.3 hostname:oldserver.hoster.tld latest:86.0.40
$TTL 14400
client.es.            1200    IN      SOA     ns3.hoster.tld. hoster.gmail.com.       (
                                                2021081902 ;Serial Number
                                                10800 ;refresh
                                                3600 ;retry
                                                604800 ;expire
                                                10800 ;minimum
        )
www             1200    IN      CNAME   client.es.
client.es.            1200    IN      MX      10      mail.client.es.
ftp             1200    IN      CNAME   client.es.
smtp            1200    IN      CNAME   mail.client.es.
mail            1200    IN      A       %NEW_WEB_IP%
pop3            1200    IN      CNAME   mail.client.es.
webmail         1200    IN      CNAME   mail.client.es.
ns              1200    IN      A       %NEW_WEB_IP%
client.es.            1200    IN      A       %NEW_WEB_IP%
client.es.            1200    IN      TXT     "v=spf1 +a +mx +ip4:%OLD_IP% +ip4:%NEW_WEB_IP% -all"
client.es.            1200    IN      NS      ns5.hoster.tld.
client.es.            1200    IN      NS      ns3.hoster.tld.
imap            1200    IN      CNAME   mail.client.es.
webdisk         1200    IN      A       %NEW_WEB_IP%
whm             1200    IN      A       %NEW_WEB_IP%
cpanel          1200    IN      A       %NEW_WEB_IP%
cpcalendars         1200    IN      A       %NEW_WEB_IP%
cpcontacts          1200    IN      A       %NEW_WEB_IP%
default._domainkey      1200    IN      TXT     "v=DKIM1; k=rsa; p=BLAHBLAHBLAH

Result in new server (should be discarded when DNS cluster is restored):

; cPanel first:98.0.5 (update_time):1629379413 Cpanel::ZoneFile::VERSION:1.3 hostname:kendall.hoster.tld latest:98.0.5
; Zone file for client.es
$TTL 14400
client.es.            86400   IN      SOA     ns3.hoster.tld. hoster.gmail.com.       (
                                                2021081903 ;Serial Number
                                                3600 ;refresh
                                                1800 ;retry
                                                1209600 ;expire
                                                86400   )

client.es.            86400   IN      NS      ns3.hoster.tld.
client.es.            86400   IN      NS      ns5.hoster.tld.


client.es.            14400   IN      A       %NEW_MAIL_IP%

client.es.            14400   IN      MX      0       client.es.

mail            14400   IN      CNAME   client.es.
www             14400   IN      CNAME   client.es.
ftp             14400   IN      A       %NEW_MAIL_IP%
default._domainkey      14400   IN      TXT     "v=DKIM1; k=rsa; p=BLAHBLAHBLAH
client.es.            14400   IN      TXT     "v=spf1 +a +mx +ip4:%NEW_MAIL_IP% ~all"
whm             14400   IN      A       %NEW_MAIL_IP%
cpcontacts          14400   IN      A       %NEW_MAIL_IP%
cpanel          14400   IN      A       %NEW_MAIL_IP%
webmail         14400   IN      A       %NEW_MAIL_IP%
cpcalendars         14400   IN      A       %NEW_MAIL_IP%

I expected %NEW_MAIL_IP% in SPF, mail, cpcontacts and cpcalendars records, instead of %NEW_WEB_IP%. Could you confirm if this is how transfers are working or there is something bad in my destination server?

Thanks again for your support.

 

[cPRex]

Let me do some testing and I'll let you know what I find!

 

[cPRex]

With the current implementation, your experience is working as intended. The transfer doesn't have any knowledge of the mail node or account distribution, so the account will need to be re-distributed after the migration is complete. To clarify, the transfer process can not auto-distribute the account as part of the migration. Is that what you were expecting to happen?

We mention this in our support article here, and although it isn't exactly your situation, it does explain that the account needs to be re-distributed after the migration:

How to transfer accounts linked to a mail node (mail profile) server

Introduction Linking two cPanel servers is production-ready and no longer experimental since cPanel version 94. This feature lets you offload mail functionality from your primary cPanel & WHM s...

support.cpanel.net

Is that what you're looking to find out?

 

[did-vmonroig]

I think this article covers transferring an already distributed account, but we're doing opposite: transferring from single server to a new pair, one standard with linked node mail.

WHM already has an option to transfer directly to linked node (attached screenshot), but I think that should be improved to set DNS zone correctly.

I'm going to try transferring to local server only and then distributing, but as DNS cluster is disabled, I don't think this could make any better in new DNS zone calculation, at least in still authoritative, old server.

 

[did-vmonroig]

As I thought, I see no changes in DNS zone when transferring to local server and later distributing to linked mail node.

But one thing I don't understand is that when distributing as second step, DNS zone in new server also does not change. I still think there is something weird with my DNS templates that make process fail.

