We have a new documentation site for cPanel & WHM! You can find our new documentation site at docs.cpanel.net.
We will continue to maintain our API documentation on this server.
To add a record, perform the following steps:
Click Manage next to the domain that you wish to modify.
Click the arrow next to Add Record to select a record type:
Add A Record — This record maps hostnames to IP addresses. A records allow DNS servers to identify and locate your website and its various services on the Internet. Without appropriate A records, your visitors cannot access your website, FTP site, or email accounts.
The system configures your DNS records so that visitors can resolve your website and its services, such as FTP and email. Only add A records when you add a service that cPanel & WHM or your service provider does not provide.
Add AAAA Record — This record maps hostnames to IPv6 addresses.
Add CAA Record — This record allows you to specify which certificate authority (CA) will issue an SSL certificate for a domain.
|Flag||Whether the CA will issue an SSL certificate if the CAA Resource Record contains unknown property tags. For more information about CAA record flags, read the RFC 6844 Documentation.|
|Tag||The CAA record's property type.|
|Value||The CA's domain, or the CA's URL if you select the iodef element.|
If no CAA records exist for a domain, all CAs can issue certificates for that domain. If conflicting CAA records already exist, remove the existing CAA records or add one for the desired CA. For example, a CAA record for Sectigo® would resemble the following example, where For more information about a CA's requirements, read their documentation.
example.com represents the domain name:
If no CAA records exist for a domain, all CAs can issue certificates for that domain. If conflicting CAA records already exist, remove the existing CAA records or add one for the desired CA.
For example, a CAA record for Sectigo® would resemble the following example, where
For more information about a CA's requirements, read their documentation.
Add CNAME Record — This record creates an alias for another domain name, which DNS looks up. This is useful, for example, if you point multiple CNAME records to a single A record in order to simplify DNS maintenance.
You cannot point a CNAME record to an IP address.
Add DMARC Record — This record indicates the action for a mail server to take when it receives mail from this domain, but that message fails SPF and DKIM checks. If you select this option, the system creates a TXT record with a default DMARC record. The system also displays a form that allows you to specify the domain's DMARC policy (None, Quarantine, or Reject), as well as the following optional parameters:
If you do not specify a valid parameter, the system will not save the parameter when you create the record.
The action that the recipient's mail server should perform when it receives mail from a subdomain of this domain, but that message fails SPF and DKIM checks.
|DKIM Mode||The Domain Keys Identified Mail (DKIM) level that the system will enforce for the domain.|
|SPF Mode||The Sender Policy Framework (SPF) level that the system will enforce for the domain.|
The percentage of email messages that you wish for the system to filter.
This parameter's value defaults to 100.
|An integer value between 0 and 100.|
|Generate Failure Reports When|
The error reporting policy between the sender and receiver's Mail Transfer Agents.
|Report Format||The format that the system uses to report an email message's possible spam status.|
The amount of time, in seconds, that elapse between each aggregate email message report.
|A positive integer.|
|Send Aggregate Mail Reports To|
A comma-delimited list of URIs to which to send aggregate email message reports.
To add a size limit for the report, affix an exclamation point, a number, and a file size multiplier to the end of the URI. You can specify the following size multipliers:
If your URI includes a comma, you must URI-encode the comma.
|Send Failure Reports To||A comma-delimited list of URIs to which to send failure email message reports.|
Add MX Record — This record allows you to route a domain's incoming mail to a specific server. Changes that you make to a domain's MX (Mail Exchanger) control where the system delivers email for a domain.
Add SRV Record — This record provides information about available services on specific ports on your server.
The SRV record must point at a hostname with an A (or AAAA) record. You cannot point an SRV record at a CNAME record.
|Priority||The service record's priority value.||A positive integer that represents the target host's priority order.|
|Weight||The system uses this value to rank entries with the same |
A positive integer that represents the target host's weight against other hosts with the same Priority value.
|Port||The target host's port.|
A positive integer that represents a port number.
