Page 1 of 2 12 LastLast
Results 1 to 25 of 41
  1. #1

    Resolve DNS issues on cpanel 11.x Beta

    Hello,

    I have come accross an issue with DNS in cpanel 11.x , where named.conf is badly configured by cpanel ,

    Here is how a DNS report from dnsstuff.com would look because of this :

    FAILS for SOA record
    Fails for lame nameservers .

    Here's how to fix it ,

    SSH to server ,

    Backup your named.conf file by

    cp /etc/named.conf named.conf.back

    then
    pico /etc/named.conf

    Replace

    Code:
    include "/etc/rndc.key";
    
    controls {
            inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
    };
    
    options
    {
        /* make named use port 53 for the source of all queries, to allow
             * firewalls to block all ports except 53:
             */
        query-source    port 53;    
        
        // Put files that named is allowed to write in the data/ directory:
        directory "/var/named"; // the default
        dump-file             "data/cache_dump.db";
        statistics-file     "data/named_stats.txt";
        memstatistics-file     "data/named_mem_stats.txt";
    };
    
    logging 
    {
    /*      If you want to enable debugging, eg. using the 'rndc trace' command,
     *      named will try to write the 'named.run' file in the $directory (/var/named).
     *      By default, SELinux policy does not allow named to modify the /var/named directory,
     *      so put the default debug log file in data/ :
     */
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };    
    };
    
    // All BIND 9 zones are in a "view", which allow different zones to be served
    // to different types of client addresses, and for options to be set for groups
    // of zones.
    //
    // By default, if named.conf contains no "view" clauses, all zones are in the 
    // "default" view, which matches all clients.
    // 
    // If named.conf contains any "view" clause, then all zones MUST be in a view; 
    // so it is recommended to start off using views to avoid having to restructure
    // your configuration files in the future.
    
    view "localhost_resolver"
    {
    /* This view sets up named to be a localhost resolver ( caching only nameserver ).
     * If all you want is a caching-only nameserver, then you need only define this view:
     */
        match-clients         { localhost; };
        match-destinations    { localhost; };
        recursion yes;
    
        zone "." IN {
            type hint;
            file "/var/named/named.ca";
        };
    
        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
         * ONLY be served to localhost clients:
         */
        include "/var/named/named.rfc1912.zones";
    };
    
    view "internal"
    {
    /* This view will contain zones you want to serve only to "internal" clients
       that connect via your directly attached LAN interfaces - "localnets" .
     */
        match-clients        { localnets; };
        match-destinations    { localnets; };
        recursion yes;
    
        zone "." IN {
            type hint;
            file "/var/named/named.ca";
        };
    
        // include "/var/named/named.rfc1912.zones";
        // you should not serve your rfc1912 names to non-localhost clients.
     
        // These are your "authoritative" internal zones, and would probably
        // also be included in the "localhost_resolver" view above :
    };
    
    view    "external"
    {
    /* This view will contain zones you want to serve only to "external" clients
     * that have addresses that are not on your directly attached LAN interface subnets:
     */
        match-clients        { !localnets; !localhost; };
        match-destinations    { !localnets; !localhost; };
    
        recursion no;
        // you'd probably want to deny recursion to external clients, so you don't
        // end up providing free DNS service to all takers
    
        // all views must contain the root hints zone:
        zone "." IN {
            type hint;
            file "/var/named/named.ca";
        };
    
        // These are your "authoritative" external zones, and would probably
        // contain entries for just your web and mail servers:
    
        // BEGIN external zone entries
    With

    Code:
    include "/etc/rndc.key";
    
    controls {
            inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
    };
    And then goto bottom of the file and remove

    }; at the bottom .

    Save file and exit

    then test config
    service named configtest
    if you have done this correctly , it should display something like this:

    zone blue.xxx.com/IN: loaded serial 2007070901
    zone xxx.com/IN: loaded serial 2007070906
    zone ns1.xxx.com/IN: loaded serial 2007070901
    zone server.xxx.com/IN: loaded serial 2007071001
    zone xxx.net/IN: loaded serial 2007071001

    Then restart named by

    service named restart

    Thats it! , your DNS should be working now .

