Reverse DNS edit API issue

[Netcrusher]

I want to edit the PTR records through the API. No matter what rights the authentication token has, I get the following error:
API failure: (XID qsbehk) You do not have access to a domain named “xxx.xxx.xxx.in-addr.arpa”.

It only works if I select "All Features", even though the token is issued by the root user and the authentication is done as root.

Please help, thanks!

 

[rbairwell]

It's extremely unlikely your provider allows you to change the PTR records within cPanel/WHM. If you have a dedicated/VPS server, you'll be best to contact your provider directly to set them up correctly - if you just have a cPanel account, then it is unlikely your web hosting provider will make this change at all as it'll affect all customers on the server.

PTR (reverse DNS) entries are normally only available for "direct modification" if you have a largish range (8+) of IP addresses allocated to you (and your provider has then sub-allocated that range and the rdns entries down to you.

 

[Netcrusher]

Since I've already stated that it works in certain conditions, all the assumptions are wrong.
The issue I'm having is strictly regarding WHM API tokens and not anything else.

 

[cPRex]

Can you let me know how you are using the API token? Is this from a program or through a URL when logged in as a reseller? I'd like to do some more testing with this on my end, but I'd need to know the specifics of how that call is being executed.

 

[Netcrusher]

You can run the API command in a terminal:
curl -H'Authorization: whm root:<token>' 'https://<server>:2087/json-api/addzonerecord?api.version=1&type=PTR&zone=xxx.xxx.xxx.in-addr.arpa&name=100&ptrdname=test.domain.com'

It only works if the token has "All Features" checked.

 

[cPRex]

Let me do some testing and I'll get back with you in a bit!

 

[cPRex]

I currently am not able to reproduce the issue. I made a DNS zone named 3.2.1.in-addr.arpa linked to the IP 1.2.3.4 but not linked to any cPanel account so it was owned by the system:

Zone created successfully for IP 1.2.3.4.
Zone is owned by system.

I then setup the key, and left everything as the default, ensuring the very last option of "all privileges" was not selected. Then I ran the command from both a local and a remote server and it worked well both times:

[root@10-2-33-220 ~]# curl -H'Authorization: whm root:6DZPJN2ORK8A1IZ8SJFRLEUIUQ1S3A09' 'https://host.domain.com:2087/json-api/addzonerecord?api.version=1&type=PTR&zone=3.2.1.in-addr.arpa&name=100&ptrdname=test.domain.com'
{"metadata":{"version":1,"result":1,"reason":"OK","command":"addzonerecord"}}[root@10-2-33-220 ~]#

Did you only have a specific set of the features enabled for the token? If not, it might be best to submit a ticket on this issue so we can test this directly on the affected machine.

 

[Netcrusher]

I'll check again with a newly created zone, maybe there's an issue with the existing one.

Thanks for now!

 

[Netcrusher]

It worked with a newly created zone, and only "Manage DNS Records" was required.

So, I've checked the owner in the files from /var/cpanel/users and noticed that the zone didn't belong to anybody.
After adding it to the system user everything is working fine.

I followed this for setting the owner:

https://support.cpanel.net/hc/en-us/articles/1500001386262-How-to-change-the-ownership-of-DNS-Zone-

 

[cPRex]

I'm wondering if that zone was created outside of WHM originally. When I created the rDNS zone on my test system, it was automatically assigned to the "system" user.

I'm glad to hear this is working as expected now!