Using DNSSEC on DNSOnly Servers

Timmy.S

• February 21, 2025 19:15

Hello,

We are looking to configure DNSSEC for a domain but the option is not present under the Zone Editor in the cPanel Account.

The DNSOnly servers are running PowerDNS and the cPanel Server where the hosting account exist has DNS disabled.

I have reviewed https://docs.cpanel.net/knowledge-base/dns/dnssec/ and it says that DNSSEC is supported in DNS Clusters but does not include this specific setup.

If PowerDNS is running on DNSOnly servers can DNSSEC be used on the servers that host the sites?

• 

  cPRex Jurassic Moderator

  • February 22, 2025 03:29

  Hey there!  Yes - the local DNS service has to be running in order for PowerDNS to work properly.  If you disable PowerDNS in WHM >> Service Manager you'll get this warning:

  "Warning: If the service for PowerDNS is disabled, this server will no longer be able to create new or manage existing DNSSEC records in a DNS cluster."

  so if you enable the local DNS service you should see the DNSSEC icon appear in the cPanel >> Zone Editor.

  0
• 

  Timmy.S

  • February 25, 2025 16:06

  Thank you for the reply, sorry for the delay.

  When enabling PowerDNS on the hosting server, does this server now have to be joined to the DNS cluster to get these feature or does the DNS Cluster continue to work normally and still host the DNS settings on DNS only Servers?

  0
• 

  cPRex Jurassic Moderator

  • February 25, 2025 16:25

  You wouldn't need to change anything in the cluster when you enable or disable that option.  The only difference is that you'll have the local service running so it can handle the DNSSEC records, but it just won't be used for DNS services since nothing points there.

  0
• 

  Timmy.S

  • February 26, 2025 16:09

  Thank you for the information.

  0

Please sign in to leave a comment.