Hi, This discussion is going on with cPanel since 2010. If someone at cPanel reads this: please refer to ticket 805674, opened August 3, 2010. In that ticket, it was confirmed by cPanel this is a bug that was supposed to be fixed in 11.28. At this time, it is still not fixed, and now cPanel says it won't fix it, as it is "expected behaviour". I strongly disagree, and hope that through the forums, we can get some support to get this ball rolling again. Let's move on and let me describe our setup. All our servers are put in a cluster for DNS publishing. We have resellers that also lease dedicated servers; for DNS redundancy, they like to be plugged into our DNS cluster so they can make use of it. So, consider the following setup. 1. We add a reseller on SERVER A. 2. We add server B to the cluster using the reseller access key on server A. This means that when server B communicates with server A, from server A's point of view, this is the reseller user (and NOT root). 3. When you log in on server B, go to edit or delete DNS zones, we expect only DNS zones that the user known to the cluster (being the reseller) has access to should be shown. Unfortunately, the server has access to ALL DNS zones in the cluster. Without any doubt, this is a bug, as confirmed by cPanel in the above mentionned ticket, and for which a fix was introduced in 11.28. Much to our surprise, the fix was undone, and when we spoke to cPanel again after that, they now claim that it is "normal behaviour". How can it be normal that a user that is authenticated using a reseller key, has access to ALL the DNS zones, even when it's not owned by the reseller. Our issue is that we can not rollback, and we currently have a dedicated server customer that has access to ALL the DNS zones. Luckily, we have a good relation with him, and this is more like a friend to us, so we can rely on him not to alter any of these DNS zones, but this is obviously not how I believe this should work. I'm very disappointed in cPanel because they confirm they'll fix it, they actually fix it, some change made the fix undone, and they are now refusing to look into re-fixing this issue, so we can move on. We've been discussing this in lengthy tickets for over 2 years now, and I hate to make things like this public as it only increases the potential security risk, but we REALLY REALLY REALLY need this fixed again. I'm sure other people on this forum will have a similar setup: if you sell dedicated servers, you want the customer to have root on his server, and you want the ability for him to plugin to our redundant set of nameservers so he doesn't need to add a redundant array of servers himself. I very much hope some people on this forum will support this thread, and we can get the ball rolling again on this topic. thank you very much! David.