Zone Editor For cPanel

cPanel_new.pngcPanel_Legacy.png

Overview

DNS (Domain Name Service) converts human-readable domain names (for example, example.com) to computer-readable IP addresses (for example, 192.0.32.10). DNS relies on zone records that exist on your server to map domain names to IP addresses.

 

Several different types of records reside in a domain's zone file. This feature allows you to create, edit, and delete the following records:

  • AAAA
  • CAA (Certificate Authority Authorization Record)
  • CNAME (Canonical Name Record)
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance)
  • MX (Mail Exchanger)
  • SRV (Service Record)
  • TXT (Text Record)Domains

 

Domains

This interface displays your account's domains. For each domain in the list, you can perform some actions directly. Click the text to perform that action.

Text
Action

A Record

Add an A record for this domain.
CNAME Record
Add a CNAME record for this domain.

MX Record

Add an MX record for this domain.
DNSSEC Record
Enable or disable DNSSEC for this domain.

Manage

Add or edit additional records for this domain.

To refresh the list of domains, click the gear icon (Gear.png) and select Refresh List.

 

Manage Zone

This interface displays the zone records for the selected domain. To filter the list of zone records, enter a name in the text box or select one of the record type filters.

 

Add a record

To add a record, perform the following steps: 

  1. Click Manage next to the domain that you wish to modify.

  2. Click the arrow next to Add Record to select a record type:

    • Add A Record — This record maps hostnames to IP addresses. A records allow DNS servers to identify and locate your website and its various services on the Internet. Without appropriate A records, your visitors cannot access your website, FTP site, or email accounts.

    • Add AAAA Record — This record maps hostnames to IPv6 addresses. 

    • dd CAA Record — This record allows you to specify which certificate authority (CA) will issue an SSL certificate for a domain.

      Element

      Description

      Possible values

      Flag

      Whether the CA will issue an SSL certificate if the CAA Resource Record contains unknown property tags. For more information about CAA record flags, 

      • 0 — Non-critical. The CA will issue an SSL certificate if the CAA Resource Record contains unknown property tags.
      • 1 — Critical. The CA will not issue an SSL certificate if the CAA Resource Record contains unknown property tags.

      Tag

      The CAA record's property type.

       

      • issue — Authorize a CA to issue a certificate for the domain.
      • issuewild — Authorize a CA to issue a wildcard certificate for the domain.
      • iodef — Specify a URL to which a CA may report policy violations.

      Value

      The CA's domain, or the CA's URL if you select the iodef element.

       

      If no CAA records exist for a domain, all CAs can issue certificates for that domain. If conflicting CAA records already exist, remove the existing CAA records or add one for the desired CA.

      For example, a CAA record for Comodo would resemble the following example, where example.com represents the domain name:

      example.com. 86400 IN CAA 0 issue "comodoca.com"
    • Add CNAME Record — This record creates an alias for another domain name, which DNS looks up. This is useful, for example, if you point multiple CNAME records to a single A record in order to simplify DNS maintenance.

       
    • Add DMARC Record — This record indicates the action for a mail server to take when it receives mail from this domain, but that message fails SPF and DKIM checks. If you select this option, the system creates a TXT record with a default DMARC record. The system also displays a form that allows you to specify the domain's DMARC policy (None, Quarantine, or Reject), as well as the following optional parameters:

       
      Option
      Description
      Possible values
      Subdomain Policy

      The action that the recipient's mail server should perform when it receives mail from a subdomain of this domain, but that message fails SPF and DKIM checks.

      • None — Do not perform any action for spam email messages.
      • Quarantine — Send spam email messages to a different folder on the account.
      • Reject — Reject spam email messages.
      DKIM Mode The Domain Keys Identified Mail (DKIM) level that the system will enforce for the domain.
      • Relaxed — The system allows some email messages from domains that it does not recognize.
      • Strict — The system rejects all email messages from domains that it does not recognize. 
      SPF Mode The Sender Policy Framework (SPF) level that the system will enforce for the domain.
      • Relaxed — The system allows some email messages from senders that it does not recognize.
      • Strict — The system rejects all email messages from senders that it does not recognize. 
      Percentage

      The percentage of email messages that you wish for the system to filter.

      Note:

      This parameter's value defaults to 100.

      An integer value between 0 and 100.
      Generate Failure Reports When

      The error reporting policy between the sender and receiver's Mail Transfer Agents.

       

      • Any checks fail — Send a report to both the sender and receiver if any email checks fail.
      • All checks fail — Only send a report to both the sender and receiver if all of the email checks fail.

      Report Format The format that the system uses to report an email message's possible spam status.
      • AFRF — Authentication Failure Reporting Format.
      • IODEF — Incident Object Description Exchange Format.
      Report Interval

      The amount of time, in seconds, that elapse between each aggregate email message report.

