The dnssec-cluster-keys Script

Valid for versions 90 through the latest version

Version:

90

Last modified: May 15, 2020


Overview

The /usr/local/cpanel/scripts/dnssec-cluster-keys script syncs and revokes currently active DNSSEC keys in a DNS cluster. This is useful, for example, to sync DNSSEC keys in a DNS cluster if they don’t sync properly.

To run this script:

  • You must possess root-level privileges.

  • You must use PowerDNS as your nameserver.

  • You must enable DNS clustering in WHM’s DNS Cluster interface (WHM » Home » Clusters » DNS Cluster). For more information about DNSSEC in cPanel & WHM, read our DNSSEC documentation.

Run the script

To run the script on the command line, use the following format:

/usr/local/cpanel/scripts/dnssec-cluster-keys [options]

Options

You can use the following options with this script:

Option Description Example
--sync Sync DNSSEC keys to the DNS cluster. Pass this option without the --tag option to sync all currently active DNSSEC keys on your server.
Note:
You must pass either the --sync flag or the --revoke flag, but not both.
--sync
--revoke Revoke DNSSEC keys from the cluster
Note:
You must pass either the --sync flag or the --revoke flag, but not both.
--revoke
--zone The DNS Zone on which to perform the action.
Note:
This option is required.
--zone=example.com
--tag The DNSSEC key to sync. Pass this option multiple times to sync or revoke multiple DNSSEC keys
Note:
This option is required if you pass the --revoke option.
--tag=46547
--nolocal Do not perform the actions on your local DNS server. This is useful, for example, if you revoke a DNSSEC key but want to keep the key on your local DNS server. --nolocal

Example

To sync two active DNSSEC keys to the example.com DNS zone, run the following script as the root user:

/usr/local/cpanel/scripts/dnssec-cluster-keys --sync --zone=example.com --tag=46547 --tag=31016

If this script succeeds, it won’t return output.

Additional Documentation