I've this line in my template:

mail IN CNAME %maildomain%.

Please, can you confirm if this line is included in templates shipped on new WHM installations?

 

[cPRex]

That's correct - that's the same line I see on a default cPanel & WHM installation.

Are you saying you've chosen that option in the Transfer Tool and it still is not formatting the DNS properly?

 

[did-vmonroig]

Are you saying you've chosen that option in the Transfer Tool and it still is not formatting the DNS properly?

Doesn't made a difference. In both cases IP was the standard, main node in original server. And in the new server, IP was the linked mail node for everything, including domain.tld A record.

 

[cPRex]

Ah - so that's something I didn't test. Let me check that again on my end.

 

[cPRex]

I did the following on my end:

-created ServerA with some accounts
-created ServerB as the destination
-linked ServerB to a separate mail node
-migrated an account to ServerB from ServerA, making sure to click the mail linked node option in the Transfer Tool

I then checked the DNS zone of the domain on ServerB and confirmed the mail.domain.com record was pointed to my mailserver's hostname, but the webmail record was pointed to the IP address of the destination server, which would break webmail logins.

I've created case CPANEL-38231 with our developers to look into this, and you can follow along with this case here:

cPanel

support.cpanel.net

Let me know if that covers what you're seeing - if not, I can always tweak some things or make a separate case.

 

[did-vmonroig]

Right, that's the main problem. Thank you very much.

While your developers review it, may I see the final DNS zone you got and template used? I still have doubts that everything is correct with my DNS zone templates and this is introducing more problems in my end.

 

[cPRex]

Sure thing! Here are the templates from my test machine:

standard:

; cPanel %cpversion%
; Zone file for %domain%
$TTL %ttl%
@      %nsttl%    IN      SOA     %nameserver%. %rpemail%. (
        %serial%    ; serial, todays date+todays
        3600        ; refresh, seconds
        1800        ; retry, seconds
        1209600        ; expire, seconds
        86400 )        ; minimum, seconds

%domain%. %nsttl% IN NS %nameserver%.
%domain%. %nsttl% IN NS %nameserver2%.
%domain%. %nsttl% IN NS %nameserver3%.
%domain%. %nsttl% IN NS %nameserver4%.

%nameserverentry%. IN A %nameservera%
%nameserverentry2%. IN A %nameservera2%
%nameserverentry3%. IN A %nameservera3%
%nameserverentry4%. IN A %nameservera4%

%domain%. IN A %ip%
%domain%. IN AAAA %ipv6%
ipv6 IN AAAA %ipv6%

%domain%. IN MX 0 %domain%.

mail IN CNAME %maildomain%.
www IN CNAME %domain%.
ftp IN CNAME %domain%.

standardvirtualftp

; cPanel %cpversion%
; Zone file for %domain%
$TTL %ttl%
@      %nsttl%    IN      SOA     %nameserver%. %rpemail%. (
        %serial%    ; serial, todays date+todays
        3600        ; refresh, seconds
        1800        ; retry, seconds
        1209600        ; expire, seconds
        86400 )        ; minimum, seconds

%domain%. %nsttl% IN NS %nameserver%.
%domain%. %nsttl% IN NS %nameserver2%.
%domain%. %nsttl% IN NS %nameserver3%.
%domain%. %nsttl% IN NS %nameserver4%.

%nameserverentry%. IN A %nameservera%
%nameserverentry2%. IN A %nameservera2%
%nameserverentry3%. IN A %nameservera3%
%nameserverentry4%. IN A %nameservera4%

%domain%. IN A %ip%
%domain%. IN AAAA %ipv6%

%domain%. IN MX 0 %domain%.

mail IN CNAME %maildomain%.
www IN CNAME %domain%.
ftp IN A %ftpip%
ftp IN AAAA %ipv6%

Here's what my zone file looked like after the transfer on the Destination machine:

cptest.com.     86400   IN      SOA     ns1.cprapid.com.        root.10-2-68-59.cprapid.com.    (
                                                2021081904 ;Serial Number
                                                3600 ;refresh
                                                1800 ;retry
                                                1209600 ;expire
                                                86400   )

cptest.com.     86400   IN      NS      ns1.cprapid.com.
cptest.com.     86400   IN      NS      ns2.cprapid.com.

cptest.com.     14400   IN      A       10.2.68.59

cptest.com.     14400   IN      MX      0       host.mailnodeserver.com.

mail    14400   IN      CNAME   host.mailnodeserver.com.
www     14400   IN      CNAME   cptest.com.
ftp     14400   IN      A       10.2.68.59
whm     14400   IN      A       10.2.68.59
webdisk 14400   IN      A       10.2.68.59
cpcalendars     14400   IN      A       10.2.68.59
webmail 14400   IN      A       10.2.68.59
cpanel  14400   IN      A       10.2.68.59
cpcontacts      14400   IN      A       10.2.68.59