DNSSEC on cPanel with nameserver disabled


Well-Known Member
Jun 2, 2012
cPanel Access Level
Root Administrator
I've read this In Progress - [CPANEL-30161] 84.05 DNSSEC not shown in Zone Editor but it's from 2019 so I'm hoping there has been some update in the last 2 years.

I have my servers separated out into dnsonly servers with no user accounts running powerdns, and full cpanel/whm servers with user accounts with nameservers disabled. All of the servers are linked together in a cluster so if a zone is added or changed or whatever it gets synced to the dnsonly servers running powerdns. I think it's a good setup, and I would prefer not to have to have powerdns installed on every single user server as well as the dnsonly servers. I used to run dns and user accounts on the same servers and I don't think it worked as well as having them separated out.

Is it possible to make dnssec work in a cluster set up like this? Does powerdns really still need to be installed on every single server like that thread from 2019? It's a waste of memory if nothing else to have so many pointless copies of it running everywhere. Thanks.


Staff member
Jan 12, 2021
cPanel Access Level
Root Administrator
Hello Krydos! To manage DNSSEC keys in your DNS cluster, You must be using PowerDNS as a nameserver, have root privileges, and cPanel DNS clustering must be enabled,

The case, however, is still being monitored. PDNS must still be installed on each server because without the PDNS utilities the keys cannot be generated.

I apologize for any inconvenience. If you have any questions or concerns, please let us know!