Is there any way to enforce that DNS zones can only be synchronized 1-way? I know that it's possible in the cluster settings to define write-only/standalone/synchronize changes, but that doesn't cover what I'm describing. What I'm looking to do is to make it impossible for certain servers to obtain zones from certain other cluster members. In short, what I was thinking of doing, is to offer our cPanel dedicated server/VPS clients to use one of our secondary nameservers. That secondary nameserver would run cPanel, and the idea is that this server would be shared by multiple clients (as running a separate DNS-only instance for each client would get too expensive). And I want to avoid that our clients would end up with the zones of other clients. In particular, I noticed that when you run "Synchronize all zones to all servers", all servers get all zones that run in the cluster, regardless of write-only/standalone/synchronize settings. This is something I want to avoid from happening. So basically what I'm looking for, is to rule out that servers would receive zones that don't belong to them. What's the best way of dealing with this?