Default cPanel installations now use PowerDNS instead of BIND. But the configuration remains the same.
The issue is how to transfer zones from cPanel PowerDNS to BIND nodes.
If you try to parse them you might fall into this:
1 2 3 4 5 | node1 named: transfer of 'cpanel-dev.nixpal.com/IN' from xxx#53: connected using xxx node1 named: transfer of 'cp-dev.com/IN' from xxx#53: failed while receiving responses: NOTAUTH node1 named: transfer of 'cp-dev.com/IN' from xxx#53: Transfer status: NOTAUTH node1 named: transfer of 'cp-dev.com/IN' from xxx#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.003 secs (0 bytes/sec) node1 named: transfer of 'cpanel-dev.nixpal.com/IN' from xxx#53: failed while receiving responses: NOTAUTH |
To make it work and transfer zones:
1 2 3 4 5 | node1 named: transfer of 'cpanel-dev.nixpal.com/IN' from xxx#53: Transfer status: success node1 named: transfer of 'cpanel-dev.nixpal.com/IN' from xxx#53: Transfer completed: 3 messages, 12 records, 936 bytes, 0.013 secs (72000 bytes/sec) node1 named: transfer of 'pdns.nixpal.com/IN' from xxx#53: connected using xxx#37045 node1 named: transfer of 'pdns.nixpal.com/IN' from xxx#53: Transfer status: success node1 named: transfer of 'pdns.nixpal.com/IN' from xxx#53: Transfer completed: 3 messages, 18 records, 1103 bytes, 0.006 secs (183833 bytes/sec) |
You only need a few changes in /etc/pdns/pdns.conf to make it work:
On the top:
disable-axfr= no ,
And add DNS servers (Nodes) IPs to:
allow-axfr-ips ,
allow-notify-from and
also-notify
Example pdns.conf, we use "1.2.3.4" and 5.6.7.8 as our DNS Node (Slave) servers
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | setuid=named setgid=named launch=bind bind-config=/etc/named.conf bind-dnssec-db=/var/cpanel/pdns/dnssec.db local-ipv6=:: local-ipv6-nonexist-fail=no distributor-threads=1 disable-axfr=no webserver=yes api=yes webserver-address=127.0.0.1 webserver-allow-from=127.0.0.1,::1 webserver-password=xxxxxxxxxxxxxxx webserver-port=953 api-key=xxxxxxxxxxxxxxxxxxx allow-axfr-ips=127.0.0.0/8, 1.2.3.4 , 5.6.7.8 allow-notify-from=0.0.0.0/0,::/0, 1.2.3.4 , 5.6.7.8 also-notify=1.2.3.4 , 5.6.7.8 allow-unsigned-notify=yes forward-notify= 1.2.3.4 , 5.6.7.8 |
And that it's. You can use PowerDNS at cPanel servers without switching to BIND if you don't want to.
You may need to tweak your NOTIFY times or wait the default time when making changes to a zone.
Alternatively you can use "rndc reload domain.com" on the Nodes for faster zone change fetch.