The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

remote dns restrictions details

Discussion in 'Bind / DNS / Nameserver Issues' started by gogocode, Mar 12, 2015.

  1. gogocode

    gogocode Member

    Joined:
    Aug 28, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    It used to be, that regardless of the config, in WHM you could always park a domain which had not (yet) had it's nameservers changed or added to ips.remotedns (the old "Sorry, the domain is already pointed to an IP address that does not appear to use DNS servers associated with this server." error).

    That does not appear to be the case so much any more, and it really is a pain for resellers who want to get a zone setup and ready before changing the NS.

    Anyway I have two questions which the cPanel/WHM team might be able to answer, and a suggestion.

    1. What is the rationale? We know that you can create an arbitrary DNS zone anyway simply by creating a new account in WHM before the NS is changed (or domain even exists). So what is the extra security problem in allowing creation of arbitrary parked domains in WHM over arbitrary account primary domains in WHM? I'm just curious to know.

    2. What is the actual criteria for "passing the test", do all the NS of the domain have to be known to the server, does just one have to be known, does it have to be the NS recorded in the whois data, or just what dig returns...?

    3. Wouldn't it be nice if you could add a special TXT record to the zone to allow this, in the same manner as various other services authenticate domain ownership.
    _cpanel_authentication TXT "[some server specified unique code]"
    then when parking the server could just check for this specific DNS record rather than necessitating screwing up the important stuff.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The purpose of this restriction is to prevent users from adding domain names that do not belong to them to their account. The name server IP addresses must match IP addresses added in the /etc/ips files on the cPanel server. As for why it's a potential security issue, let's say a user adds xyz.tld to their account. That domain name is then automatically added to the /etc/localdomains file and thus Exim views it as a local domain name. This could allow the account to intercept emails intended for a remote mail server. The following options are available under the "Domains" tab in "WHM >> Tweak Settings" if you want to disable this security feature:

    "Allow Remote Domains"
    "Allow unregistered domains"

    Thank you.
     
  3. gogocode

    gogocode Member

    Joined:
    Aug 28, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    > This could allow the account to intercept emails intended for a remote mail server.

    Yes, but as already stated, this restriction is being applied in WHM (Allow Remote Domains = false did not previously prohibit the action in WHM).

    In cPanel yes it is an understandable and necessary restriction, but not in WHM.

    And it is perplexing especially as if you have access to WHM you can achieve the same (adding a domain to localdomains) by simply creating a new account with that domain name, an action which is not (so far as I recall) limited by this restriction.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you verify which version of cPanel is installed on your system? EX:

    Code:
    cat /usr/local/cpanel/version
    I see that internal case number 95493 addresses this issue for cPanel version 11.42, and I can't reproduce this on cPanel version 11.48.

    Thank you.
     
  5. gogocode

    gogocode Member

    Joined:
    Aug 28, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    WHM says: 11.46.2 (build 4)

    So maybe this was fixed in .47 or .48?

    [​IMG]
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The change log shows the resolution was introduced in cPanel version 11.42.1.5. Is there anything in particular that is preventing you from upgrading to cPanel version 11.48 that we can help with?

    Thank you.
     
Loading...

Share This Page