Skip to main content

[CPANEL-30161] 84.05 DNSSEC not shown in Zone Editor

Radeonpower
Thank you for opening a ticket, I've worked here and with tickets for quite a while and I've never seen anyone wait 14 days for a response from tech support. I am sorry if that's the experience you've had at any point in the past but I can assure you that it is not the standard. In this instance, I see that you received a response 10 minutes after you opened the ticket and the issue appears to have been resolved. The analyst noted the following: And he took the following steps to resolve the issue for you: Can you confirm that the issue is now resolved? Also for anyone else experiencing this issue, please let us know if this does not resolve the issue. Thanks!

Works for me now, except I dont see the DNSSEC option in the zone editor for a user/domain.

Comments

14 comments

Date Votes
  • Radeonpower
    Any idea why the dnssec option does not show in zone editor (see attachment).
    0
  • cPanelLauren
    This indicates one of the following:
    • The ability to manage DNSSEC has been disabled in the account's feature list.
      • If you have root access can be managed at WHM>>Packages>>Feature Manager>>Feature Lists
    • The nameserver being used on the server does not support DNSSEC (only PowerDNS supports this with cPanel at this time).
      • You can check this at WHM>>Service Configuration>>Nameserver Selection if you have access to WHM
    0
  • Radeonpower
    It's enabled in the Feature Manager and all DNS Only servers are running PowerDNS.
    0
  • cPanelLauren
    What is the web server running? There is a current case (CPANEL-30161) where if the webserver has nameservers set to disabled DNSSEC is also not available.
    0
  • Radeonpower
    The webserver dns server was set to "Disabled". I installed PowerDNS on it and now everything works. :) Thank you.
    0
  • cPanelLauren
    Hi @radeonpower I'm really glad that worked for you! I moved our responses on this subject to its own thread so that others looking for this issue can more easily find it and I can update here when the internal case is updated. Thanks!
    0
  • headsup
    This seems to indicate a solution for stand-alone cPanel server.
    Hi @radeonpower I moved our responses on this subject to its own thread so that others looking for this issue can more easily find it and I can update here when the internal case is updated. Thanks!

    Lauren, please where is the thread that we should follow as the "In Progress" status indicates cPanel team is working towards a solution as you mention?
    0
  • cPanelLauren
    This seems to indicate a solution for stand-alone cPanel server. Lauren, please where is the thread that we should follow as the "In Progress" status indicates cPanel team is working towards a solution as you mention?

    I'm sorry, that is a bit of a confusing response on my part, this is the thread that should be followed for updates to CPANEL-30161
    0
  • weelow
    I want DNSSEC without having to enable power dns on the hosting servers. I am using a write only setup where hosting servers are updating dnsonly servers directly. This is a good secured and efficient method of handling dns that i do not intend to change. DNSSEC should be enabled for dns disabled servers with clustering enabled for dnsonly powerdns servers. Please update us when this fix is released. Thanks
    0
  • cPanelLauren
    Hello @weelow We do not support DNSSEC on any other nameserver besides PowerDNS, this won't change when the issue being addressed in this thread is resolved either.
    0
  • JanH
    Hi,
    We do not support DNSSEC on any other nameserver besides PowerDNS, this won't change when the issue being addressed in this thread is resolved either.

    We would then have to install PowerDNS locally on each cPanel server even when all cPanel DNSOnly servers in the cluster are running PowerDNS? This is not so convenient for us that prefer to separate this and run all DNS services on dedicated DNS cluster with cPanel DNSOnly servers. Is there some technical reason for this not being possible?
    0
  • cPanelLauren
    Ultimately there were a few reasons but one of the biggest and most glaring ones is without PowerDNS's tools (pdns utils) you can't even make the keys required for DNSSEC so it HAS to be installed on all servers in the cluster including the nameservers. The move is away from bind as a standalone, as far as I am aware and pdns uses a bind backend, so my assumption is there won't be a heavy focus on implementing DNSSEC with bind. The only other option would be to have pdns installed all the time which isn't a very graceful solution.
    0
  • JanH
    OK, just to be sure I understand correctly. Our DNS cluster setup is 4 DNSOnly servers that all run pdns. The servers running the hosting accounts does not run any form of DNS services locally, and only rely on the use of the 4 dedicated DNS servers in the DNS cluster. To be able to make the keys for DNSSEC we would have to install pdns on the hosting servers as the keys cannot be made remotely via cluster like when adding any other DNS records. Can you confirm that I have understood correctly?
    0
  • cPanelLauren
    Hello, That's exactly it, it needs to be done on the WebServer, per the developer notes in the case (this is due to the way the keys are stored if I remember correctly) keep in mind that the DNS servers are only storing DNS zone info they are not capable of managing configuration.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post