In this guide, we will look through the Domains sections of the WHM's Tweak Settings menu.
Tweak Settings allows you to configure many cPanel & WHM settings. The Domains section contains a number of options related to creating and maintaining domain names and subdomains on the server.
To get there, log in to your WHM and go to Home >> Server Configuration >> Tweak Settings, then navigate to the Domains tab.
You can also enter Tweak Settings in the search field as shown in this screenshot:
The Domains tab allows the configuration of the following settings:
Allow users to park subdomains on the server's hostname
This option allows users to park subdomains on your server's main domain name.
For example, if your hostname is server1.nctest.net and you want to create the subdomain sub.server1.nctest.net, you need this option to be set to On, otherwise, you'll receive the following error:
By default, the value is set to Off.
Allow cPanel users to create subdomains across accounts
This option allows cPanel users to create subdomains for domain names that are owned by other users. Such subdomains need to be added as Addon domains. With this option disabled, the following error will appear:
By default, the value is set to Off and we strongly recommend that you keep it this way, otherwise, it may lead to serious security issues.
Allow WHM users to create subdomains across accounts
This option allows WHM users to create subdomains of domain names that are owned by other users. Such subdomains need to be added as Addon domains.
By default, the value is set to Off and we strongly recommend that you keep this it this way, otherwise, it may lead to serious security issues.
Allow remote domains
This option allows users to add domain names that are pointed to nameservers that do not resolve to your server.
When this option is set to Off, all domain names you add to your cPanel accounts must be pointed to your private nameservers configured on your server.
By default, the value is set to Off and we strongly recommend that you keep this it this way, otherwise, it may lead to serious security issues.
If you try adding a remote domain name with this option set to Off, you will receive the following error:
If you wish to add a domain name that is pointed to some third-party nameservers that do not resolve to your server (Namecheap BasicDNS/PremiumDNS, etc.), you need to set this option to On. As soon as the domain name is added, we recommend you switch it back to Off.
Allow resellers to create accounts with subdomains of the server's hostname
This setting allows resellers to create accounts with subdomains of your server's main domain name.
For example, if your hostname is server1.nctest.net and you want to create an account with the subdomain sub.server1.nctest.net using a reseller account, you need this option to be set to On, otherwise, you will receive the following error:
The user with root privileges will still be able to create accounts with the subdomains of the server hostname, even with this option disabled.
The default value is Off.
Allow unregistered domains
This setting allows users who did not register domain names with a valid registrar to create them on the server.
If a domain name does not have any nameservers set, it will be treated as an unregistered domain name.
By default, the value is set to Off and if you add an unregistered domain name, you will receive the following error:
You may need to enable this option to add domain names of some CC TLDs that require you to create a DNS zone before you can switch the nameservers.
Automatically add "A" entries for registered nameservers when creating a new zone
By default, the value is set to On and the system automatically creates "A" DNS records for a new domain name's registered nameservers when a user creates a domain name.
It's useful for setting up private nameservers as you will not need to create those records manually.
Replace SSL certificates that do not match the local hostname
This option tells the system to replace any SSL certificates that do not match the hostname of the server with a cPanel-signed certificate. This includes wildcard certificates.
This feature is useful if you wish to cover your domain names with cPanel-signed SSL certificates.
The default value is On.
Prevent cPanel users from creating specific domains
This setting prevents users from creating certain domain names that are contained in the /var/cpanel/commondomains and /usr/local/cpanel/etc/commondomains files.
You can check the list of user-denied domain names by running the command via SSH:
cat /usr/local/cpanel/etc/commondomains
Here it contains commonly-known domain names such as google.com and apple.com.
You can also create your own list of user-denied domain names by editing the /var/cpanel/commondomains file.
By default, the value is set to On and we recommend that you keep it this way for enhanced security.
Check zone syntax
By default, the value is set to On which allows you to have the system automatically check zone file syntax whenever a user saves or syncs DNS zone files.
This option helps to ensure all your DNS zones are working properly.
Check zone owner
By default, the value is set to On which allows you to have the system automatically check a DNS zone's owner whenever a user saves or syncs DNS zone files.
This option helps to ensure all your DNS zones have correct owners.
Enable DKIM on domains for newly-created accounts
This option allows you to specify, by default, whether to enable DKIM for new accounts.
DKIM (Domain Keys Identified Mail) is a way to authenticate email. It allows an email system to prove that a message is valid, not forged and that it came from the specified domain name. You can find more info about DKIM in this guide.
The default value is On.
Enable SPF on domains for newly-created accounts
This option allows you to specify, by default, whether to enable SPF (Sender Policy Framework) for new accounts.
SPF is a method of email authentication. It protects against email address spoofing; the unfortunate situation where spammers and fraudsters send out emails on behalf of the real email address owner. You can find more info about SPF in this guide.
The default value is On.
DNS request management application
This option specifies the application that the system uses to handle DNS management requests.
To specify a new application, enter the path to the application that you wish to use in the text box.
The default value is dnsadmin, auto-detect SSL.
dnsadmin is a program that is used by cPanel & WHM to pass updated DNS to the server's DNS server. It can also be run as a service/daemon so that it does not need to be shut down and restarted when a DNS update is made.
