DNSSEC on cPanel with nameserver disabled

[Krydos]

I've read this In Progress - [CPANEL-30161] 84.05 DNSSEC not shown in Zone Editor but it's from 2019 so I'm hoping there has been some update in the last 2 years.

I have my servers separated out into dnsonly servers with no user accounts running powerdns, and full cpanel/whm servers with user accounts with nameservers disabled. All of the servers are linked together in a cluster so if a zone is added or changed or whatever it gets synced to the dnsonly servers running powerdns. I think it's a good setup, and I would prefer not to have to have powerdns installed on every single user server as well as the dnsonly servers. I used to run dns and user accounts on the same servers and I don't think it worked as well as having them separated out.

Is it possible to make dnssec work in a cluster set up like this? Does powerdns really still need to be installed on every single server like that thread from 2019? It's a waste of memory if nothing else to have so many pointless copies of it running everywhere. Thanks.

 

[cPJustinD]

Hello Krydos! To manage DNSSEC keys in your DNS cluster, You must be using PowerDNS as a nameserver, have root privileges, and cPanel DNS clustering must be enabled,

The case, however, is still being monitored. PDNS must still be installed on each server because without the PDNS utilities the keys cannot be generated.

I apologize for any inconvenience. If you have any questions or concerns, please let us know!

 

[Krydos]

Thanks.

 

[benito]

Hello!

I'm having the same problem, to be crystal clear we need to enable PDNS also on each full server right? Is not enought with having DNSONLY servers.

Right now I have this way on each server.



Thanks!

 

[cPRex]

@benito - if you want to use DNSSEC, yes, at this time all servers need to use PowerDNS so the keys can be properly generated.