CNAME with TXT files

[CosmoChris]

Can someone please tell me how to add both a CNAME record and a TXT record in WHM? This is ridiculous how am I supposed to utilise the benefits of SPF when the system I'm using is regressing me and limiting my capabilitiies? They don't even conflict.

I constantly get this error: Error: The DNS zone file is invalid. (CNAME and other data)

The default logic of nameserver records in WHM makes no sense either. I spent a while trying to figure out what I'd done wrong with my glue records in the parent zone, only to realise that cPanel had automatically generated nameservers to the nameservers on the server itself. Why would you possibly choose to do this?

All this is trying to lock people into a product, which you should be ashamed of to be honest. There's no logic behind it.

 

[cPRex]

Hey there! While I know technical issues can be complex and irritating, let's try and focus on the issue at hand. DNS configuration issues are not cPanel "trying to lock people into a product"

Can you let me know specifically what CNAME and TXT records you're trying to create so I can try and reproduce that conflict on my end? Just remove any public information (like domain names) and then I can do some additional testing.

 

[CosmoChris]

DNS configuration issues are not cPanel "trying to lock people into a product"

I admit on reflection I probably should have worded this better, however it is still unusual behaviour that I can't do this.

Anyway, so I setup the following records on my server:

hostname.example.com -> server host IP
ns1.example.com -> ns1 IP
ns2.example.com -> ns2 IP

I delegated the authority for all three of these initially to the server from my root zone, with: adding these to the registry, adding the glue records, and adding the NS records to delegate authority into the server zone as well. These records are:

NS - hostname | hostname.example.com
NS - ns1 | ns1.example.com
NS - ns2 | ns2.example.com

A - hostname.example.com | server host IP
A - ns1.example.com | ns1 IP
A - ns2.example.com | ns2 IP

I can verify that the DNS is succesfully delegated to these records on the server. I then started to go back to my own root name servers (both for these NS records and the SOA) when I found on the hostname.example.com (server), e.g. ns1.example.com was pointing two NS records to I think ns1 and ns2 and the same for all the others. SO this then became:

hostname.example.com
NS - ns1 | registryns1
NS ns2 | registryns2

I didn't get to go any further with the nameservers themselves as this was when I hit the CNAME issue.

Due to cPanel default logic I have the mail.hostname.example.com subdomain setup as a CNAME pointing to hostname.example.com, as regards to the txt, I just wanted to add an SPF record for the CNAME to prevent email spoofing - so I first of all tried adding an SPF with just the IP address, then a blank one. I also tried to remove the CNAME, add the TXT (which worked) and then re-add the CNAME, but this had exactly the same effect.

Hope this is clear enough. Thanks.

 

[cPRex]

Thanks so much - that's exactly the explanation I needed.

I've been talking about the extra NS zones that get created with the team a bit today, and it seems the only thing that triggers that creation at this point is the WHM >> Basic WebHost Manager Setup page when you click the "Configure Address Records" at the bottom of the screen. Personally, I just add the NS and A records into the main zone for domain.com to avoid any future confusion. We are exploring some options to make this page more intuitive, although I don't know specifically what the team has in mind or how that may look in the future.

For the default cPanel zone file, you should end up getting something like this (there could be more or less, depending on what options you have configured on your server, but these are the "core" entries):

$TTL 14400
dnstest.com.    86400   IN      SOA     ns1.domain.com.     emailcontact.domain.com.       (
                                                2023020702 ;Serial Number
                                                3600 ;refresh
                                                1800 ;retry
                                                1209600 ;expire
                                                86400   )
dnstest.com.    86400   IN      NS      ns1.domain.com.
dnstest.com.    86400   IN      NS      ns2.domain.com.
dnstest.com.    14400   IN      A       172.105.107.152
dnstest.com.    14400   IN      MX      0       dnstest.com.
www     14400   IN      CNAME   dnstest.com.
ftp     14400   IN      A       172.105.107.152
dnstest.com.    14400   IN      TXT     "v=spf1 +a +mx +ip4:1.2.3.4 ~all"
webmail 14400   IN      A       172.105.107.152

There wouldn't be an issue with mail.domain.com (or mail.hostname.domain.com, although I'm not totally sure why you'd need that) setup as a CNAME.

It sounds like your issue is setting up two records with the same data. Can you paste the *exact* data you're trying to include so I can review that? You likely wont' be able to use the code block feature as that's broken on the forums currently, but plain text is fine - just omit any public info for security.

 

[CosmoChris]

I've been talking about the extra NS zones that get created with the team a bit today, and it seems the only thing that triggers that creation at this point is the WHM >> Basic WebHost Manager Setup page when you click the "Configure Address Records" at the bottom of the screen

That's interesting actually as I thought that functionality handled the nameservers of just the cPanel accounts setup on the server. So if I was to disable or remove these, how would this affect new account creation?

There wouldn't be an issue with mail.domain.com (or mail.hostname.domain.com, although I'm not totally sure why you'd need that) setup as a CNAME.

Actually, originally I was just going to remove it entirely however I decided that for backwards compatibility with clients and in case I moved mail to a separate high performance mail server in future this would be more flexible. I suppose now you've mentioned it, I could technically have used an A record, but it's more limiting whereas if I have a CNAME I just need to update the record I'm pointing to as opposed to updating e.g. 10 different IP addresses in 10 different servers.

As for the record I'm trying to create, it's literally:

Name | TTL | Type | Record
mail.hostname.example.com. | 14400 | CNAME | hostname.example.com

This is also the current raw zone file as well (with the private bits removed). Note that the * record is actually a wildcard record, that isn't a character starred out. The rest are, though. Thanks.

; cPanel first:94.0.25 (update_time):1675800234 Cpanel::ZoneFile::VERSION:1.3 hostname:hostname.example.com latest:106.0.14
; Zone file for hostname.example.com
$TTL 14400
hostname.example.com. 30 IN SOA registrardns1.example. hostmaster.example.com. 2023020709 3600 1800 1209600 30





hostname.example.com. 30 IN NS registrardns1.example.
hostname.example.com. 14400 IN A ***.*.***.**
hostname.example.com. 14400 IN MX 0 hostname.example.com.
default._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=*******;"
**.***.*.***.in-addr.arpa 14400 IN PTR hostname.example.com.
hostname.example.com. 14400 IN TXT "v=spf1 ip4=***.*.***.*** -all"
hostname.example.com. 30 IN NS registrardns2.example.
***.***.*.***.in-addr.arpa 14400 IN PTR hostname.example.com.
* 14400 IN CNAME hostname.example.com.
mail 14400 IN TXT "v=spf1 include:hostname.example.com -all"

 

[cPRex]

So if I was to disable or remove these, how would this affect new account creation?

It wouldn't affect that at all. The newly-created DNS zones just wouldn't have the NS records included.

Thanks for confirming the CNAME issue. As you've seen, you can't create that additional record because it causes a conflict with an existing record. This isn't a cPanel issue, but is a core component of how DNS works - each entry has to be unique, and you're seeing the output of the "named-checkzone" command scanning the record for duplicates. If you tried to manually add this over SSH, you could confirm this behavior by running the following command:

named-checkzone domain.com /var/name/domain.com.db

and the error would come directly from the BIND/PDNS and not cPanel.