DNS Zone Editing and Template Issues
I'm running into two issues while transferring cPanel accounts from old servers to new servers within a WHM DNS Cluster, and have not been able to find the answers I need from https://docs.cpanel.net/whm/ nor other related user posts here on the forum. I'm hoping someone can shed some light / insight on these please.
Issue #1 - when I transfer an account / domains / subdomains from old server to new, it's still keeping old SPF records from the old server. It fails to add the new IP address of the new server to the SPF record and does not update it. I am forced to manually edit the SPF record for each domain on each account to make it include the new server IP.
Is it truly not possible to change the entry / record for multiple accounts all at once, instead of having to do each one manually for over a thousand domains?
Issue #2 - I have the following Zone Templates in WHM, but some of the custom settings are not being applied:
standard:
; cPanel %cpversion%
; Zone file for %domain%
$TTL %ttl%
@ %nsttl% IN SOA %nameserver%. %rpemail%. (
%serial% ; serial, todays date+todays
14400 ; refresh, seconds
7200 ; retry, seconds
1209600 ; expire, seconds
86400 ) ; minimum, seconds
%domain%. %nsttl% IN NS %nameserver%.
%domain%. %nsttl% IN NS %nameserver2%.
%domain%. %nsttl% IN NS %nameserver3%.
%domain%. %nsttl% IN NS %nameserver4%.
%nameserverentry%. IN A %nameservera%
%nameserverentry2%. IN A %nameservera2%
%nameserverentry3%. IN A %nameservera3%
%nameserverentry4%. IN A %nameservera4%
%domain%. IN A %ip%
localhost.%domain%. IN A 127.0.0.1
%domain%. IN MX 0 %domain%.
mail IN CNAME %domain%.
smtp IN CNAME %domain%.
www IN CNAME %domain%.
ftp IN CNAME %domain%.
%domain%. IN TXT "v=spf1 +mx +a +ip4:%ip% +include:_spf.google.com ~all"
_dmarc.%domain%. IN TXT "v=DMARC1;p=none;sp=none;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400"
standardvirtualftp:
; cPanel %cpversion%
; Zone file for %domain%
$TTL %ttl%
@ %nsttl% IN SOA %nameserver%. %rpemail%. (
%serial% ; serial, todays date+todays
14400 ; refresh, seconds
7200 ; retry, seconds
1209600 ; expire, seconds
86400 ) ; minimum, seconds
%domain%. %nsttl% IN NS %nameserver%.
%domain%. %nsttl% IN NS %nameserver2%.
%domain%. %nsttl% IN NS %nameserver3%.
%domain%. %nsttl% IN NS %nameserver4%.
%nameserverentry%. IN A %nameservera%
%nameserverentry2%. IN A %nameservera2%
%nameserverentry3%. IN A %nameservera3%
%nameserverentry4%. IN A %nameservera4%
%domain%. IN A %ip%
localhost.%domain%. IN A 127.0.0.1
%domain%. IN MX 0 %domain%.
mail IN CNAME %domain%.
smtp IN CNAME %domain%.
www IN CNAME %domain%.
ftp IN A %ftpip%
%domain%. IN TXT "v=spf1 +mx +a +ip4:%ip% +include:_spf.google.com ~all"
_dmarc.%domain%. IN TXT "v=DMARC1;p=none;sp=none;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400"
When I transfer a domain from old server to new server, it ignores those last couple of lines and does not add the _spf.google.com include nor the DMARC entry.
But when I create a brand new fresh account, the DNS Zone Templates are honored and it adds the _spf.google.com include as well as the DMARC entry creation.
The few forum threads I've managed to find in this haystack seem to suggest some solutions, but after the forum changeover to ZenDesk most of the important info & links do not display from the older posts.
Many thanks for any insight and assist!
-
Hey hey! Are you moving from a version 110 system?
0 -
Yes.
Moving from:
OS
CloudLinux v6.10.0 STANDARD standard
cPanel Version
110.0.34To:
OS
CloudLinux v8.10.0 STANDARD standard
cPanel Version
120.0.100 -
Alright, I just wanted to confirm that, although the case I was thinking of (which ended up not being related at all) was fixed in 120.0.6.
For the first issue, I don't have a way around that. The Transfer Tool adds the additional IP address to the SPF record in case there is a situation where email could be sent from the old server and the new, such as with the traffic proxy that Live Transfer creates.
For issue #2, did the domain have an existing DMARC record on the old server before the transfer?
0 -
Revisiting issue #1 - I just did an account transfer and this time it didn't update the SPF record at all. It simply left the old server's IP in the SPF, and did not add _spf.google.com nor the DMARC record as it supposed to in regard to the zone templates on the new servers.
Issue #2 response - No, the domain did not have a DMARC record before transferring.
0 -
Here is what I've managed to discern so far:
- When I add a brand new fresh account to the server, the Zone Templates are honored and it adds exactly what the templates are set to do - adds an SPF with the server IP, _spf.google.com include, and DMARC.
- When I transfer a domain from old server to new server, the Zone Templates are completely ignored, and it does not add the new server IP nor the _spf.google.com include, nor the DMARC.
The only reason I thought the new server IP was being added to SPF during transfers is because I was going right into "Customize SPF" after each transfer to make sure to add important things missing, and apparently that triggers the server to add the new IP to the SPF.
I'll edit my original post to reflect this discovery.
0 -
I've been doing some testing with this on my end, and here's what I've got.
Zone Templates
This seems normal and expected to me. If I'm *transferring* an account, I wouldn't expect drastic changes to the zone file to happen, so the Transfer Tool (or restore process, or however you want to look at that) doesn't read the zone template at all.
Does that help?
0
Please sign in to leave a comment.
Comments
6 comments