Enforcing 1-way DNS synchronization


Active Member
Mar 4, 2003
cPanel Access Level
DataCenter Provider
Is there any way to enforce that DNS zones can only be synchronized 1-way?

I know that it's possible in the cluster settings to define write-only/standalone/synchronize changes, but that doesn't cover what I'm describing. What I'm looking to do is to make it impossible for certain servers to obtain zones from certain other cluster members.

In short, what I was thinking of doing, is to offer our cPanel dedicated server/VPS clients to use one of our secondary nameservers. That secondary nameserver would run cPanel, and the idea is that this server would be shared by multiple clients (as running a separate DNS-only instance for each client would get too expensive). And I want to avoid that our clients would end up with the zones of other clients.

In particular, I noticed that when you run "Synchronize all zones to all servers", all servers get all zones that run in the cluster, regardless of write-only/standalone/synchronize settings. This is something I want to avoid from happening. So basically what I'm looking for, is to rule out that servers would receive zones that don't belong to them.

What's the best way of dealing with this?


Staff member
Apr 11, 2011
Hello :)

The current DNS cluster system is designed for an administrator that owns/manages all of the servers in the cluster. There is an open feature request for what you are looking for at:

DNS Cluster Security

Feel free to vote and add your input to this feature request.

Thank you.