Repair Mailbox Permissions remotedomains / localdomains issue

vikins

Well-Known Member
Oct 3, 2006
120
1
168
Here's the scenario. Hosting a domain that has DNS handled elsewhere so there is no DNS zone file on the server at all. Mail is handled remotely as well.

By hand I made sure the domain was not in the /etc/localdomains file and made sure to enter it into the /etc/remotedomains file. Then restarted exim.

This works fine but if Repair Mailbox Permissions is run, it is assumed the domain is local and the localdomains and remotedomains are automatically changed.

Is this normal? Am I missing something?

Additionally, for this domain if I click on Edit MX Entry it seems to find an entry and shows that it is set to local, even though the remotedomains entry is in place. If I change it to Remote and update it outputs "Writing zone files.......[domain.com]...Failed to change serial number for domain.com." which makes sense since there is no zone file on the server.

Insights? I want to be able to make sure this domain always remains in the /etc/remotedomains file.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello,

It's important to keep a local copy of the domain name's DNS zone on the cPanel server, even if the DNS for the domain name is handled externally. You can add the zone back to the server using "WHM >> Add a DNS Zone". Once you do that, use "WHM >> Edit DNS Zone" to update the "Email Routing" configuration to "Remote Mail Exchanger". This will ensure the domain name remains populated in the /etc/remotedomains file.

Thank you.
 
  • Like
Reactions: vikins

vikins

Well-Known Member
Oct 3, 2006
120
1
168
Thanks for the info. But how would that work since the DNS is not under my control and I have no access to check what records are active? I guess I could play around with dig and see what comes up and try to recreate it. But then what if they change something at the external DNS host? How would I ever know so that I could keep it aligned?

Wouldn't it be better to have no zone file at all so the cPanel server is always forced to do any DNS lookup for the domain externally?

Or am I missing your point somehow? Thanks again for the help. :)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Thanks for the info. But how would that work since the DNS is not under my control and I have no access to check what records are active? I guess I could play around with dig and see what comes up and try to recreate it. But then what if they change something at the external DNS host? How would I ever know so that I could keep it aligned?
Hello,

You don't have to match the DNS records or keep it synced with how the zone is configured on the external DNS host. You simply need to create the default instance of the zone. Since it's hosted externally, the records that exist in the zone on the cPanel server are not utilized. The zone will simply exist to allow the domain name to work with cPanel & WHM functionality that requires access to the zone file.

Thank you.
 

vikins

Well-Known Member
Oct 3, 2006
120
1
168
Thanks. I've done this to fix the /etc/remotedomains issue and of course it does work. But I'm still worried, maybe unjustifiably.

The basic zone file that is created locally is what would be expected if the domain was hosted on the same server, which it is. But since the rest of the world gets DNS info about this domain from another name server, shouldn't the local name server also get info from that external source?

If I now do a command line lookup, the info comes from the local zone file:

root> nslookup example.biz
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: domain.com
Address: 123.123.123.123

This is okay in this case because the local zone file is correct for this lookup. But what if they used a specialized host like "office.domain.com" and they created an A record at the external DNS to point that to a static IP assigned by their ISP? If the cPanel server were asked to resolve office.domain.com it couldn't because that record is absent.

Granted, this is an edge case, but I could see it happening.

If there was no zone file at all, the cPanel server would be forced to look externally to do the lookup, it would be found and resolved properly.

What if they were sending mail to an address like [email protected] and that email originated from the cPanel server, say from a form on their website? Wouldn't a lookup for office.domain.com be required by the cPanel server, which would fail, but would otherwise work if there was no zone file present?

I admit I could be mixed about up how a situation like this would be handled, but figure why not pursue this to the end and make sure. Thanks again! :)
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello,

You could edit the external and internal entries for the domain name in /etc/named.conf file so that queries for it are forwarded to an external resolver. EX:

Code:
zone "domain.tld" {
  type forward;
    forwarders {
      8.8.8.8;
      8.8.4.4;
    };
};
Thank you.
 

vikins

Well-Known Member
Oct 3, 2006
120
1
168
Thanks again.

Yep, that would be one way to handle it. So then I'd have hand-inserted resolver entries for any domain in this situation. Plus I'd have a ghost zone file that might be populated but will never be used to resolve anything. And a year from now I'm going to remember all this? :)

Is this case so rare that it doesn't come up on the radar often? I can not imagine that every host doesn't have some percentage of accounts that use external DNS. It's not that rare. And for full and proper DNS functionality we'd need a ghost zone file and hand entries in /etc/named.conf? This just don't seem right.

Hope you don't think I'm being argumentative. I appreciate your help. I'm just not satisfied that cPanel does account for something like this.

Is there no other way to handle this? Nothing built into cPanel / WHM?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello,

There's no other workaround available, as deleting the DNS zone will result in errors with certain functionality (e.g. enabling SPF/DKIM, transferring accounts, email routing settings). We do have a feature request open that would likely address the situation you have described:

Auto-detection and deletion or suspension of non-authoritative DNS zone files

The discussion centers around non-authoritative DNS zone files on the cPanel server. I encourage you to vote and add feedback to this feature request.

Thank you.
 
  • Like
Reactions: vikins

GrandAdmiral

Active Member
May 21, 2014
28
0
1
cPanel Access Level
Root Administrator
The cPanel server (as with most DNS servers) looks at its internal DNS entries first for maximum performance, rather than constantly performing a DNS lookup only to end up back at its own internal nameserver.

When initially setting up a domain I always mirror the bulk of the external zone file into cPanel, it might get outdated over time but at least its a starting point. To address your comment "how would I remember this in a year", at minimum you should change the nameservers listed in the cPanel zone file to match the actual nameservers. Obviously not something which changes on a regular basis (so low upkeep) and a dead giveaway that the domain is externally managed.