The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how to secure dns zone edit on dedicated server

Discussion in 'Security' started by bejbi, Jul 10, 2010.

  1. bejbi

    bejbi Well-Known Member

    Joined:
    Jan 20, 2006
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Czestochowa, Poland
    cPanel Access Level:
    DataCenter Provider
    Hi,

    I have problem:

    I have three servers (dedicated for some companies)
    I have shared hosting on others several servers
    I have three own dns servers

    My shared hosting servers are in dns-cluster with my dns servers
    Also the dedicated servers are in dns-cluster with the same dns serves.

    Problem is, that the dedicated server's customer should have root access on own server.
    But when he is logged as root on WHM he can EDIT all dns zones on all my servers (shared and other dedicated). I don't know how to resolve this security problem. Root access is needed for customer, and offering dedicated server I must to give him my dns serves for use ...

    So I can't see any solution, to resolve this security problem ... ?

    Thanks for help.

    Wojtek
     
  2. Miraenda

    Miraenda Well-Known Member

    Joined:
    Jul 28, 2004
    Messages:
    242
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Coralville, Iowa USA
    Why must you give him your DNS to use if he has a dedicated server? He can create his own privately registered DNS nameservers. I would not cluster his machine to your nameservers in this instance at all. Instead, just put a DNS zone for his domain onto your nameservers initially so his machine will work but without clustering his machine to yours, then tell him to use his domain to privately register DNS nameservers at his domain registrar (if you registered the domain for him, setup his private nameservers for him there to point to his dedicated machine's IPs).

    It is never a good idea to give a dedicated machine clustering access to your nameservers. They are best served creating their own private nameservers. This way, they can run BIND on their own dedicated machine and control their own zones (and you don't have to process their zones on your cluster).
     
    #2 Miraenda, Jul 13, 2010
    Last edited: Jul 13, 2010
Loading...

Share This Page