In Progress [CPANEL-30161] 84.05 DNSSEC not shown in Zone Editor

radeonpower

Well-Known Member
Jul 23, 2009
141
4
68
Iceland
cPanel Access Level
Root Administrator
Thank you for opening a ticket, I've worked here and with tickets for quite a while and I've never seen anyone wait 14 days for a response from tech support. I am sorry if that's the experience you've had at any point in the past but I can assure you that it is not the standard. In this instance, I see that you received a response 10 minutes after you opened the ticket and the issue appears to have been resolved. The analyst noted the following:





And he took the following steps to resolve the issue for you:



Can you confirm that the issue is now resolved? Also for anyone else experiencing this issue, please let us know if this does not resolve the issue.


Thanks!
Works for me now, except I dont see the DNSSEC option in the zone editor for a user/domain.
 
Last edited:
  • Like
Reactions: cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
This indicates one of the following:


  • The ability to manage DNSSEC has been disabled in the account's feature list.
    • If you have root access can be managed at WHM>>Packages>>Feature Manager>>Feature Lists
  • The nameserver being used on the server does not support DNSSEC (only PowerDNS supports this with cPanel at this time).
    • You can check this at WHM>>Service Configuration>>Nameserver Selection if you have access to WHM
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hi @radeonpower

I'm really glad that worked for you! I moved our responses on this subject to its own thread so that others looking for this issue can more easily find it and I can update here when the internal case is updated.

Thanks!
 
  • Like
Reactions: radeonpower

MajorLancelot

Well-Known Member
Dec 17, 2014
58
5
133
Shinjuku-ku, Tokyo, Japan
cPanel Access Level
Root Administrator
This seems to indicate a solution for stand-alone cPanel server.

Hi @radeonpower

I moved our responses on this subject to its own thread so that others looking for this issue can more easily find it and I can update here when the internal case is updated.

Thanks!
Lauren, please where is the thread that we should follow as the "In Progress" status indicates cPanel team is working towards a solution as you mention?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
This seems to indicate a solution for stand-alone cPanel server.



Lauren, please where is the thread that we should follow as the "In Progress" status indicates cPanel team is working towards a solution as you mention?
I'm sorry, that is a bit of a confusing response on my part, this is the thread that should be followed for updates to CPANEL-30161
 

weelow

Registered
Aug 17, 2019
2
1
3
Cairo, Egypt
cPanel Access Level
Root Administrator
I want DNSSEC without having to enable power dns on the hosting servers. I am using a write only setup where hosting servers are updating dnsonly servers directly. This is a good secured and efficient method of handling dns that i do not intend to change. DNSSEC should be enabled for dns disabled servers with clustering enabled for dnsonly powerdns servers.

Please update us when this fix is released. Thanks
 
  • Like
Reactions: AzeDK

JanH

Member
Dec 17, 2009
7
0
51
Hi,

We do not support DNSSEC on any other nameserver besides PowerDNS, this won't change when the issue being addressed in this thread is resolved either.

We would then have to install PowerDNS locally on each cPanel server even when all cPanel DNSOnly servers in the cluster are running PowerDNS?
This is not so convenient for us that prefer to separate this and run all DNS services on dedicated DNS cluster with cPanel DNSOnly servers.
Is there some technical reason for this not being possible?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Ultimately there were a few reasons but one of the biggest and most glaring ones is without PowerDNS's tools (pdns utils) you can't even make the keys required for DNSSEC so it HAS to be installed on all servers in the cluster including the nameservers.

The move is away from bind as a standalone, as far as I am aware and pdns uses a bind backend, so my assumption is there won't be a heavy focus on implementing DNSSEC with bind. The only other option would be to have pdns installed all the time which isn't a very graceful solution.
 

JanH

Member
Dec 17, 2009
7
0
51
OK, just to be sure I understand correctly.
Our DNS cluster setup is 4 DNSOnly servers that all run pdns.
The servers running the hosting accounts does not run any form of DNS services locally, and only rely on the use of the 4 dedicated DNS servers in the DNS cluster.
To be able to make the keys for DNSSEC we would have to install pdns on the hosting servers as the keys cannot be made remotely via cluster like when adding any other DNS records.
Can you confirm that I have understood correctly?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hello,


That's exactly it, it needs to be done on the WebServer, per the developer notes in the case (this is due to the way the keys are stored if I remember correctly) keep in mind that the DNS servers are only storing DNS zone info they are not capable of managing configuration.