The dnssec-cluster-keys Script
Valid for versions 90 through the latest version
Version:
90
Last modified: May 15, 2020
Overview
The /usr/local/cpanel/scripts/dnssec-cluster-keys script syncs and revokes currently active DNSSEC keys in a DNS cluster. This is useful, for example, to sync DNSSEC keys in a DNS cluster if they don’t sync properly.
To run this script:
-
You must possess
root-level privileges. -
You must use PowerDNS as your nameserver.
-
You must enable DNS clustering in WHM’s DNS Cluster interface (WHM » Home » Clusters » DNS Cluster). For more information about DNSSEC in cPanel & WHM, read our DNSSEC documentation.
Run the script
To run the script on the command line, use the following format:
/usr/local/cpanel/scripts/dnssec-cluster-keys [options]Options
You can use the following options with this script:
| Option | Description | Example |
|---|---|---|
--sync |
Sync DNSSEC keys to the DNS cluster. Pass this option without the --tag option to sync all currently active DNSSEC keys on your server.
Note:
You must pass either the
--sync flag or the --revoke flag, but not both.
|
--sync |
--revoke |
Revoke DNSSEC keys from the cluster
Note:
You must pass either the
--sync flag or the --revoke flag, but not both.
|
--revoke |
--zone |
The DNS Zone on which to perform the action.
Note:
This option is required.
|
--zone=example.com |
--tag |
The DNSSEC key to sync. Pass this option multiple times to sync or revoke multiple DNSSEC keys
Note:
This option is required if you pass the
--revoke option.
|
--tag=46547 |
--nolocal |
Do not perform the actions on your local DNS server. This is useful, for example, if you revoke a DNSSEC key but want to keep the key on your local DNS server. | --nolocal |
Example
To sync two active DNSSEC keys to the example.com DNS zone, run the following script as the root user:
/usr/local/cpanel/scripts/dnssec-cluster-keys --sync --zone=example.com --tag=46547 --tag=31016If this script succeeds, it won’t return output.