  2. #2
    Join Date
    Jul 2007
    Location
    Porto, Portugal
    Posts
    23
    I'm sorry... I may have misunderstood, but you'r saying to replace several lines of code on the named.conf for only those 5 lines?

  3. #3
    Yes . thats correct .

  4. #4
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    Quote Originally Posted by DStuart View Post
    I'm sorry... I may have misunderstood, but you'r saying to replace several lines of code on the named.conf for only those 5 lines?
    And it works
    For some reason, new stuff was added to named configurations . I ran into this issue last night, and resolved it on my own (without this thread), but the resolution was the same.

    Not sure what CP is thinking here, creating non working configurations, but at least it's not THAT hard to find and fix!
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  5. #5
    Join Date
    Jul 2007
    Location
    Porto, Portugal
    Posts
    23
    Thank you both, I'll be trying it soon and report it here

  6. #6
    Join Date
    Aug 2007
    Posts
    43
    How can I add


    recursion no;


    To this edited version please?

  7. #7
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    9,072
    Quote Originally Posted by vip2 View Post
    How can I add

    recursion no;

    To this edited version please?
    Can you post the top part of your named.conf (not the DNS zones) and I'll make the changes for you.

  8. #8
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    It's actually quite simple to add recursion
    before the options section, add
    Code:
    acl internal {
      127.0.0.1;
      iprange1here/29;
        iprange2here/29;
    };
    and in the Options section add
    Code:
     allow-recursion {
     internal;
     };
    For additional vagueness, add
    Code:
    version "nunya";
    to the options section
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  9. #9
    Join Date
    Aug 2007
    Posts
    43
    My named.conf must be bad misconfigured...

    I have this at the top of named.conf before the zones..

    At this very moment, I havent got any sections as I followed instructions from this topic to fix the DNS and replaced the lot with this..

    Code:
    include "/etc/rndc.key";
    controls {
            inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
    };
     
        // BEGIN external zone entries
    This is what I had replaced, I can see from this where there was a recursion setting. But this complete config had my DNS broke in the 1st place..


    Code:
    include "/etc/rndc.key";
    controls {
            inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
    };
    options
    {
        /* make named use port 53 for the source of all queries, to allow
             * firewalls to block all ports except 53:
             */
        query-source    port 53;
        // Put files that named is allowed to write in the data/ directory:
        directory "/var/named"; // the default
        dump-file             "data/cache_dump.db";
        statistics-file     "data/named_stats.txt";
        memstatistics-file     "data/named_mem_stats.txt";
    };
    logging
    {
    /*      If you want to enable debugging, eg. using the 'rndc trace' command,
     *      named will try to write the 'named.run' file in the $directory (/var/named).
     *      By default, SELinux policy does not allow named to modify the /var/named directory,
     *      so put the default debug log file in data/ :
     */
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
    };
    // All BIND 9 zones are in a "view", which allow different zones to be served
    // to different types of client addresses, and for options to be set for groups
    // of zones.
    //
    // By default, if named.conf contains no "view" clauses, all zones are in the
    // "default" view, which matches all clients.
    //
    // If named.conf contains any "view" clause, then all zones MUST be in a view;
    // so it is recommended to start off using views to avoid having to restructure
    // your configuration files in the future.
    view "localhost_resolver"
    {
    /* This view sets up named to be a localhost resolver ( caching only nameserver ).
     * If all you want is a caching-only nameserver, then you need only define this view:
     */
        match-clients         { localhost; };
        match-destinations    { localhost; };
        recursion yes;
        zone "." IN {
            type hint;
            file "/var/named/named.ca";
        };
        /* these are zones that contain definitions for all the localhost
         * names and addresses, as recommended in RFC1912 - these names should
         * ONLY be served to localhost clients:
         */
        include "/var/named/named.rfc1912.zones";
    };
    view "internal"
    {
    /* This view will contain zones you want to serve only to "internal" clients
       that connect via your directly attached LAN interfaces - "localnets" .
     */
        match-clients        { localnets; };
        match-destinations    { localnets; };
        recursion yes;
        zone "." IN {
            type hint;
            file "/var/named/named.ca";
        };
        // include "/var/named/named.rfc1912.zones";
        // you should not serve your rfc1912 names to non-localhost clients.
        // These are your "authoritative" internal zones, and would probably
        // also be included in the "localhost_resolver" view above :
    };
    view    "external"
    {
    /* This view will contain zones you want to serve only to "external" clients
     * that have addresses that are not on your directly attached LAN interface subnets:
     */
        match-clients        { !localnets; !localhost; };
        match-destinations    { !localnets; !localhost; };
        recursion no;
        // you'd probably want to deny recursion to external clients, so you don't
        // end up providing free DNS service to all takers
        // all views must contain the root hints zone:
        zone "." IN {
            type hint;
            file "/var/named/named.ca";
        };
        // These are your "authoritative" external zones, and would probably
        // contain entries for just your web and mail servers:

