Results 1 to 25 of 41
-
07-11-2007, 02:57 AM #1WHT Addict
- Join Date
- Sep 2005
- Posts
- 150
Resolve DNS issues on cpanel 11.x Beta
Hello,
I have come accross an issue with DNS in cpanel 11.x , where named.conf is badly configured by cpanel ,
Here is how a DNS report from dnsstuff.com would look because of this :
FAILS for SOA record
Fails for lame nameservers .
Here's how to fix it ,
SSH to server ,
Backup your named.conf file by
cp /etc/named.conf named.conf.back
then
pico /etc/named.conf
Replace
Code:include "/etc/rndc.key"; controls { inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; }; options { /* make named use port 53 for the source of all queries, to allow * firewalls to block all ports except 53: */ query-source port 53; // Put files that named is allowed to write in the data/ directory: directory "/var/named"; // the default dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt"; memstatistics-file "data/named_mem_stats.txt"; }; logging { /* If you want to enable debugging, eg. using the 'rndc trace' command, * named will try to write the 'named.run' file in the $directory (/var/named). * By default, SELinux policy does not allow named to modify the /var/named directory, * so put the default debug log file in data/ : */ channel default_debug { file "data/named.run"; severity dynamic; }; }; // All BIND 9 zones are in a "view", which allow different zones to be served // to different types of client addresses, and for options to be set for groups // of zones. // // By default, if named.conf contains no "view" clauses, all zones are in the // "default" view, which matches all clients. // // If named.conf contains any "view" clause, then all zones MUST be in a view; // so it is recommended to start off using views to avoid having to restructure // your configuration files in the future. view "localhost_resolver" { /* This view sets up named to be a localhost resolver ( caching only nameserver ). * If all you want is a caching-only nameserver, then you need only define this view: */ match-clients { localhost; }; match-destinations { localhost; }; recursion yes; zone "." IN { type hint; file "/var/named/named.ca"; }; /* these are zones that contain definitions for all the localhost * names and addresses, as recommended in RFC1912 - these names should * ONLY be served to localhost clients: */ include "/var/named/named.rfc1912.zones"; }; view "internal" { /* This view will contain zones you want to serve only to "internal" clients that connect via your directly attached LAN interfaces - "localnets" . */ match-clients { localnets; }; match-destinations { localnets; }; recursion yes; zone "." IN { type hint; file "/var/named/named.ca"; }; // include "/var/named/named.rfc1912.zones"; // you should not serve your rfc1912 names to non-localhost clients. // These are your "authoritative" internal zones, and would probably // also be included in the "localhost_resolver" view above : }; view "external" { /* This view will contain zones you want to serve only to "external" clients * that have addresses that are not on your directly attached LAN interface subnets: */ match-clients { !localnets; !localhost; }; match-destinations { !localnets; !localhost; }; recursion no; // you'd probably want to deny recursion to external clients, so you don't // end up providing free DNS service to all takers // all views must contain the root hints zone: zone "." IN { type hint; file "/var/named/named.ca"; }; // These are your "authoritative" external zones, and would probably // contain entries for just your web and mail servers: // BEGIN external zone entries
Code:include "/etc/rndc.key"; controls { inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; };
}; at the bottom .
Save file and exit
then test config
service named configtest
if you have done this correctly , it should display something like this:
zone blue.xxx.com/IN: loaded serial 2007070901
zone xxx.com/IN: loaded serial 2007070906
zone ns1.xxx.com/IN: loaded serial 2007070901
zone server.xxx.com/IN: loaded serial 2007071001
zone xxx.net/IN: loaded serial 2007071001
Then restart named by
service named restart
Thats it! , your DNS should be working now .
-
07-30-2007, 06:10 AM #2Newbie
- Join Date
- Jul 2007
- Location
- Porto, Portugal
- Posts
- 23
I'm sorry... I may have misunderstood, but you'r saying to replace several lines of code on the named.conf for only those 5 lines?
-
07-30-2007, 12:56 PM #3WHT Addict
- Join Date
- Sep 2005
- Posts
- 150
Yes . thats correct .
-
07-31-2007, 08:32 AM #4
And it works
For some reason, new stuff was added to named configurations . I ran into this issue last night, and resolved it on my own (without this thread), but the resolution was the same.
