Hook to unset_nsec3 for DNSSEC enabled domains

jacksony

Well-Known Member
PartnerNOC
Nov 30, 2005
77
1
158
Hi!

Does anyone has any hook/script to share which we can run unset_nsec3 automatically when user enable DNSSEC for their domains in cPanel? To enable Xfers.

We need this as currently cPanel do not have any option to disable nsec3 narrow mode by default.
 

jacksony

Well-Known Member
PartnerNOC
Nov 30, 2005
77
1
158
Thanks Lauren!

If anyone has a script ready which we can use it will be great. We can even pay if the fee is not too much to implement this hook with the script. Since we are not too sure when this feature will be implemented at cPanel side.
 
  • Like
Reactions: cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,266
313
Houston
Hi @jacksony

I'm sorry, it does look like you've not gotten very much traction on this, I will say it's not something I've sen requested previously which may be the issue.

The WHMAPI1 function here would do it https://documentation.cpanel.net/display/DD/WHM+API+1+Functions+-+unset_nsec3_for_domains and you might be able to find someone to write you a hook based off of the data here: Guide to Standardized Hooks - Hookable Events - Developer Documentation - cPanel Documentation

If you don't have anyone in mind you may find someone here: System Administration Services
 

jacksony

Well-Known Member
PartnerNOC
Nov 30, 2005
77
1
158
Can't find any from the System Admin list. As they are mostly server support but not hook developers..
 

LucasRolff

Well-Known Member
Community Guide Contributor
May 27, 2013
141
85
78
cPanel Access Level
Root Administrator
While I don't have my dev environment available, I have a hard time cooking something up.

Ideally enable debug mode before starting, that should give you pointers how the data structure of hookdata looks like - how to enable debugging for hooks can be found here: Guide to Standardized Hooks - Debug Mode - Developer Documentation - cPanel Documentation

But it should be fairly simple to do:

Create the file /opt/dnssec_unset_nsec3/unset_nsec3.py

Add:
Python:
#!/usr/bin/python
import simplejson as json

raw_data = sys.stdin.readlines()

hookdata = json.loads(raw_data[0])

// modify hookdata['use_nsec3'] to 0
// return hookdata (I believe that should be enough)
Then add the hook event:

Bash:
/usr/local/cpanel/bin/manage_hooks \
add script /opt/dnssec_unset_nsec3/unset_nsec3.py \
--stage pre \
--category Cpanel \
--event UAPI::DNSSEC::enable_dnssec \
--manual
 

jacksony

Well-Known Member
PartnerNOC
Nov 30, 2005
77
1
158
Thanks! I'm trying it out.

But from the cPanel guides, perl hook script should be saved in /usr/local/cpanel/3rdparty/bin instead, is that correct?

To modify nsec3, The API says this:

whmapi1 unset_nsec3_for_domains domain=example.com

But this is command line usage. How can I covert this to perl script, so as to run this every time DNSSEC is enabled through cPanel for each domain?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,266
313
Houston
There isn't a Perl equivalent to this listed in the WHMAPI1 docs but it odes look like it uses the following Perl module which might be helpful? /usr/local/cpanel/Whostmgr/API/1/DNS.pm

@LucasRolff may have suggestions as well.