If you are not sure if you need to change this option, do not change it.
Service subdomains
This option allows users to access cPanel services via standard HTTP ports: 80 and 443 via service subdomains. Users who cannot use cPanel & WHM default ports due to their firewall configuration should be able to use this service subdomains to access cPanel & WHM services. Also, for many users, it's easier to remember the service subdomain address than the port numbers.
With this option set to On by default, the following subdomains are used to deliver services (nctest.info is used as an example and should be replaced with your own domain name):
- cpanel.nctest.info delivers to the user's cPanel interface
- whm.nctest.info delivers to the user's WHM interface
- webmail.nctest.info delivers to the user's Webmail interface
- webdisk.nctest.info delivers to the user's Web Disk interface
To use this option, it's crucial that you do not manually disable mod_rewrite, mod_headers, or mod_proxy in the httpd.conf file.
Service subdomain creation
By default, the value is set to On, which allows you to automatically create cpanel, webmail, webdisk, cpcalendars, cpcontacts, and whm service subdomain DNS entries for new accounts.
You must have DNS records created in order to use service subdomains. If you use service subdomains, you will ultimately want this option to be enabled as well.
Thunderbird and Outlook autodiscover and autoconfiguration support (enables service subdomain and SRV record creation)
NOTE: You need to set the Service subdomain creation to On in order to use this option.
This feature automatically creates the autodiscover and autoconfiguration service subdomains while creating a domain name. For example:
- autoconfig.nctest.info
- autodiscover.nctest.info
Also, this option creates the autodiscover and autoconfiguration SRV records that are required for Outlook and Thunderbird email automatic configurations, using only the email address, username, and password, without specifying all the settings manually.
The default value is Off.
Preferred mail service to configure to use for Thunderbird and Outlook® autodiscover and autoconfiguration support
NOTE: This option is only available when Thunderbird and Outlook autodiscover and autoconfiguration support (enables service subdomain and SRV record creation) is set to On.
This feature allows you to select the incoming email transfer method to use with Thunderbird and Outlook with Autodiscover and AutoConfiguration support.
The difference between the two is that the POP3 downloads these emails from the server to the email client. It also deletes emails from the server, though it can be configured to leave them.
IMAP, on the other hand, keeps the connection open while the email client is running and synchronizes emails between the server and email clients on all connected devices, as well as message statuses.
The default value is set to IMAP, which is what we also recommend.
Host to publish in the SRV records for Outlook autodiscover support
NOTE: This option is only available when Thunderbird and Outlook autodiscover and autoconfig support (enables service subdomain and SRV record creation) is set to On.
Microsoft® Outlook®'s Autodiscover service searches DNS for an SRV record for an email inbox's domain name that points to a particular server for Autodiscover.
If you have an SSL enabled host with a Certificate Authority signed SSL certificate on this server and want to use it instead of the cPanel provided server, enter the Fully Qualified Domain Name in the available text box there.
The default value is cpanelemaildiscovery.cpanel.net.
Overwrite custom A records used for service subdomains
By default, the option is set to Off.
NOTE: You need to have the Service subdomain creation to be set to On to use this option.
If you enable it, custom "A" records that match service subdomains will be removed when you add or remove service subdomains.
This option can be used if you wish to ensure the service subdomains have correct "A" records. Do not use it when custom "A" records for service subdomains may be useful for users.
Overwrite custom SRV records used by Outlook AutoDiscover support
NOTE: This option is only available when Thunderbird and Outlook autodiscover and autoconfig support (enables service subdomain and SRV record creation) is set to On.
This feature allows the system to remove any existing custom SRV records whenever the user adds or removes Outlook Autodiscover support.
The default value is Off but can be changed to On if you wish to ensure SRV records used by AutoDiscover have correct values.
Do not use it when customer SRV records for AutoDiscover may be useful for users.
Service subdomain override
NOTE: You need to have the Service subdomain creation to be set to On to use this option.
The default value is On, which allows users to create the cpanel, webmail, webdisk, cpcalendars, cpcontacts, and whm subdomains that override automatically generated service subdomains.
Restrict document roots to public_html
This option is set to On by default and prevents the creation of addon domain names and subdomains outside of a cPanel user's primary domain name's document root (the /public_html directory within the user's home directory).
For example, if you create the nctest.info addon domain with this option enabled, the system creates the /home/username/public_html/nctest.info directory rather than the /home/username/nctest.info directory.
Use a Global DCV rewrite exclude instead of .htaccess modification
This option allows Apache to use global mod_rewrite rules instead of the .htaccess modification so that the system does not process additional rewrite rules for Domain Control Validation (DCV) filenames. These rules no longer require cPanel & WHM to modify each user's .htaccess file.
This option can help with the HTTP-based Domain Control Validation as no additional rewrite rules need to be created in .htaccess files.
The default value is On.
Always use authoritative (registered) nameservers when creating a new DNS zone
The enabled option ignores the configured nameservers and sets the NS line to the authoritative (configured on the side of the DNS registrar) ones when adding a newly- registered domain name.
This option is useful when you point domain names to registered private nameservers before adding them to your server.
The default value is Off.
Congrats! You're now familiar with the Domains sections of the WHM's Tweak Settings.