cPanel DNS Manager for WHMCS Print

1. What is cPanel DNS Manager?

cPanel DNS Manager is a WHMCS module that connects your billing system to cPanel/WHM (including DNSONLY) servers via the WHM API. It automates DNS management for your customers and supports DNSSEC through PowerDNS API integration.

Key features:

• Creates and deletes DNS zones automatically
• DNSSEC with key management and DS records (via PowerDNS API)
• Zone records importer with merge, replace, and append modes
• Lets customers manage their DNS records
• Works with these record types: A, AAAA, CNAME, MX, TXT, SRV, CAA, NS, TLSA
• Per-record TTL support
• Protects default nameserver records from accidental changes
• Nameserver propagation checker built in
• Fully translated in 9 languages

2. Features

Automation

• Creates zones on domain registration or DNS hosting activation
• Associates existing zones on domain transfer instead of creating duplicates
• Deletes zones on service termination
• Retry logic for failed operations

Supported DNS Records

• A, AAAA, CNAME, MX, TXT, SRV, CAA, NS, TLSA

DNSSEC Features

cPanel DNSONLY servers block DNSSEC API calls (enable_dnssec_for_domains, disable_dnssec_for_domains) even with root access. This module works around that by talking directly to PowerDNS's REST API for all DNSSEC operations.

• One-click DNSSEC activation
• Automatic key generation and management
• DS records for registrar integration
• DNSSEC validation status display
• Requires PowerDNS with REST API enabled (see DNSSEC Setup)

Zone Import

• Import from BIND/RFC1035 format
• Three import modes: merge, replace, append
• Validation before import
• Preserves existing records when merging

User Interface

• Admin panel for managing all zones
• Client area for customers to manage their own DNS
• Responsive design
• Activity logging
• Zone export functionality
• Nameserver propagation checker

Languages

• Client area fully translated in 9 languages
• Included: English, Dutch, French, German, Italian, Portuguese (including Brazilian Portuguese), Russian, Spanish
• Easy to add more languages

WHMCS Integration

• Works as an addon module (for domains)
• Works as a server module (for DNS hosting products)
• Logs all actions
• Automated lifecycle hooks

Security

• Encrypts API credentials in database
• Blocks direct file access
• Permission-based access control
• Protected default records

3. Requirements

• WHMCS 8.9 or newer
• cPanel/WHM or cPanel DNSONLY server with WHM API access
• PHP 8.1+ with curl extension
• Valid cPanel DNS Manager license
• For DNSSEC: PowerDNS with REST API enabled (see DNSSEC Setup)

4. Installation

Step 1: Upload Files

Upload these folders to your WHMCS installation:

/modules
├─ addons
│   └─ cpanel_dnsonly_manager
└─ servers
    └─ cpanel_dnsonly_manager

Important: Don't rename the folders.

Step 2: Activate the Addon

1. Go to System Settings → Addon Modules
2. Find "cPanel DNS Manager" and click Activate
3. Click Configure
4. Enter your license key and WHM API details:
   • WHM Hostname: Your WHM server hostname or IP
   • WHM API Token: Create one in WHM → Manage API Tokens
   • WHM Username: Usually root
   • WHM Port: Default 2087
   • Use SSL: Enable HTTPS for WHM API calls (default: Yes)
5. Configure nameservers, default TTL, and DNSSEC settings if needed
6. Click Save Changes

Step 3: Set Permissions

Choose which admin groups can use the module.

Step 4: Set Up Server Module (Optional)

To sell DNS hosting as a product:

1. Go to System Settings → Servers
2. Add a new server
3. Choose cpanel_dnsonly_manager
4. Enter the same WHM API details

Step 5: Test API Connection

From your WHMCS server, test WHM API access:

curl -k -H "Authorization: whm root:YOUR_API_TOKEN" https://your-whm-server:2087/json-api/version

You should see a JSON response with the WHM version.

How It Works

• New domain registered: Creates DNS zone automatically
• Domain transferred: Associates existing zone or creates a new one
• Domain terminated: Removes zone
• DNSSEC enabled: Generates keys and provides DS records via PowerDNS API

5. Configuration Options

WHM API Settings

License Key

Your ArkHost license

WHM Hostname

WHM server hostname or IP address

WHM API Token

API token created in WHM → Manage API Tokens

WHM Username

WHM username, usually root

WHM Port

Default: 2087

Use SSL

Enable HTTPS for WHM API calls (default: Yes)

DNS Settings

Nameservers (NS1-NS5)

Your nameservers for new zones. NS3-NS5 are optional. Customers can't modify the default NS records.

Default TTL

Time to live for new DNS records in seconds (default: 3600)

Public DNS Server

DNS server for nameserver propagation checks (Google or Cloudflare)

PowerDNS API Settings (for DNSSEC)

PowerDNS API URL

Example: http://your-dns-server:953/api/v1

PowerDNS API Key

From api-key in /etc/pdns/pdns.conf

PowerDNS Server Name

PowerDNS server identifier (default: localhost)

6. DNSSEC Setup

Why PowerDNS API is Required

cPanel DNSONLY servers typically run both BIND and PowerDNS. The WHM API blocks DNSSEC functions on DNSONLY installations even with root access. This module works around that by managing DNSSEC directly through the PowerDNS REST API.

