I'm interested in messing around a bit with DNSSEC. As far as I know, the version of BIND installed on the Knownhost VPS packages should support it fine. Unfortunately, it looks like cPanel is still working on adding support. There's a third party plug-in to add DNSSEC support, but I'd rather not add another monthly fee to the pile if I can at all avoid it.

As long as I let cPanel create the zone for a given domain, should there be any problem with modifying the zones manually to add what's needed to secure the domain(s)?
Hi Ichiban,

You can modify the zone files manually and things will be fine as long as they're added correctly. You can also use the zone editor in WHM too.
Great! From Googling around, it seemed like lack of DNSSEC support in cPanel was a big deal. I thought that meant it would choke on some of the new DNSSEC entries.


I'd assume that's for key generation and insertion to be done automatically in WHM by clicking a button. But just like with domain keys/DKIM it took cPanel forever to integrate it but I had generated and entered them manually probably two years prior to their getting it working :) if all it does is add keys to the DNS zone files and NSD/Bind doesn't choke on it you should be fine.