For a complete list of ports, read our How to Configure Your Firewall for cPanel Services documentation.
|Target||The service's target host.||A valid hostname.|
Add TXT Record — This record contains text information for various services to read. For example, TXT records can specify data for the SPF, DKIM, or DMARC email authentication systems.
Click the links below to view examples of each TXT record:
The TXT record text box accepts invalid data and does not issue a warning.
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14CK7pzW3Q4NHyJv/NIUG2vxuW8cDLnrQyjnpf0XQCHkFMnBdampzVG/T15U4P7W3YKImR6aF+QhM6WRZdXaOQqdkkkGc+VdYnH415ZikqSvfwSQ+n2fdIEVHvOkLyl/qSQkNhijtz48qb874keiYimo9Gsdg7mlhURImqPlL9zsGFcBpogmW00bnwmeiyeFbBY+d0QJRAelECpIbdWQfiCq1tUMm1pMGI5GHmnJVs3ToPvRoH2J4SQpOO91smkwaQPEEdLVXTMpLuKcvOOjotwzeVX5A4RBfuAaKjk7z0xdkTnsDivFJSqqNBLtT0v8cv6JjDgWZ8pYKBC65mdWxwIDAQAB;
Note: On servers that run CentOS 7, you may see a
named warning about the absence of SPF resource records on DNS.
bind-9.9.4-23.el7, which is an updated version of BIND that complies with RFC 7208. To resolve this issue, update your operating system to a version that contains the updated version of BIND. For more information, read the Red Hat Bugzilla case about SPF record errors.
On servers that run CentOS 7, you may see a
Use cPanel's Email Deliverability in cPanel interface (cPanel >> Home >> Email >> Authentication) to manage SPF and DKIM records.
To edit a record, perform the following steps:
Click Manage next to the domain you want to modify.
To delete a record, perform the following steps:
Click Manage next to the domain you want to modify.
This feature erases any modifications that you made to your zone records. The system attempts to save the domain's TXT entries. We recommend that you record any changes that you wish to save before you use this feature.
To reset your DNS zone files, your systems administrator must enable the following features in WHM's Feature Manager interface (WHM >> Home >> Packages >> Feature Manager):
To reset your DNS zone files to the defaults that your hosting provider specifies, perform the following steps:
DNSSEC can protect clients from various forms of attack, such as spoofing or a Man-in-the-Middle Attacks. A DNS resolver will compare the DNS server's DNSKEY record to the DS record at the registrar. If they match, then the DNS resolver knows that the record is valid.
DNSSEC uses digital signatures to strengthen DNS authentication. These digital signatures use public key cryptography to sign the DNS data. However, these digital signatures do not sign the DNS queries and responses.
In the Zone Editor interface, click DNSSEC in a domain's row to display the DNSSEC interface.
For more information about DNSSEC, read our DNSSEC documentation.
If you transfer the account to another server, you must remove the Domain Server (DS) records from the registrar before you transfer the domain.
To transfer an account with DNSSEC enabled domains, perform the following steps for each domain:
If you do not remove the old DS records from the registrar, the domains may produce DNS resolution issues due to invalid DNSSEC responses.
To quickly create a pair of DNSSEC keys that most registrars will accept, perform the following steps:
If you wish to create a customized key with a stronger algorithm, perform the following steps:
Simple — Creates a CSK (Combined Signing Key), which the system will use as both the ZSK and KSK.
Select the desired algorithm from the Algorithm menu.
The interface will disable incompatible algorithms.
To import a DNSSEC key for a domain, perform the following steps:
The Keys table lists the DNSSEC security keys that exist for the domain:
When you click View DS Records for a key, the DS Records interface will appear.
This interface displays the following information:
To add a DS record to the domain's registrar, perform the following steps:
To deactivate a DNSSEC key, perform the following steps:
To reactivate the security record, click Activate.
To delete a DNSSEC key, perform the following steps:
For information about how to rotate a DNSSEC key, read our How to Rotate a DNSSEC Key documentation.
Any time you create, modify, or remove a domain’s DNSSEC key, you must configure a Domain Server (DS) record with your domain registrar. The following are some of the most popular domain registrars. Visit their website to read their DNSSEC management documentation.