Not sure what CP is thinking here, creating non working configurations, but at least it's not THAT hard to find and fix!Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
07-31-2007, 11:25 AM #5Newbie
- Join Date
- Jul 2007
- Location
- Porto, Portugal
- Posts
- 23
Thank you both, I'll be trying it soon and report it here
-
08-04-2007, 03:52 PM #6Junior Guru Wannabe
- Join Date
- Aug 2007
- Posts
- 43
How can I add
recursion no;
To this edited version please?
-
08-04-2007, 03:55 PM #7Web Hosting Master
- Join Date
- Mar 2003
- Location
- Canada
- Posts
- 9,072
-
08-04-2007, 04:12 PM #8
It's actually quite simple to add recursion
before the options section, add
Code:acl internal { 127.0.0.1; iprange1here/29; iprange2here/29; };
Code:allow-recursion { internal; };
Code:version "nunya";
Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
08-04-2007, 07:57 PM #9Junior Guru Wannabe
- Join Date
- Aug 2007
- Posts
- 43
My named.conf must be bad misconfigured...
I have this at the top of named.conf before the zones..
At this very moment, I havent got any sections as I followed instructions from this topic to fix the DNS and replaced the lot with this..
Code:include "/etc/rndc.key"; controls { inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; }; // BEGIN external zone entries
Code:include "/etc/rndc.key"; controls { inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; }; options { /* make named use port 53 for the source of all queries, to allow * firewalls to block all ports except 53: */ query-source port 53; // Put files that named is allowed to write in the data/ directory: directory "/var/named"; // the default dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt"; memstatistics-file "data/named_mem_stats.txt"; }; logging { /* If you want to enable debugging, eg. using the 'rndc trace' command, * named will try to write the 'named.run' file in the $directory (/var/named). * By default, SELinux policy does not allow named to modify the /var/named directory, * so put the default debug log file in data/ : */ channel default_debug { file "data/named.run"; severity dynamic; }; }; // All BIND 9 zones are in a "view", which allow different zones to be served // to different types of client addresses, and for options to be set for groups // of zones. // // By default, if named.conf contains no "view" clauses, all zones are in the // "default" view, which matches all clients. // // If named.conf contains any "view" clause, then all zones MUST be in a view; // so it is recommended to start off using views to avoid having to restructure // your configuration files in the future. view "localhost_resolver" { /* This view sets up named to be a localhost resolver ( caching only nameserver ). * If all you want is a caching-only nameserver, then you need only define this view: */ match-clients { localhost; }; match-destinations { localhost; }; recursion yes; zone "." IN { type hint; file "/var/named/named.ca"; }; /* these are zones that contain definitions for all the localhost * names and addresses, as recommended in RFC1912 - these names should * ONLY be served to localhost clients: */ include "/var/named/named.rfc1912.zones"; }; view "internal" { /* This view will contain zones you want to serve only to "internal" clients that connect via your directly attached LAN interfaces - "localnets" . */ match-clients { localnets; }; match-destinations { localnets; }; recursion yes; zone "." IN { type hint; file "/var/named/named.ca"; }; // include "/var/named/named.rfc1912.zones"; // you should not serve your rfc1912 names to non-localhost clients. // These are your "authoritative" internal zones, and would probably // also be included in the "localhost_resolver" view above : }; view "external" { /* This view will contain zones you want to serve only to "external" clients * that have addresses that are not on your directly attached LAN interface subnets: */ match-clients { !localnets; !localhost; }; match-destinations { !localnets; !localhost; }; recursion no; // you'd probably want to deny recursion to external clients, so you don't // end up providing free DNS service to all takers // all views must contain the root hints zone: zone "." IN { type hint; file "/var/named/named.ca"; }; // These are your "authoritative" external zones, and would probably // contain entries for just your web and mail servers:
Appreciate the help thus far.Last edited by The.Watcher; 08-04-2007 at 08:00 PM.
-
08-04-2007, 08:02 PM #10
Did you restart dns? If so, what errors came up in your server logs?
Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
08-04-2007, 09:08 PM #11Junior Guru Wannabe
- Join Date
- Aug 2007
- Posts
- 43
I havent even edited named.conf yet.
At the mo this is my conf..
Code:include "/etc/rndc.key"; controls { inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; }; // BEGIN external zone entries zone "hostname.mydomain.com" { type master; file "/var/named/hostname.domain.com.db"; }; zone "domain.com" { type master; file "/var/named/domain.com.db"; };
-
08-14-2007, 07:25 AM #12Web Hosting Master
- Join Date
- Aug 2007
- Location
- L.A., CA
- Posts
- 3,710
Thanks for this thread... I encountered this issue on a newly installed cPanel server tonight and this fixed it.
EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
Bandwidth Billing | Inventory & Asset Management | Server Control
Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management
-
08-19-2007, 02:56 PM #13WHT Addict
- Join Date
- Sep 2005
- Posts
- 150
-
08-19-2007, 03:40 PM #14WHT Addict
- Join Date
- Sep 2005
- Posts
- 150
Make sure you have } at the correct places .
-
08-24-2007, 05:40 PM #15Newbie
- Join Date
- Dec 2006
- Posts
- 17
mate,i wanna say thank you
finally this problem is solved !!!
Replace the lines and don't forget to delete }; at the bottom<<please see rules for signature setup>>
-
08-26-2007, 01:53 AM #16Web Hosting Master
- Join Date
- Aug 2007
- Location
- L.A., CA
- Posts
- 3,710
why is this happening guys? I just encountered 4 more servers with this issue. centos and fedora!!
EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
Bandwidth Billing | Inventory & Asset Management | Server Control
Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management
-
08-26-2007, 02:01 AM #17WHT Addict
- Join Date
- Sep 2005
- Posts
- 150
Not sure why cpanel hasnt fixed it yet , we first encountered this on the beta version , but it continue on to the release versions .
-
08-26-2007, 02:03 AM #18Web Hosting Master
- Join Date
- Aug 2007
- Location
- L.A., CA
- Posts
- 3,710
thats a great way to keep your customers happy, especially when they charge so damn much for their software!
EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
Bandwidth Billing | Inventory & Asset Management | Server Control
Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management
-
08-26-2007, 07:47 AM #19Newbie
- Join Date
- Dec 2006
- Posts
- 17
I think it's because of the new version of BIND and will be solved by cpanel in no time.
<<please see rules for signature setup>>
-
08-26-2007, 09:26 PM #20Web Hosting Master
- Join Date
- Jun 2006
- Location
- NYC / Memphis, TN
- Posts
- 1,454
≈ PeakVPN.Com | Complete Privacy VPN | Cloud Hosting | Guaranteed Security | 1Gbps-10Gbps Unmetered
≈ PeakVPN | 31 VPN Servers | 17-Years Experience | Emergency 24/7 Support
≈ Visit us @ PeakVPN.Com (Coming SOON) | ASN: 3915
-
09-17-2007, 05:54 AM #21Junior Guru Wannabe
- Join Date
- May 2006
- Posts
- 74
thanks,
Worked perfectly for me!
-
09-20-2007, 04:55 PM #22Web Hosting Master
- Join Date
- Feb 2002
- Location
- Vestal, NY
- Posts
- 1,381
As far as we can tell, the issue happens only with fresh installs on CentOS or RHEL 5.x.
H4Y Technologies LLC .. Since 2001!!
"Smarter, Cheaper, Faster" - SMB, Reseller, VPS, Dedicated, Colo hosting done right.
ZERO PACKETLOSS, ZERO DOWNTIME Dedicated and Colo - USA: IA, CA, NC, OR, NV
**http://h4y.us** **http://iwfhosting.net**Voice: (866)435-5642. *** askus at host4yourself d0t com
-
09-22-2007, 05:27 PM #23Web Hosting Master
- Join Date
- Aug 2007
- Location
- L.A., CA
- Posts
- 3,710
another bump to this thread... just fixed another 5 servers over the past couple weeks with this bug, with the last one being today!
cpanel!!!!! come on!!!!!!!!!!!!EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
Bandwidth Billing | Inventory & Asset Management | Server Control
Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management
-
09-22-2007, 07:05 PM #24
This isn't directly a cpanel issue. In fact, you'd have the SAME issue with a stock FC6 configuration. So, Cpanel is incorrectly blamed for Redhat's screwups again!
Yes, it's frustrating, but make sure you point the blame where it's supposed to be. Redhat released a version of bind which was improperly configured. CPanel can't just go around and reverse that, especially if your server already HAS bind on it. Cpanel won't ever remove it if it's there already, ESPECIALLY something as critical as bind, ESPECIALLY since it can work just fine with it.
The problem here isn't cpanel, it's redhat's distribution of bind, and the fact that you're using a BETA OS!Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
09-22-2007, 07:44 PM #25WHT Addict
- Join Date
- Sep 2005
- Posts
- 150