Version 68 Documentation
Page tree
Skip to end of metadata
Go to start of metadata

For cPanel & WHM version 68

(cPanel >> Home >> Domains >> Advanced Zone Editor)

Overview

Important:

We deprecated this interface in cPanel & WHM version 62. We strongly recommend that you use cPanel's Zone Editor interface (cPanel >> Home >> Domains >> Zone Editor).

DNS (Domain Name Service) is the component of the Internet that converts human-readable domain names (for example, example.com) into computer-readable IP addresses (for example, 192.0.32.10). DNS uses zone files that reside on your server to map domain names to IP addresses.

There are several different types of records in a domain's zone file. This feature allows you to create, edit, and delete A, AAAA, CNAME (Canonical Name Record), SRV (Service Record), and TXT (Text Record) records.

Reset zone files

Warning:

This feature erases any modifications that you made to your zone records, either with this feature or with cPanel's Simple Zone Editor interface (cPanel >> Home >> Domains >> Simple Zone Editor). The system attempts to save the domain's TXT entries. We recommend that you write down any changes that you wish to save before you use this feature.

To reset your DNS zone files to the defaults that your hosting provider specifies, perform the following steps:

  1. If this account owns more than one domain, select the domain that you wish to manage from the Domain menu.

  2. Click more.
  3. Select the Are you sure that you wish to erase all of your entries and revert to the default state? checkbox.
  4. Click Reset Zone File.

In This Document

Related Documentation

For Hosting Providers

Add a record

To add a record, perform the following steps: 

  1. If this account owns more than one domain, select the domain that you wish to manage from the Domain menu.

  2. Select a record type:

    • A —  This record maps hostnames to IP addresses. A records are essential because they allow DNS servers to identify and locate your website and its various services on the Internet. Without appropriate A records, your visitors cannot access your website, FTP site, or email accounts.

      Remember:

      cPanel configures your DNS records so that visitors can resolve your website and its services, such as FTP and email. Only add A records when you add a service that cPanel & WHM or your service provider does not provide.

    • AAAA — This record maps hostnames to IPv6 addresses. 

    • CNAME — This record creates an alias for another domain name, which DNS looks up. This is useful, for example, if you point multiple CNAME records to a single A record in order to simplify DNS maintenance.

      Note:

      You cannot point a CNAME record at an IP address.

    • SRV — This record provides information about available services on specific ports on your server.

      Note:

      The SRV record must point at a hostname with an A (or AAAA) record. You cannot point an SRV record at a CNAME record.

    • TXT — This record contains text information for various services to read. For example, TXT records can specify data for the SPF (Sender Policy Framework) or DKIM (Domain Keys Mail Identifier) email authentication systems.

      Note:

      On servers that run CentOS 7, you may see a named warning about the absence of SPF resource records on DNS.

      • This warning is not relevant on CentOS 7 servers, because RFC 7208 deprecated SPF records. CentOS 7 servers use TXT records instead of SPF records.
      • Red Hat 7.1 and CentOS 7.1 both contain bind-9.9.4-23.el7, which is an updated version of BIND that complies with RFC 7208. To resolve this issue, update your operating system to a version that contains the updated version of BIND. For more information, read the the Red Hat Bugzilla case about SPF record errors.
       
  3. Enter the appropriate information for the record type that you select.
  4. Click Add A Record.

Notes:

  • The Advanced Zone Editor interface does not display DKIM records.
  • You can use cPanel's Authentication interface (cPanel >> Home >> Email >> Authentication) to manage SPF and DKIM records.

Edit a record

To edit a record, perform the following steps:

  1. If this account owns more than one domain, select the domain that you wish to manage from the Domain menu.

  2. Click Edit next to the record that you wish to edit.
  3. Change the information in the text boxes as necessary.
  4. Click Edit Record to save your changes, or click cancel to discard them.

Delete a record

To delete a record, perform the following steps:

  1. If this account owns more than one domain, select the domain that you wish to manage from the Domain menu.

  2. Click Delete next to the record that you wish to remove.
  3. Click Delete.

DNSSEC

Important:

This feature only appears if your System Administrator installs PowerDNS in either of the following interfaces:

DNS Security Extensions (DNSSEC) add a layer of security to your domains' DNS records. DNSSEC uses digital signatures and cryptographic keys to validate that DNS responses are authentic. These digital signatures protect clients from various forms of attack, such as spoofing or a man-in-the-middle attack.

