Page tree
For cPanel & WHM version 84
Skip to end of metadata
Go to start of metadata


Overview

The /usr/local/cpanel/scripts/dnssec-cluster-keys script syncs and revokes currently active DNSSEC keys in a DNS cluster. This is useful, for example, to sync DNSSEC keys in a DNS cluster if they don't sync properly.

To run this script: 

  • You must possess root-level privileges.
  • You must use PowerDNS as your nameserver.
  • You must enable clustering on each server in the DNS cluster in WHM's DNS Cluster interface (WHM >> Home >> Clusters >> DNS Cluster).

For more information about DNSSEC in a DNS cluster, read our Guide to DNS Cluster Configurations documentation. For more information about DNSSEC in cPanel & WHM, read our DNSSEC documentation.

Run the script

To run the script on the command line, use the following format:

/usr/local/cpanel/scripts/dnssec-cluster-keys [options]

Options

You can use the following options with this script:

OptionDescriptionExample

--sync

Sync DNSSEC keys to the DNS cluster. Pass this option without the --tag option to sync all currently active DNSSEC keys on your server.

Note:

You must pass either the --sync flag or the --revoke flag, but not both.

--sync 

--revoke

Revoke DNSSEC keys from the DNS cluster.

Note:

You must pass either the --sync flag or the --revoke flag, but not both.

--revoke 

--zone

Required

The DNS zone on which to perform the action.

--zone=example.com 

--tag

The DNSSEC key to sync.  Pass this option multiple times to sync or revoke multiple DNSSEC keys.

Note:

This option is required if you pass the --revoke option.

--tag=46547 

--nolocal

Do not perform the actions on your local DNS server. This is useful, for example, if you revoke a DNSSEC key but want to keep the key on your local DNS server. nolocal 

Example

To sync two active DNSSEC keys to the example.com DNS zone, run the following script as the root user:

/usr/local/cpanel/scripts/dnssec-cluster-keys --sync --zone=example.com --tag=46547 --tag=31016

If this script succeeds, it won't return output.

If your DNSSEC keys don't sync, the system sends you a notification via the DNSSEC key sync failure notification in WHM's Contact Manager interface (WHM >> Home >> Server Contacts >> Contact Manager).

Additional documentation