The architecture is straightforward:

• DNS zones and records: Managed via WHM API
• DNSSEC signing and keys: Managed via PowerDNS REST API

Configuring PowerDNS API on the DNS Server

Edit /etc/pdns/pdns.conf:

api=yes
api-key=your-secure-api-key-here
webserver=yes
webserver-address=0.0.0.0
webserver-port=953
webserver-allow-from=0.0.0.0/0,::/0

Important: Replace 0.0.0.0/0 in webserver-allow-from with your WHMCS server IP for production use (e.g., 192.168.1.100/32).

Restart PowerDNS:

systemctl restart pdns

Open firewall port if needed:

firewall-cmd --zone=public --add-port=953/tcp --permanent
firewall-cmd --reload

Then enter the PowerDNS API URL, API key, and server name in the module settings.

Test DNSSEC

Try enabling DNSSEC on a zone from the admin or client area. If it works, you'll see generated keys and DS records.

7. Creating a DNS Hosting Product

1. Go to Products/Services
2. Create a new product
3. Under Module Settings, choose cpanel_dnsonly_manager
4. Save the product

When customers order this product, it creates a DNS zone automatically.

8. Daily Use

Admin Features

• View and manage all DNS zones
• Edit any DNS record
• Import zones from BIND format
• Export zones
• Manage DNSSEC for all zones (requires PowerDNS API)
• Bulk operations
• Nameserver propagation checking
• Protected records show a padlock icon

Customer Features

• Access DNS management from domain details page
• Add, edit, delete their DNS records
• Import zone records
• Enable/disable DNSSEC with one click
• View DS records for registrar
• Check DNS propagation status
• Export their zone data
• Can't modify protected nameserver records
• All features available in 9 languages

DNSSEC Management

• Enable DNSSEC: Click "Enable DNSSEC" button in admin or client area
• View Keys: Keys are generated automatically
• DS Records: Copy DS records to domain registrar
• Requires: PowerDNS API configured (see DNSSEC Setup)

9. Automation Hooks

The module hooks into these WHMCS events:

• AfterRegistrarRegistration: Creates DNS zone
• AfterRegistrarTransfer: Associates or creates zone
• DomainDelete: Removes zone
• AfterModuleTerminate: Cleans up associations

10. Best Practices

• Use a dedicated WHM API token with minimal required permissions
• Enable SSL for WHM API calls unless you have a good reason not to
• Set TTL between 300-3600 seconds
• Test DNSSEC on a non-production zone first
• Keep DS records at registrar updated when rotating keys
• Restrict PowerDNS webserver-allow-from to your WHMCS server IP only
• Back up your DNS data regularly

11. Troubleshooting

Check These First

1. Module Debug Log: Shows API communication (Setup → Logs)
2. Activity Log: Shows all cPanel DNS Manager actions
3. Test WHM API access: curl -k -H "Authorization: whm root:YOUR_TOKEN" https://your-whm:2087/json-api/version
4. Test PowerDNS API (if using DNSSEC): curl -H "X-API-Key: YOUR_KEY" http://your-dns-server:953/api/v1/servers
5. License issues: Check your license and firewall

Common Problems

• WHM API connection refused
  Wrong hostname, port, or SSL setting. Make sure port 2087 is open and the API token is valid.
• HTTP 401 or 403 from WHM
  Invalid API token or insufficient permissions. Regenerate the token in WHM → Manage API Tokens.
• Zone not created after registration
  Check Activity Log for errors. May be a timeout issue or the WHM API call failed. Retry logic should pick it up.
• DNSSEC not working
  DNSSEC requires the PowerDNS API to be configured separately. Check that the API URL, key, and server name are correct in module settings.
• PowerDNS API returns 401/403
  Wrong API key or your WHMCS server IP isn't in webserver-allow-from.
• Invalid license error
  License doesn't match your WHMCS URL. Update it in ArkHost client area.
• SSL certificate errors on WHM API
  If WHM uses a self-signed cert, the module handles this. If you still get errors, check your PHP curl configuration.

FAQ

• Can I use this with a regular cPanel server (not DNSONLY)?
  Yes. It works with any cPanel/WHM server that has WHM API access.
• Do I need PowerDNS for basic DNS management?
  No. PowerDNS is only required for DNSSEC. Zone and record management works entirely through the WHM API.
• Can multiple WHMCS installations use one WHM server?
  Yes, but each zone should be managed by only one WHMCS to avoid conflicts.
• How do I migrate zones from another DNS server?
  Use the zone import feature. Export zones from your old server in BIND format, then import using merge mode to preserve existing records.
• Why is DNSSEC done through PowerDNS instead of WHM?
  Because cPanel blocks DNSSEC API calls on DNSONLY installations. There's no way around it through the WHM API, so we talk to PowerDNS directly.
• Is the module available in my language?
  The client area is fully translated in 9 languages: English, Dutch, French, German, Italian, Portuguese (including Brazilian Portuguese), Russian, and Spanish. To add more, copy english.php in the lang/ folder, rename it, and translate.

12. Upgrading

1. Back up your files and database
2. Upload new files (overwrite old ones)
3. Go to Utilities → System → System Cleanup
4. Click Empty Template Cache
5. Open the addon (database updates run automatically)

13. Security

• API credentials are encrypted in database
• Direct file access is blocked
• Customers can only manage their own zones
• Protected records cannot be modified by customers
• Permission-based admin access control

14. License and Support

cPanel DNS Manager requires a paid license.

• Buy: Purchase here
• Support: Open a ticket