Important:

  • DNSSEC keys remain on a server after you terminate an account. If you restore an account on the same server from which you deleted it, the account’s DNSSEC keys remain valid.
  • If you transfer the account to another server, you must reconfigure DNSSEC for the domains and update the domain server records on the registrar. The system does not include DNSSEC keys in an account’s backup file.

    To transfer an account with DNSSEC enabled domains, perform the following steps for each domain:

    1. Remove the Domain Server (DS) records from the registrar.
    2. Wait for the changes to propagate (up to 72 hours).
    3. Disable DNSSEC on the domain (optional).
    4. Transfer the account to the new server.
    5. Enable DNSSEC on the new server.

    If you do not remove the old DS records from the registrar, the domains may produce DNS resolution issues due to invalid DNSSEC responses.

Enable DNSSEC

To enable DNSSEC for a domain, perform the following steps:

  1. If this account owns more than one domain, select the domain that you wish to manage from the Domain menu.

  2. Click Enable. The system will generate a new DNSSEC key, and a new line will appear that contains the following information:

    ColumnDescription
    Key TagAn integer value that identifies the domain's DNSSEC record.
    AlgorithmThe record's encrypted signature.
    Digest TypeThe algorithm type that constructs the digest. Select the Digest Type that your registrar supports.
    DigestAn alpha-numeric string that the algorithm generates.

Important:

After you generate the domain's DNSSEC key, you must configure a Domain Server (DS) record with your domain registrar. Click the links below for DS record instructions with some of the most popular domain registrars.

 GoDaddy

To configure a DS record with GoDaddy, perform the following steps:

  1. Click Manage.
  2. In the upper-right corder of the interface, select the list view.
  3. Select the domain for which to create a DS record. 
  4. In the DS Records section of the Settings interface, click Manage.
  5. Click Add DS Record.
  6. Enter the DNSSEC key's information in the text boxes and click Next. The system will validate the DS record information that you added.
  7. Click Next, and then click OK.
 Namecheap

To configure a DS record with NameCheap, perform the following steps:

  1. Click Domain List in the left menu.
  2. Select the domain for which to configure a DS record and click Manage.
  3. Click Advanced DNS.
  4. Move the DNSSEC toggle button to on. The DS records menu will appear.
  5. Click ADD NEW DS.
  6. Enter the DNSSEC key's information in the text boxes.
  7. Click SAVE ALL CHANGES.
 OpenSRS

To configure a DS record with OpenSRS, perform the following steps:

  1. Click Domains.
  2. Locate the domain for which to configure a DS record and click the domain's name.
  3. Scroll down to the DNSSEC section and click Edit. The DS records menu will appear.
  4. Enter the DNSSEC key's information in the text boxes.
  5. Click Save.

Disable DNSSEC

To disable DNSSEC for a domain, perform the following steps: 

  1. If this account owns more than one domain, select the domain that you wish to manage from the Domain menu.

  2. Click Disable.

 

Important:

After you generate the domain's DNSSEC key, you must delete the DS record with your domain registrar. Click the links below for DS record instructions with some of the most popular domain registrars.

 GoDaddy

To delete a DS record with GoDaddy, perform the following steps:

  1. Click Manage.
  2. In the upper-right corder of the interface, select the list view.
  3. Select the domain for which to delete a DS record. 
  4. In the DS Records section of the Settings interface, click Manage.
  5. Locate the DS record that you wish to delete and click Remove. The system will validate the DS record information that you removed.
  6. Click Next.
  7. Click OK.
 Namecheap

To delete a DS record with NameCheap, perform the following steps:

  1. Click Domain List in the left menu.
  2. Select the domain for which to delete a DS record and click Manage.
  3. Click Advanced DNS.
  4. Click the (error) in the DS record's row to delete the record.
  5. Click SAVE ALL CHANGES.
  6. Move the DNSSEC toggle button to Off.
 OpenSRS

To delete a DS record with OpenSRS, perform the following steps:

  1. Click Domains.
  2. Locate the domain for which to delete a DS record and click the domain's name.
  3. Scroll down to the DNSSEC section and click the (minus) next to the Key Tag text box.
  4. Click Save.