cPanel version 84 with PowerDNS and DNSSEC

DNSSEC clustering for medium-sized domain name portfolios

With the launch of cPanel version 84, PowerDNS with DNSSEC enabled has become an integral feature of the cPanel/WHM control environment. So cPanel/WHM now installs the PowerDNS Authoritative Server by default and the user interface now includes DNSSEC functionality.

Under DNS Cluster, administrators can switch the server software from the BIND default to PowerDNS. In that case, the domain information is loaded from the BIND zone files and DNSSEC-specific metadata is saved in the (embedded) SQLite database (in the Authoritative Server's 'hybrid BIND mode'). Signing of the relevant domains and associated key material can then be managed using cPanel's Zone Editor.



According to the documentation, the DNSSEC clustering is scalable to ten thousand signed domains. The developers advise users with more domains not to enable DNSSEC. However, we don't agree with that advice. We believe it's better for administrators with large portfolios to look for an alternative solution. Detailed guidance on setting up the PowerDNS Authoritative Server and all DNSSEC facilities and configurations is given in this article.

  • Wednesday 24 July 2019

    About SIDN

    SIDN enables RDAP for .amsterdam and .politie

    Thumb illustration torn blue paper with letters RDAP

    "New protocol is far better than Whois"

    Read more
  • Wednesday 16 January 2019

    Internet security

    Registrants and operators need to test for EDNS compliance


    Domain names on non-compliant servers may be unreachable after 1 February

    Read more
  • Tuesday 20 November 2018


    Plenty of scope for improving the government's on-line activities


    Government services less popular with smartphone users

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.