Cpanel will not overwrite existing dns entries anymore.

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
Are you running EDGE? There was a thread a short time ago about migrating users between DNS cluster members where the transfer failed because the zone already existed and there was talk of having a Tweak Settings option or something similar to avoid the issue. It's possible that this has creeped into EDGE, though I'm only speculating because the change log is currently not being updated. Either way, I'd log it in bugzilla and/or raise a support ticket if you can easily recreate it.
 
C

cPanelBilly

Guest
chirpy said:
Are you running EDGE? There was a thread a short time ago about migrating users between DNS cluster members where the transfer failed because the zone already existed and there was talk of having a Tweak Settings option or something similar to avoid the issue. It's possible that this has creeped into EDGE, though I'm only speculating because the change log is currently not being updated. Either way, I'd log it in bugzilla and/or raise a support ticket if you can easily recreate it.
Here is the issue with that.
If we allow DNS zones to be overridden then you cna hijack a domain if you are on the same cluster as it is on by adding the domain on a new server.
The retore accounts script just creates a new account and then restores the data, so there is no way for cPAnel to tell the difference between a transfer and a possible hijacking.
 

WebHostPro

Well-Known Member
PartnerNOC
Jul 28, 2002
1,725
28
328
LA, Costa RIca
cPanel Access Level
Root Administrator
Twitter
Actually that was exactly my thought, since root is making the new account then it should have this right. But say you use cpanel with a dedicated server on the cluster then can the dedicated server webmaster change the dns of another server just because they have root access?

I see the issue,

Maybe you can add a option in the dns only version to change the dns of multiple dns zones to a certain i.p.? And let the transfer set up the account without needing to have no DNS.

Or add a option to the transfer tool that checks if the dns resolves to a pingable i.p. and if not let it change the dns. This might be a little shaky though.

Also a find and replace command does not work well since if the i.p. is 12.123.123.10 for example and you also use 12.123.123.104 on the dns server then it will change 12.123.123.104 i.p. since 12.123.123.10 is part of it.
 

clook

Well-Known Member
PartnerNOC
Jun 9, 2002
62
1
308
Preston, UK
I'm happy to see this thread and maybe its time for us to do more tests on whether the dns clustering features is suitable for servers with reseller accounts.

When we previously did testing, a reseller on one hosting server in the cluster was able to wipe out the dns zone of another reseller on another server in the cluster by simply creating an account with the same domain then terminating it. For this reason, using our clustered dns servers was not an option for any server with resellers.

EDIT: In addition to the above, I'm happy this problem is finally getting looked at almost a year after I initially reported it via the ticket desk in great detail and was basically told we had to trust our resellers not to do this.
 
Last edited:

Snowman30

Well-Known Member
PartnerNOC
Apr 7, 2002
679
0
316
cPanel Access Level
DataCenter Provider
If i understand this thread correctly should we currently not be offering dns clustering to resellers?

ive got a couple of servers that we run between 2 operatiosn with each operation setup on these servers as a reseller, if i enable clustering on both resellers and on the standalone servers associated with both these will they conflict with each other?

what if a reseller has sites on 2 different servers can he cluster between them? or will this conflict with the root dns clustering between the servers?
 

kris1351

Well-Known Member
Apr 18, 2003
961
0
166
Lewisville, Tx
I argued this point with one of the newbie Cpanel support techs till I was blue in the face. With all the security issues in Cpanel they chose to lock out one of the good features of Cpanel. If you cannot transfer accounts from one server to another now without deleting the DNS record you have downtime for each account you move. It is extremely hard if you have to move several servers to new ones. It really makes a mess of things if you have a dedicated DNS only version of Cpanel as then you have to really do some work arounds. If root is doing the transfer then it should be able to overwrite the DNS entry. That said they even broke the restore account options on the same server. You cannot restore an account unless you delete the DNS record now.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
You either have to move to EDGE or wait until EDGE becomes CURRENT which becomes RELEASE down to STABLE. IIRC as mentioned recently, cPanel are trying to iron out all the current issues with a view to a new RELEASE tree with v10.5 soon.