Related to: https://www.directadmin.com/features.php?id=2058 solve the subdomain owner check on a master server, if there is no User linked to the zone. Note, this is disabled by default. Once it's working and everything is synced, it's recommended to increase the strict level to 2, which no longer trusts the clients, and ensures all data pass is valid, verified and correct. At the basic 1 level, it still blocks, but only based on a trusted level of the hostname being passed, and only if the values exist in the cluster_domainowners file at the time of the check. You really only need this feature if you have multiple DA boxes pushing to a shared master. ------ ISSUE: Say you have a master nameserver (we'll assume domains only use 1 NS for the example, for simplicity) The master ns1 is remote box ns1. You also have hosting box1.hostname.com and hosting box2.hostname.com, both of which push their domains to ns1. User on box1 adds box1.com. ns1 gets box1.com zone, but has no associated User with it, it's a zone-only transfer. Some other User on box2 tries to add box1.com, this is blocked, since the zone exists. This is all good so far, block is fine. However, if a User on box2 tries to add sub.box1.com, this is allowed which is not correct. It should be blocked. The ns1 should be blocking this, since it belongs to some other User.. but there isn't sufficient information on ns1 to figure this out. ---- SOLUTION When enabled it on ns1, a new file will be created on ns1 as zones are updated/saved remotely and pushed over (assuming they're using DA 1.59..0 +) /etc/virtual/cluster_domainowners which is similar to the usual /etc/virtual/domainowners file, except it's in the format: domain.com:remote.hostname.com:username where the username may not always be set, depending on what the client sent over. The main thing is that the hostname is visible so that it can be checked against the hostname proivded by the box1/box2 during their call: /CMD_API_DNS_ADMIN?action=exists&domain=sub.box1.com&check_for_parent_domain=true&hostname=box2.hostname.com&username=cheekybugger ---- CHANGE ON SENDING DA SIDE The 2 hosting boxes box1/box2 do not ned ----- DISABLED BY DEFAULT Internal default: check_subdomain_owner_in_cluster_domainowners=0 To enable this check, set the following on the master ns1 box: ./directadmin set check_subdomain_owner_in_cluster_domainowners 1 service directadmin restart but once it's working and things are synced, set it to 2 (below) ----- STRICT MODE If you set this on ns1 to be: check_subdomain_owner_in_cluster_domainowners=2 then all sending DA boxes (box1/box2) MUST provide the hostname in the GET portion of the action=rawsave zone transfer. Without it, the master will refuse to save the zone. Basically, update ALL of your DA boxes at the same time. When 2 set DA will also do a lookup on the hostname being passesd. The ns1 box will do the lookup and it must resolve to the IP that is connecting to ns1. AKA: box1.hostname.com must resolve to the IP that connects to ns1. Setting this back down to 1 is useful if you're moving servers, and the hostname will be changing to some other IP, but you still want things to be saved, for when the check if more strict later on. ----- Compile time: Sept 11, ~21:25 T14624