Works for me now, except I dont see the DNSSEC option in the zone editor for a user/domain.
Last edited:
This indicates one of the following:
- The ability to manage DNSSEC has been disabled in the account's feature list.
- If you have root access can be managed at WHM>>Packages>>Feature Manager>>Feature Lists
- If you have root access can be managed at WHM>>Packages>>Feature Manager>>Feature Lists
- The nameserver being used on the server does not support DNSSEC (only PowerDNS supports this with cPanel at this time).
- You can check this at WHM>>Service Configuration>>Nameserver Selection if you have access to WHM
What is the web server running? There is a current case (CPANEL-30161) where if the webserver has nameservers set to disabled DNSSEC is also not available.
The webserver dns server was set to "Disabled". I installed PowerDNS on it and now everything works. 
Thank you.
Thank you.
Hi @radeonpower
I'm really glad that worked for you! I moved our responses on this subject to its own thread so that others looking for this issue can more easily find it and I can update here when the internal case is updated.
Thanks!
I'm really glad that worked for you! I moved our responses on this subject to its own thread so that others looking for this issue can more easily find it and I can update here when the internal case is updated.
Thanks!
This seems to indicate a solution for stand-alone cPanel server.
Lauren, please where is the thread that we should follow as the "In Progress" status indicates cPanel team is working towards a solution as you mention?
I'm sorry, that is a bit of a confusing response on my part, this is the thread that should be followed for updates to CPANEL-30161
I want DNSSEC without having to enable power dns on the hosting servers. I am using a write only setup where hosting servers are updating dnsonly servers directly. This is a good secured and efficient method of handling dns that i do not intend to change. DNSSEC should be enabled for dns disabled servers with clustering enabled for dnsonly powerdns servers.
Please update us when this fix is released. Thanks
Please update us when this fix is released. Thanks
Hi,
We would then have to install PowerDNS locally on each cPanel server even when all cPanel DNSOnly servers in the cluster are running PowerDNS?
This is not so convenient for us that prefer to separate this and run all DNS services on dedicated DNS cluster with cPanel DNSOnly servers.
Is there some technical reason for this not being possible?
We would then have to install PowerDNS locally on each cPanel server even when all cPanel DNSOnly servers in the cluster are running PowerDNS?
This is not so convenient for us that prefer to separate this and run all DNS services on dedicated DNS cluster with cPanel DNSOnly servers.
Is there some technical reason for this not being possible?
Ultimately there were a few reasons but one of the biggest and most glaring ones is without PowerDNS's tools (pdns utils) you can't even make the keys required for DNSSEC so it HAS to be installed on all servers in the cluster including the nameservers.
The move is away from bind as a standalone, as far as I am aware and pdns uses a bind backend, so my assumption is there won't be a heavy focus on implementing DNSSEC with bind. The only other option would be to have pdns installed all the time which isn't a very graceful solution.
The move is away from bind as a standalone, as far as I am aware and pdns uses a bind backend, so my assumption is there won't be a heavy focus on implementing DNSSEC with bind. The only other option would be to have pdns installed all the time which isn't a very graceful solution.
OK, just to be sure I understand correctly.
Our DNS cluster setup is 4 DNSOnly servers that all run pdns.
The servers running the hosting accounts does not run any form of DNS services locally, and only rely on the use of the 4 dedicated DNS servers in the DNS cluster.
To be able to make the keys for DNSSEC we would have to install pdns on the hosting servers as the keys cannot be made remotely via cluster like when adding any other DNS records.
Can you confirm that I have understood correctly?
Our DNS cluster setup is 4 DNSOnly servers that all run pdns.
The servers running the hosting accounts does not run any form of DNS services locally, and only rely on the use of the 4 dedicated DNS servers in the DNS cluster.
To be able to make the keys for DNSSEC we would have to install pdns on the hosting servers as the keys cannot be made remotely via cluster like when adding any other DNS records.
Can you confirm that I have understood correctly?
Hello,
That's exactly it, it needs to be done on the WebServer, per the developer notes in the case (this is due to the way the keys are stored if I remember correctly) keep in mind that the DNS servers are only storing DNS zone info they are not capable of managing configuration.
That's exactly it, it needs to be done on the WebServer, per the developer notes in the case (this is due to the way the keys are stored if I remember correctly) keep in mind that the DNS servers are only storing DNS zone info they are not capable of managing configuration.