newb: how does cpanel interact with BIND named.conf? ( CENTOS 6.10 vmware - v86.0.31 )

dlc

Registered
Nov 11, 2020
3
0
1
California
cPanel Access Level
Root Administrator
Greetings; brand new to cPanel, OLD BIND admin. Trying to learn how cPanel interacts with named.conf. cpanel version in title; BIND is 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8.

1: What can I change manually in named.conf and what can I NOT change? (I've just redone the logging stanza temporarily but I'm not involved in customer DNS support so I can't test it). code reference is fine/better(?).

2: What sets the SOA content? This box acts as a hidden master, but there's some kludge here that creates a zone list and splurts it over to our "main" hidden primary for further munging in order to serve up domains, and the MNAME is not actually truthful.

3: How is it possible that my /etc/named.conf still has zone clauses for sites/customers no longer hosted on this system? (I see references to cleanup tools but I want to understand #1 before running them).

Perhaps there are developer docs I should be looking at to learn this level of detail? I'm sure this is a super old version. It's going away in a few months and is not an upgrade candidate.

Thanks!
 

cPanelAaronH

Well-Known Member
Staff member
Dec 31, 2014
70
19
133
Houston Texas
cPanel Access Level
Root Administrator
Hey there!

We do not have a full list of what can or cannot be modified, I apologize. You can always make changes and then rebuild the dns configuration to make sure they stay in place by rebuilding the named.conf, /usr/local/cpanel/scripts/rebuilddnsconfig. This is triggered any time a domain is added or removed.

SOA is built off the the DNS zone templates:
  • Home »
  • DNS Functions »
  • Edit Zone Templates
The email that is in the zone is pulled from the Basic WebHost Manager® Setup page. The SOA can be modified using the template:

Edit Zone Templates | cPanel & WHM Documentation

Code:
; cPanel %cpversion%
; Zone file for %domain%
$TTL %ttl%
@      %nsttl%    IN      SOA     %nameserver%. %rpemail%. (
        %serial%    ; serial, todays date+todays
        3600        ; refresh, seconds
        1800        ; retry, seconds
        1209600        ; expire, seconds
        86400 )        ; minimum, seconds
Can you provide some additional information on what is being added to the SOA that's causing issues?

As far as the zones in the named.conf, that should be cleaned up when an account is removed unless the option to retain the zone was selected.

I do hope this helps.
 

dlc

Registered
Nov 11, 2020
3
0
1
California
cPanel Access Level
Root Administrator
We operate this nameserver as a "stealth" primary, and I wanted to change the SOA MNAME field to be either the FQDN of this box, or an alias (I haven't decided).

I guess I need to find the full list of variable expansions next.

At some point I'd like to add a TSIG key and "also-notify" statements for some "stealth secondaries" as part of a migration strategy, which I'm guessing might require modifying the scripts themselves. Are those scripts called by the front-end or are there two sets of code that generate the named.conf?
 

dlc

Registered
Nov 11, 2020
3
0
1
California
cPanel Access Level
Root Administrator
Hey hey, @dlc!

Can you let me know what you mean by "those scripts" specifically?

While the /scripts/rebuilddnsconfig command will rebuild the named.conf file, the creation of the zone itself happens with the templates that Aaron mentioned.
Sorry for not having explored more first; since also-notify and tsig keys/includes would go into named.conf, I mean whatever code generates/modifies named.conf to add the zone clauses. I shall do some grepping :)
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
2,067
283
213
cPanel Access Level
Root Administrator
That makes sense. You're welcome to add the code directly to the named.conf file on the system, but it will get overwritten if other changes are made, such as adding an account, creating a subdomain, or editing a zone. I know we point people to this a lot, but a feature request is never a bad thing to submit if you want to see some changes to the system that aren't currently possible.