      Notes:

      • This parameter's value defaults to 86400.
      • This value does not include email failure messages.
      A positive integer.
      Send Aggregate Mail Reports To

      comma-delimited list of URIs to which to send aggregate email message reports.

      To add a size limit for the report, affix an exclamation point, a number, and a file size multiplier to the end of the URI. You can specify the following size multipliers:

      • k — Kilobytes.
      • m — Megabytes.
      • g — Gigabytes.
      • t — Terabytes.

      Note:

      If your URI includes a comma, you must URI-encode the comma.

      mailto:reports@example.com!50m
      Send Failure Reports To A comma-delimited list of URIs to which to send failure email message reports. mailto:reports@example.com!50m
    • Add MX Record — This record allows you to route a domain's incoming mail to a specific server. Changes that you make to a domain's MX (Mail Exchanger) control where the system delivers email for a domain.

    • Add SRV Record — This record provides information about available services on specific ports on your server.

       

      Option
      Description
      Possible values
      Priority The service record's priority value. A positive integer that represents the target host's priority order.
      Weight The system uses this value to rank entries with the same priority value.

      A positive integer that represents the target host's weight against other hosts with the same Priority value.

      Port The target host's port.

      A positive integer that represents a port number.

      Note:

      For a complete list of ports, read our How to Configure Your Firewall for cPanel Services documentation.

       

       

      Target The service's target host. A valid hostname.
    • Add TXT Record — This record contains text information for various services to read. For example, TXT records can specify data for the SPF, DKIM, or DMARC email authentication systems.
      See below to view examples of each TXT record:

       
      SPF Records
      v=spf1 +a +mx +ip4:10.215.218.151 ~all
       
      DKIM Records

      v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14CK7pzW3Q4NHyJv/NIUG2vxuW8cDLnrQyjnpf0XQCHkFMnBdampzVG/T15U4P7W3YKImR6aF+QhM6WRZdXaOQqdkkkGc+VdYnH415ZikqSvfwSQ+n2fdIEVHvOkLyl/qSQkNhijtz48qb874keiYimo9Gsdg7mlhURImqPlL9zsGFcBpogmW00bnwmeiyeFbBY+d0QJRAelECpIbdWQfiCq1tUMm1pMGI5GHmnJVs3ToPvRoH2J4SQpOO91smkwaQPEEdLVXTMpLuKcvOOjotwzeVX5A4RBfuAaKjk7z0xdkTnsDivFJSqqNBLtT0v8cv6JjDgWZ8pYKBC65mdWxwIDAQAB;

      DMARC Records

      v=DMARC1;p=none;rua=mailto:user@example.com 

  3. Enter the appropriate information for the record type that you selected.
  4. Click Add Record.
 

Edit a record

To edit a record, perform the following steps:

  1. If this account owns more than one domain, click Manage next to the domain you want to modify.

  2. Click Edit next to the record that you wish to edit.
  3. Change the information in the text boxes as necessary.
  4. Click Edit Record to save your changes, or click Cancel to discard them.

 

Delete a record

To delete a record, perform the following steps:

  1. Click Manage next to the domain you want to modify.

  2. Click Delete next to the record that you wish to remove.
  3. Click Delete i n the confirmation dialog box.

 

Reset zone files

To reset your DNS zone files to the defaults that your hosting provider specifies, perform the following steps:

  1. Click Manage next to the domain that you wish to reset.
  2. Click the gear icon (Gear.png) and select Reset Zone.
  3. Read the warning about the consequences.
  4. Click Continue to reset your zone, or Cancel to return to the Manage Zone interface.

 

DNSSEC

DNS Security Extensions (DNSSEC) add a layer of security to your domains' DNS records. DNSSEC uses digital signatures and cryptographic keys to authenticate DNS responses. These digital signatures protect clients from various forms of attack, such as Spoofing or a Man-in-the-Middle attack.

 

Enable DNSSEC

To enable DNSSEC for a domain, perform the following steps:

  1. If this account owns more than one domain, click DNSSEC next to the domain you want to modify.

  2. Click Enable. The system will generate a new DNSSEC key, and a new line will appear that contains the following information:

    Column
    Description
    Key Tag An integer value that identifies the domain's DNSSEC record.
    Algorithm The record's encrypted signature.
    Digest Type The algorithm type that constructs the digest. Select the digest type that your registrar supports.
    Digest An alpha-numeric string that the algorithm generates.
 
 

Disable DNSSEC

To disable DNSSEC for a domain, perform the following steps: 

  1. If this account owns more than one domain, click DNSSEC next to the domain you want to modify.
  2. Click Disable.

 
Was this article helpful?
4 out of 5 found this helpful