remote dns restrictions details

It used to be, that regardless of the config, in WHM you could always park a domain which had not (yet) had it's nameservers changed or added to ips.remotedns (the old "Sorry, the domain is already pointed to an IP address that does not appear to use DNS servers associated with this server." error).

That does not appear to be the case so much any more, and it really is a pain for resellers who want to get a zone setup and ready before changing the NS.

Anyway I have two questions which the cPanel/WHM team might be able to answer, and a suggestion.

1. What is the rationale? We know that you can create an arbitrary DNS zone anyway simply by creating a new account in WHM before the NS is changed (or domain even exists). So what is the extra security problem in allowing creation of arbitrary parked domains in WHM over arbitrary account primary domains in WHM? I'm just curious to know.

2. What is the actual criteria for "passing the test", do all the NS of the domain have to be known to the server, does just one have to be known, does it have to be the NS recorded in the whois data, or just what dig returns...?

3. Wouldn't it be nice if you could add a special TXT record to the zone to allow this, in the same manner as various other services authenticate domain ownership.
_cpanel_authentication TXT "[some server specified unique code]"
then when parking the server could just check for this specific DNS record rather than necessitating screwing up the important stuff.

 

> This could allow the account to intercept emails intended for a remote mail server.

Yes, but as already stated, this restriction is being applied in WHM (Allow Remote Domains = false did not previously prohibit the action in WHM).

In cPanel yes it is an understandable and necessary restriction, but not in WHM.

And it is perplexing especially as if you have access to WHM you can achieve the same (adding a domain to localdomains) by simply creating a new account with that domain name, an action which is not (so far as I recall) limited by this restriction.

 

WHM says: 11.46.2 (build 4)

So maybe this was fixed in .47 or .48?