Symptoms
After changing the NSEC3 data in the DNSSEC configuration on a domain, it is observed that the changes are not synced to the DNS Cluster members.
Description
A sync performed by the DNS Clustering system does not currently sync the NSEC3 data on a domain when it is altered.
We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-46445. Follow this article to receive an email notification when a solution is published in the product.
Workaround
Any NSEC3 data that needs to be altered can be done manually via PowerDNS directly.
pdnsutil set-nsec3 ZONE OPTIONSThis needs to be done on all servers in a DNS Cluster.
