AutoSSL *should* be cleaning up the DNS files. I may be misremembering, but I feel like there was a period when that didn't happen, causing the older comodoca ones to linger longer than they should have.
....
Are you both running cPanel version 106 and still seeing the older entries in the zones?
Sorry, my memory was flawed... In checking back, I DID remove the comodoca records, and since then there are no new ones in WHM. So I *think* that has stopped happening. (v106)
--what follows is a little off-topic, but it's related and I add it here for any quick response you might have--
The two I records I mentioned above are odd... they ARE in the named/*.db file (on just one server in the DNS cluster (the others are fine), but they don't show in WHM DNS Zone Manager. They are both for subdomains that no longer exist (and I assume that's why WHM ignores them?). Am I correct that I can remove them from the one .db file, and don't have to advance the date, nor resync the cluster?
Also, two other things:
1- I found a CAA record for one domain on the same server. It's for the account's main domain.
Flags: 0
Tag: issue
Value: comodoca.com
I question it since no other .db file on any server contain such a record. Why is it only in one place? Should it be removed?
2- I found a TXT record in some accounts that I wonder about:
_cpanel-dcv-test-record.example.com. 300 TXT _cpanel-dcv-test-record=X8CyKI1eQ5EeUzeegSUNr...
It's in about 1/2 of the accounts in all servers in the DNS cluster. It soesn't seem to be only new or old accounts. Any thoughts on this one?
I suspect the one server is sometimes not syncing for some reason, and sometimes one or more servers in the cluster report "Could not communicate with remote API server." temporarily for one or both the DNS servers. AFAIK or can tell they are all configured correctly, and DNSing is fine. I'm going to go back through them and douvble check everything.