The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Repair Mailbox Permissions remotedomains / localdomains issue

Discussion in 'E-mail Discussions' started by vikins, Jul 17, 2017.

Tags:
  1. vikins

    vikins Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    102
    Likes Received:
    1
    Trophy Points:
    168
    Here's the scenario. Hosting a domain that has DNS handled elsewhere so there is no DNS zone file on the server at all. Mail is handled remotely as well.

    By hand I made sure the domain was not in the /etc/localdomains file and made sure to enter it into the /etc/remotedomains file. Then restarted exim.

    This works fine but if Repair Mailbox Permissions is run, it is assumed the domain is local and the localdomains and remotedomains are automatically changed.

    Is this normal? Am I missing something?

    Additionally, for this domain if I click on Edit MX Entry it seems to find an entry and shows that it is set to local, even though the remotedomains entry is in place. If I change it to Remote and update it outputs "Writing zone files.......[domain.com]...Failed to change serial number for domain.com." which makes sense since there is no zone file on the server.

    Insights? I want to be able to make sure this domain always remains in the /etc/remotedomains file.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,086
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It's important to keep a local copy of the domain name's DNS zone on the cPanel server, even if the DNS for the domain name is handled externally. You can add the zone back to the server using "WHM >> Add a DNS Zone". Once you do that, use "WHM >> Edit DNS Zone" to update the "Email Routing" configuration to "Remote Mail Exchanger". This will ensure the domain name remains populated in the /etc/remotedomains file.

    Thank you.
     
    vikins likes this.
  3. vikins

    vikins Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    102
    Likes Received:
    1
    Trophy Points:
    168
    Thanks for the info. But how would that work since the DNS is not under my control and I have no access to check what records are active? I guess I could play around with dig and see what comes up and try to recreate it. But then what if they change something at the external DNS host? How would I ever know so that I could keep it aligned?

    Wouldn't it be better to have no zone file at all so the cPanel server is always forced to do any DNS lookup for the domain externally?

    Or am I missing your point somehow? Thanks again for the help. :)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,086
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You don't have to match the DNS records or keep it synced with how the zone is configured on the external DNS host. You simply need to create the default instance of the zone. Since it's hosted externally, the records that exist in the zone on the cPanel server are not utilized. The zone will simply exist to allow the domain name to work with cPanel & WHM functionality that requires access to the zone file.

    Thank you.
     
  5. vikins

    vikins Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    102
    Likes Received:
    1
    Trophy Points:
    168
    Thanks. I've done this to fix the /etc/remotedomains issue and of course it does work. But I'm still worried, maybe unjustifiably.

    The basic zone file that is created locally is what would be expected if the domain was hosted on the same server, which it is. But since the rest of the world gets DNS info about this domain from another name server, shouldn't the local name server also get info from that external source?

    If I now do a command line lookup, the info comes from the local zone file:

    root> nslookup example.biz
    Server: 127.0.0.1
    Address: 127.0.0.1#53

    Name: domain.com
    Address: 123.123.123.123

    This is okay in this case because the local zone file is correct for this lookup. But what if they used a specialized host like "office.domain.com" and they created an A record at the external DNS to point that to a static IP assigned by their ISP? If the cPanel server were asked to resolve office.domain.com it couldn't because that record is absent.

    Granted, this is an edge case, but I could see it happening.

    If there was no zone file at all, the cPanel server would be forced to look externally to do the lookup, it would be found and resolved properly.

    What if they were sending mail to an address like copier@office.domain.com and that email originated from the cPanel server, say from a form on their website? Wouldn't a lookup for office.domain.com be required by the cPanel server, which would fail, but would otherwise work if there was no zone file present?

    I admit I could be mixed about up how a situation like this would be handled, but figure why not pursue this to the end and make sure. Thanks again! :)
     
    #5 vikins, Jul 18, 2017
    Last edited by a moderator: Jul 18, 2017
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,086
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You could edit the external and internal entries for the domain name in /etc/named.conf file so that queries for it are forwarded to an external resolver. EX:

    Code:
    zone "domain.tld" {
      type forward;
        forwarders {
          8.8.8.8;
          8.8.4.4;
        };
    };
    Thank you.
     
  7. vikins

    vikins Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    102
    Likes Received:
    1
    Trophy Points:
    168
    Thanks again.

    Yep, that would be one way to handle it. So then I'd have hand-inserted resolver entries for any domain in this situation. Plus I'd have a ghost zone file that might be populated but will never be used to resolve anything. And a year from now I'm going to remember all this? :)

    Is this case so rare that it doesn't come up on the radar often? I can not imagine that every host doesn't have some percentage of accounts that use external DNS. It's not that rare. And for full and proper DNS functionality we'd need a ghost zone file and hand entries in /etc/named.conf? This just don't seem right.

    Hope you don't think I'm being argumentative. I appreciate your help. I'm just not satisfied that cPanel does account for something like this.

    Is there no other way to handle this? Nothing built into cPanel / WHM?
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,086
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    There's no other workaround available, as deleting the DNS zone will result in errors with certain functionality (e.g. enabling SPF/DKIM, transferring accounts, email routing settings). We do have a feature request open that would likely address the situation you have described:

    Auto-detection and deletion or suspension of non-authoritative DNS zone files

    The discussion centers around non-authoritative DNS zone files on the cPanel server. I encourage you to vote and add feedback to this feature request.

    Thank you.
     
    vikins likes this.
  9. vikins

    vikins Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    102
    Likes Received:
    1
    Trophy Points:
    168
    Thank you, I'll take a look at the feature request.
     
Loading...

Share This Page