ISC BIND & DNS allow-recursion security feature.
allow-recursion { 192.168.1.0/24; localhost; };
The allow-recursion statement specifies which hosts are allowed to make recursive queries through this server. With the configuration as shown above, we allow recursive queries only from internal hosts since allowing every external hosts on the Internet to ask your name server to answer recursive queries can open you up to certain kinds of cache poisoning attacks. This is a security feature.
Stealth Servers common DNS server setups
Common DNS server setups (used when working with zones for registered domain names), Stealth Primary and Stealth Secondary. These are effectively the same as Primary and Secondary DNS servers, but with a slight organizational difference.
For example, you have 3 DNS servers; A, B and C.
A is the Primary, B and C are secondaries.
If you configure your registered domain to use A and B as your domain’s DNS servers, then C is a Stealth Secondary. It’s still a secondary, but it’s not going to be asked about the zone you are serving to the internet from A and B
If you configure your registered domain to use B and C as your domain’s DNS servers, then A is a stealth primary. Any additional records or edits to the zone are done on A, but computers on the internet will only ever ask B and C about the zone.
Performance Improved in cPanel 11.25 DNS Clustering
cPanel DNS clustering utility, DNSAdmin, now sends updates in batches with a single call, reducing the server’s memory consumption during DNS synchronization.
cPanel have also added a feature that will automatically disable unresponsive cluster members, preventing outdated information from being sent to up-to-date servers when the unresponsive server come back online. Plus, cPanel simplified reconfiguring and restarting BIND into a single call, speeding up the process.
DNS Clustering dnsadmin operations.
Certain dnsadmin operations are now performed in batches. This reduces both the memory needed during large operations, and the amount of time needed to perform the operation.
Each cPanel™ 11.25 cluster member may now configure a peer failure threshold. This option is found in the Configure Cluster interface in WHM. The threshold specifies how many dnsadmin commands a peer may fail to respond to before that peer is automatically disabled. The threshold is local to the server where it is stipulated.
By default, each cPanel™ 11.25 cluster member will notify the system administrator when peers are disabled due to reaching the failure threshold. The notifications are sent to the High priority destinations as set in the Contact Manager in WHM.
The amount of time between BIND restarts issued by dnsadmin is configurable via a new option in the WHM Tweak Settings interface.
DNS Functions
The following functions were added to the XML-API in cPanel™ 11.25.0:
addzonerecord
This API function allows you to add a zone record.
editzonerecord
This function allows you to edit an existing zone record.
getzonerecord
This function allows you to view DNS zone records associated with a given domain.
removezonerecord
This function allows you to remove a zone record from the server.
resetzone
This API function will reset a DNS zone to its default values.