Disable Direct Root Logins Published: Oct 28, 2003
  • Rating


We'll show you the ropes in how to setup cpanel nameservers and configure them properly so you can run ns1 and ns2.yoursite.com

This guide will show you the ropes in how to setup cpanel nameservers and configure them properly so you can run ns1 and ns2.yoursite.com. Once your nameservers are setup clients can then use your own private nameservers for their domains.

1. Regiser your domain
Register the domain name you would like to use, you can register a domain here if you need one.This domain will be used as your nameservers - eg ns1.yourdomain.com and ns2.yourdomain.com

2. Additional IPs
Have 2 available IP addresses for your server that aren't in use.You will need to contact you provider to obtain these IP addreses.

3. Registering the Nameservers  
Now login to your domain management page for the domain you registered and  register ns1.newdomain.com and ns2.newdomain.com as nameservers (registries normally have a special facility for doing that). The registry may also have a facility to propogate these nameservers around the foreign registries - if so, you should use this facility.

These registrations may take a few days to propagate (often as many as 3 days).

4. Reverse DNS
You may also need to get your data centre to enter a reverse DNS pointer for your nameservers. You'll need to let them know each nameserver and its IP address. Sometimes you can suffer non-delivery of mail if you don't so this. Reverse DNS pointers can take a while to propagate.
Setup a reverse on the IP address for your domain

5. Broken NDC/BIND
My version of WHM/CPanel came with a broken NDC. To fix this:

SSH into your box as root.

(a) Type: cd /scripts
(b) Type: ./updatenow
(c) Type: ./fixndc

Go back into WHM, go to the Restart Services section in the left menu and click DNS/Nameserver (BIND).

You will need to do this if you start getting 'ndc' errors when you are doing anything DNS related in WHM.

6. Setup Nameservers In WHM
Go into WHM (Web Host Manager) and select Edit Setup from the Server Setup menu on the left. Enter ns1.newdomain.com in the Primary Nameserver field. Hit 'Assign IP Address', then hit 'Add an A Entry for this nameserver'.
Repeat this process for the Secondary Nameserver field.

7. Tidy Up Junk Nameservers
Go into WHM (Web Host Manager) and select Manage Nameserver IPs from the Server Setup menu on the left. Remove any nameservers you don't recognise. This is just a tidy up exercise in case anyone's set anything up on the box before you.

8. Initial Nameserver Setup
Go into WHM (Web Host Manager) and select Initial NameServer Setup from the Server Setup menu on the left. Run this.

9. Restart BIND
Restart BIND (step 7 restarts BIND, but we've known it to need a proper stop and start for it to work) from SSH with:

service named stop
service named start

10. Manual Checks
I don't know what it is about this process, but it doesn't always work, so there are some things you can check manually via SSH.

Check that the nameservers are correctly specified on NS, NS2 etc.
EG: scroll to the name servers section.....
NS ns1.yournameserver.com
NS2 ns2.yournameserver.com

Check that there are nameserver entries for each IP. There may also be one for - this is okay. I'm led to believe (by the 'man' entry for resolv.conf) that this isn't a particularly important file, but I changed mine to read:

domain mybox.com
search mybox.com

Where 'mybox.com' is the main domain of my server, and '' and '' are the IP addresses of my primary and secondary nameservers.

resolv.conf is used to lookup names that are not in FQDN format.

Check that there are entries for each IP acting as a nameserver.

  • Rating


Related Articles

Comments (12)

  • Gravatar - Just Asking
    Just Asking 23:50, November 17, 2003
    This though breaks DNS sycronization in cPanel as it requires root login to sync zones files across servers.
  • Gravatar - Sam
    Sam 16:09, January 30, 2004
    Hi, try this :

    #LoginGraceTime 600
    PermitRootLogin without-password
    #StrictModes yes

    It should fix the DNS sycronization problem.
  • Gravatar - vera
    vera 12:51, February 10, 2005
    named has failed, please contact the sysadmin (result was "named is not running"). Feb 10 14:57:52 server named: named shutdown failed Feb 10 14:57:52 server named: named: user 'named' unknown Feb 10 14:57:52 server named: named startup failed
  • Gravatar - Aingaran
    Aingaran 18:03, April 11, 2005
    Can you specify more than 1 port for ssh? IE, 22 & 222?
  • Gravatar - Ravindra
    Ravindra 13:16, August 25, 2005
    please send me uttorials about linux networking
  • Gravatar - qwe010
    qwe010 22:00, May 28, 2006
    i do<br />
    <br />
    put i can't forcing the use ?<br />
    <br />
  • Gravatar - Vishal
    Vishal 20:54, July 4, 2006
    Great Thanks,<br />
    <br />
    It worked well
  • Gravatar - Remus
    Remus 04:53, August 16, 2006
    excellent, thank you.
  • Gravatar - Anthony
    Anthony 14:02, February 20, 2007
    I followed the steps. but my linx still allows direct root logins.
  • Gravatar - Jaop
    Jaop 20:21, October 23, 2007
    Excellent Ideas ! Thank you !
  • Gravatar - Clemme
    Clemme 09:26, April 4, 2008
    Thanks a lot dude, works like a charm.
  • Gravatar - Mike
    Mike 22:02, July 19, 2010
    Thanks a lot, just working like I wanted.

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2017 WebHostGear.com