DNS records in control panel and in dns conf file not the same

I have two problems:

  1. The DNS conf file in /home/user/conf/dns/domain.db , named-checkzone returns “…com.db:2: near ‘20210101489’: out of range”
    In HestaCP, the value is nowhere to be found, I’ve changed that date, i’ve changed other values, but that file still doesn’t want to update, so I manually edited it to remove the 489. Now named-checkzone is OK…But I still can’t generate SSL for the domain as it returns: “Error: Let’s Encrypt validation status . Details:” (no error given)

  2. Could anyone explain to me why some txt entries from cpanel (reentered manually into Hestiacp), gave an error to named-checkzone … default._domainkey in special, seems to have just halted the ‘import’ of the zone entries below… I assume, that even though, it’s a txt record and BIND bundled with Hestia doesn’t support DKIM, it still considers it a special entry?

  3. When can we have DKIM? Or Power DNS?:slight_smile:

Anyway, Thank you for the amazing control panel !

There is an maximum changes of 99 changes per day.

* The serial number begins at 1, and is simply incremented at every change.
* The serial number contains the date of the last change (in [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) basic format) followed by a two-digit counter (e.g. 2017031405 = the fifth change dated March 14, 2017). This method is recommended in [RFC 1912](https://tools.ietf.org/html/rfc1912).[[6]](https://en.wikipedia.org/wiki/SOA_record#cite_note-RFC_1912-6)
* The serial number is the time of last modification to the zone's data file expressed as the number of seconds since the [UNIX epoch](https://en.wikipedia.org/wiki/Unix_time). This method is used by default in the [djbdns](https://en.wikipedia.org/wiki/Djbdns) suite.[[7]](https://en.wikipedia.org/wiki/SOA_record#cite_note-7) Although it uses a 32-bit counter, it is not susceptible to the [year 2038 problem](https://en.wikipedia.org/wiki/Year_2038_problem) due to the effect of [serial number arithmetic](https://en.wikipedia.org/wiki/Serial_number_arithmetic).

You made almost made 500 changes…

There is an limit of xxx chars that is currently not enforced it is an know bug

For DKIM there is allready support

1 Like



  1. Probaly you did more than 99 changes to the same zone. The limit is currently by 99 changes daily, we discuss a change to support 9999 changed daily with adjust it to 21 instead 2021.

  2. Dkim is already supported, dont have an example ready, but add a mail domain and check the dkim checkbox, it will autogenerate you a sample.

  3. dkim is already there, powerdns isnt planed.

Thank you for the quick reply. PowerDNS is not planed just because it’s a feature that you don’t have the man power to implement, or it’s not that much faster than bind? (650MB ram used:) )

  1. I didn’t do 500 changes to that domain, today. Does Hestia do some automatically? For example, if there’s an error somewhere?

Currently not enough manpower to fullfill all feature requests and other prioritys before it.

Hestia doesnt touch the dns zone without any user based action. Maybe create manualy a test zone, adjust it and monitor if all works expected. Maybe you’ll find more informations on the hestia system log, should be in /var/log/hestia - not sure about the path, on mobile here.

1 Like

/var/log/hestia/ is correct or /usr/local/hestia/log/