Guide to DNS Cluster Configurations

Last modified: February 6, 2020


A DNS cluster is a group of nameservers that share records with each other. This allows you to physically separate nameservers that handle the DNS requests from your web servers.


You can configure DNS clusters in WHM’s DNS Cluster interface (WHM >> Home >> Clusters >> DNS Cluster).

Why should I implement a DNS cluster?

If your nameservers exist in different geographical locations and one fails, DNS clusters allow you to maintain DNS functionality. Visitors can still reach the websites that your server hosts. DNS clusters also allow visitors to reach websites more quickly than they could if only one nameserver processes all of the DNS requests.



All servers in the DNS cluster must run PowerDNS if domains that use DNSSEC exist in that cluster.

cPanel & WHM supports DNS Security Extensions (DNSSEC) in DNS clusters. A DNS resolver will compare the DNS server’s DNSSEC record to the DS record at the registrar. If they match, then the DNS resolver knows that the record is valid.

You can create, manage, or delete a domain’s DNSSEC keys in cPanel’s Zone Editor interface (cPanel >> Home >> Domains >> Zone Editor).

The system uses the /usr/local/cpanel/scripts/dnssec-cluster-keys script to synchronize and revoke currently-active DNSSEC keys in a DNS Cluster. If you wish to perform this step manually, run that script as the root user.

For more information about DNSSEC in cPanel & WHM, read our DNSSEC documentation.

cPanel DNSOnly servers

You can use cPanel DNSOnly™ servers as nameservers in a DNS cluster to maintain DNS functionality. After you create a cPanel DNSOnly server, add it to a DNS cluster in WHM’s DNS Cluster interface (WHM >> Home >> Clusters >> DNS Cluster).

Cluster structures

Before you set up your DNS cluster, consider which structure will be the most efficient. The way in which you link each server determines the speed at which your DNS requests resolve.

Your servers function more slowly if multiple steps exist between a web server and a nameserver. To improve the performance of your servers, link your web server directly to the DNS servers, as shown below. This eliminates the steps that each request must perform, and your DNS requests will resolve more quickly.

A direct link between the web server and each of two nameservers is optimal.

In this example, sends DNS information directly to and

Use the primary nameserver as an intermediary

If necessary, place the primary nameserver between the web server and the secondary nameserver. For each intermediate server that you add, data will transfer three times slower than for a direct link.

An intermediate nameserver between the web server and secondary nameserver is acceptable.

To create this configuration, set the web server to sync the primary nameserver. Then, set the primary nameserver to synchronize data to the secondary nameserver.

Use multiple intermediary nameservers

We do not recommend this method.

The least optimal configuration uses multiple steps between the web server and nameservers.

If you configure multiple steps between a web server and nameserver, the servers’ performance slows.

In this example, for to communicate with, the information must pass through two intermediary servers. This increases the processor load on the servers because the nameserver software updates the DNS information on each step. This configuration slows the servers’ response time considerably.

Reverse Trust relationship

You must set up a Reverse Trust relationship between each server in a DNS cluster. This relationship allows servers in a DNS cluster to share records with one another. This relationship also requires each server to have an API token.

You can configure a Reverse Trust relationship for each server in WHM’s DNS Cluster interface (WHM >> Home >> Clusters >> DNS Cluster). You can create an API token in WHM’s Manage API Tokens interface (WHM >> Home >> Development >> Manage API Tokens).

To check whether the servers in a DNS cluster can share records with one another, call the WHM API 1 cluster_member_has_trust_with function.


You do not need to set up a Reverse Trust relationship for cPanel DNSOnly servers or servers that use the Write-only DNS role.

Troubleshoot DNS zones

Whenever the dnsadmin process runs, it checks all of the files in the /var/cpanel/dnsrequests_db directory. If the dnsadmin request has a large number of files to check, the request may time out before the system loads your DNS zones.

If your server belongs to a DNS cluster, and your DNS zones will not load, you can use the following methods to troubleshoot the problem:

  • Delete the temporary files in the /var/cpanel/dnsrequests_db directory.

  • Open the /var/cpanel/dnsrequests_db.last_clean_time file and check the most recent date on which the system cleared the /var/cpanel/dnsrequests_db directory.


    We recommend that you set up a cron job to clear the directory on a regular basis.

If your DNS zones still do not load, open a support ticket.

Additional Documentation