Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

how to secure dns zone edit on dedicated server

Discussion in 'Security' started by bejbi, Jul 10, 2010.

  1. bejbi

    bejbi Well-Known Member

    Jan 20, 2006
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    DataCenter Provider

    I have problem:

    I have three servers (dedicated for some companies)
    I have shared hosting on others several servers
    I have three own dns servers

    My shared hosting servers are in dns-cluster with my dns servers
    Also the dedicated servers are in dns-cluster with the same dns serves.

    Problem is, that the dedicated server's customer should have root access on own server.
    But when he is logged as root on WHM he can EDIT all dns zones on all my servers (shared and other dedicated). I don't know how to resolve this security problem. Root access is needed for customer, and offering dedicated server I must to give him my dns serves for use ...

    So I can't see any solution, to resolve this security problem ... ?

    Thanks for help.

  2. Miraenda

    Miraenda Well-Known Member

    Jul 28, 2004
    Likes Received:
    Trophy Points:
    Coralville, Iowa USA
    cPanel Access Level:
    Root Administrator
    Why must you give him your DNS to use if he has a dedicated server? He can create his own privately registered DNS nameservers. I would not cluster his machine to your nameservers in this instance at all. Instead, just put a DNS zone for his domain onto your nameservers initially so his machine will work but without clustering his machine to yours, then tell him to use his domain to privately register DNS nameservers at his domain registrar (if you registered the domain for him, setup his private nameservers for him there to point to his dedicated machine's IPs).

    It is never a good idea to give a dedicated machine clustering access to your nameservers. They are best served creating their own private nameservers. This way, they can run BIND on their own dedicated machine and control their own zones (and you don't have to process their zones on your cluster).
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Miraenda, Jul 13, 2010
    Last edited: Jul 13, 2010

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice