Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Addon domains and DNS record verification

Discussion in 'Bind/DNS/Nameserver' started by sparek-3, Jan 28, 2019.

  1. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,923
    Likes Received:
    177
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    In order to create addon domains and domain aliases in end-user cPanels, cPanel requires that the destination domain name already be using the server's nameservers (or nameservers that resolve to the server's nameservers IPs).

    I get this and I understand why it is in place. It is meant to verify that the cPanel user actually owns the domain name they are wanting to set up as an addon domain or domain alias. I actually like this aspect.

    But there exists some TLDs - mostly specific country code TLDs - that require a DNS zone to exist on a nameserver for the domain name before the domain name can be set to use those nameservers.

    This is essentially a catch-22 when it comes to creating addon domains and domain aliases for these TLDs. cPanel won't let the user create the addon domain/domain alias because the nameservers for the domain aren't pointing to the proper nameservers. And the TLD won't allow the user to set the nameservers because a DNS entry doesn't exist for the domain at that nameserver yet.

    My question is... what is the proper way to handle this? How are owners of these domain names suppose to verify account ownership of the domain name in these situations?

    This doesn't happen often, but I have had at least a handful of these situations over the past year or so and it's always puzzled me.
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,472
    Likes Received:
    505
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @sparek-3


    It sounds like (and please correct me if I misunderstood what you're asking) you just need to change some tweak settings.

    Specifically, the following two:

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,923
    Likes Received:
    177
    Trophy Points:
    343
    cPanel Access Level:
    Root Administrator
    Apologies for not being too clear.

    That's true, those configuration options would work. But it's generally accepted to leave those options enabled. I agree with the reasons for leaving them enabled.

    The issue pops up once in a blue moon, so I guess it's not entirely out of the realm to temporarily disable it and re-enable it once the client with this addon domain adds the domain. But doing this also completely circumvents the entire purpose of those configuration options, who's to say that the client isn't trying to take advantage of a lesser known, but specific to their needs, domain name hijacking?

    It just doesn't seem like an eloquent solution.

    Perhaps a TXT record verification process could be implemented. Say the user has one of these domain names that gets caught in this catch-22. The addon domain interface could create a token and a DNS TXT record instructing the user to create the TXT record and check back once it has been added to verify domain registration ownership.

    Or is the issue just not common enough to warrant spending any time on?

    Seeing as how this thread has not gotten any other responses... perhaps I'm operating as an army of one.
     
  4. ronaldst

    ronaldst Well-Known Member

    Joined:
    Feb 22, 2016
    Messages:
    84
    Likes Received:
    13
    Trophy Points:
    8
    Location:
    Norway
    cPanel Access Level:
    Root Administrator
    I've had a few of these occour as well.

    I decided to add the domains manually from WHM (with root privileges, obviously).

    At the time being I considered this to be the best option, and disabling the tweaks the least favourable one for obvious reasons.
     
  5. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,472
    Likes Received:
    505
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    You really don't unless you're aware of what the client is adding/doing which would be why there's no real automatic solution here besides utilizing the settings in place to suit your needs.

    The tweak settings can be enabled/disabled at will - so if you need to enable it to allow for a user to create a domain you can do so until the domain is added then disable it once more. This can even be done after the domain is added and still doesn't point to the server or isn't registered.


    If the issue is the necessity for a TXT or some other type of record the root WHM user has the ability to modify the DNS zone files, as well as add them for domains that don't exist on the server. In most cases, the cPanel user will have the capability to manage existing DNS zones as well in the Zone Editor unless it's not a part of the package applied to their account.


    I actually think it's a really good thing to have the server admin involved in the ability to add these, I'm not sure I would be on board with a solution that would just let folks automatically add these domains unless it was comprehensive.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice