LogoفارسیFA

Reverse Trust Relationship in a cPanel & WHM DNS Cluster

This article explains what a Reverse Trust relationship is in a cPanel & WHM DNS cluster, why it is required, and how servers use API tokens to authenticate and exchange DNS records securely. It also outlines the importance of mutual trust between all servers in the cluster.

DNS Cluster,Reverse TrustWHM, API TokenDNS Synchronization

~2 min read • Updated Feb 18, 2026

1. Overview


A Reverse Trust relationship is a required security mechanism in a cPanel & WHM DNS cluster. It ensures that each server in the cluster trusts the others and can securely exchange DNS records. Without this mutual trust, DNS synchronization cannot occur.


Each server in the cluster must possess a valid API token, which is used to authenticate communication between servers.



2. What Is a Reverse Trust Relationship?


In a DNS cluster, servers must be able to:

  • Send DNS updates to one another
  • Receive DNS updates from one another
  • Verify that the server sending the update is authorized

A Reverse Trust relationship ensures that this communication is secure and authenticated. It is called “reverse” because trust must be configured in both directions — each server must trust the other.



3. Why Reverse Trust Is Required


Without a Reverse Trust relationship:

  • DNS records cannot be synchronized between servers
  • Cluster nodes cannot validate incoming DNS updates
  • Security risks increase due to unauthenticated communication
  • DNS redundancy and failover will not function correctly

Therefore, every server in the cluster must explicitly trust every other server.



4. API Tokens and Authentication


Each server in a DNS cluster must have an API token. This token is used to authenticate requests between servers.


API tokens allow:

  • Secure communication between cluster nodes
  • Granular control over permissions
  • Authentication without exposing root passwords

When you add a server to the DNS cluster in WHM, you must provide the API token from the remote server. This token establishes the trust relationship.



5. How Reverse Trust Works in Practice


To fully establish trust, you must configure each server as follows:

  • Server A must trust Server B (using Server B’s API token)
  • Server B must trust Server A (using Server A’s API token)

Only when both directions are configured does a complete Reverse Trust relationship exist.



6. Conclusion


A Reverse Trust relationship is essential for a functional and secure DNS cluster in cPanel & WHM. By ensuring that each server trusts the others through API tokens, you enable reliable DNS synchronization, redundancy, and secure communication across the cluster.


Written & researched by Dr. Shahin Siami

Next Article