Zone Transfers from cPanel/WHM to Hetzner Nameservers
Summary: Domains added in cPanel/WHM with correct NS records (using Hetzner nameservers) are not resolving properly, despite correct configurations in PowerDNS with BIND backend. Zone transfers fail without clear errors.
I'm experiencing an issue with zone transfers from my cPanel/WHM server to Hetzner's nameservers. I've configured my server to use PowerDNS with the BIND backend, and everything appears to be correctly set up. However, zone transfers to Hetzner's nameservers are consistently failing.
cPanel/WHM automatically installed on Hetzner's dedicated root server, on sub-domain: server.mydomain.com, using default Hetzner's Nameservers
Details:
- cPanel/WHM Version: 122.0.5
- OS: CloudLinux v9.4.0
-
PowerDNS Configuration: Using BIND backend with
allow-transfer
set correctly in both/etc/pdns/pdns.conf
and/etc/named.conf
. -
Hetzner Nameservers for cPanel/WHM and User Domains:
-
213.239.242.238
(ns1.first-ns.de) -
213.133.100.103
(robotns2.second-ns.de) -
193.47.99.3
(robotns3.second-ns.com)
-
-
Default Hetzner Nameservers for Server Domain (e.g., server.mydomain.com):
-
88.198.229.192
(oxygen.ns.hetzner.com) -
213.133.100.98
(helium.ns.hetzner.de) -
193.47.99.5
(hydrogen.ns.hetzner.com)
-
- Firewall: TCP port 53 is open and accepting connections from the above IPs.
-
Zone File: The zone files pass syntax checks using
named-checkzone
.
What I Have Tried:
- Verified that
allow-transfer
is correctly set for the Hetzner nameserver IPs in bothpdns.conf
andnamed.conf
. - Confirmed that TCP port 53 is open and accessible.
- Enabled detailed logging in PowerDNS; however, the logs do not provide clear indications of why the transfer is failing.
- Attempted the zone transfer locally on the cPanel/WHM server, which works fine.
- Checked for any SELinux/AppArmor restrictions.
Issue:
- When attempting a zone transfer from Hetzner’s nameservers using
dig @213.133.100.103 axfr myuserdomain.com
, I consistently receive a "Transfer failed" message. - No specific errors are logged on the cPanel/WHM server during the remote transfer attempts.
Could this be a misconfiguration within cPanel/WHM, or is there something else I might be missing? Any guidance on how to successfully configure zone transfers to Hetzner’s nameservers would be greatly appreciated.
Note: I did follow this
Also attached is the firewall config image.
Thank you!
-
Hey there! This would likely be a better question for Hetzner, as cPanel doesn't have any control over the DNS system or that transfer function. We'd only be able to help with local DNS issues.
0
Please sign in to leave a comment.
Comments
1 comment