    Appreciate the help thus far.
    Last edited by The.Watcher; 08-04-2007 at 08:00 PM.

  10. #10
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    Did you restart dns? If so, what errors came up in your server logs?
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  11. #11
    Join Date
    Aug 2007
    Posts
    43
    Quote Originally Posted by linux-tech View Post
    Did you restart dns? If so, what errors came up in your server logs?
    I havent even edited named.conf yet.

    At the mo this is my conf..

    Code:
    include "/etc/rndc.key";
    controls {
            inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
    };
     
        // BEGIN external zone entries
     
    zone "hostname.mydomain.com" {
            type master;
            file "/var/named/hostname.domain.com.db";
    };
     
    zone "domain.com" {
            type master;
            file "/var/named/domain.com.db";
    };
    I can see I need to add the additional config settings at the begining of my file before the External zones section.. but how should I go about it without causing my DNS to stop working like before. Cause each time I've tried editing it. If I was to check syntax it comes back as wrong. & I dont want to risk even more downtime as the 3 days I've spent to find this Cpanel problem has been enough

  12. #12
    Join Date
    Aug 2007
    Location
    L.A., CA
    Posts
    3,710
    Thanks for this thread... I encountered this issue on a newly installed cPanel server tonight and this fixed it.

    EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
    Bandwidth Billing | Inventory & Asset Management | Server Control
    Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management

  13. #13
    Quote Originally Posted by vip2 View Post
    I havent even edited named.conf yet.

    At the mo this is my conf..

    Code:
    include "/etc/rndc.key";
    controls {
            inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
    };
     
        // BEGIN external zone entries
     
    zone "hostname.mydomain.com" {
            type master;
            file "/var/named/hostname.domain.com.db";
    };
     
    zone "domain.com" {
            type master;
            file "/var/named/domain.com.db";
    };
    I can see I need to add the additional config settings at the begining of my file before the External zones section.. but how should I go about it without causing my DNS to stop working like before. Cause each time I've tried editing it. If I was to check syntax it comes back as wrong. & I dont want to risk even more downtime as the 3 days I've spent to find this Cpanel problem has been enough

    Can you tell me what error you get when you replaced the config ?

  14. #14
    Make sure you have } at the correct places .

  15. #15
    mate,i wanna say thank you
    finally this problem is solved !!!

    Replace the lines and don't forget to delete }; at the bottom
    <<please see rules for signature setup>>

  16. #16
    Join Date
    Aug 2007
    Location
    L.A., CA
    Posts
    3,710
    why is this happening guys? I just encountered 4 more servers with this issue. centos and fedora!!
    EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
    Bandwidth Billing | Inventory & Asset Management | Server Control
    Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management

  17. #17
    Not sure why cpanel hasnt fixed it yet , we first encountered this on the beta version , but it continue on to the release versions .

  18. #18
    Join Date
    Aug 2007
    Location
    L.A., CA
    Posts
    3,710
    thats a great way to keep your customers happy, especially when they charge so damn much for their software!
    EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
    Bandwidth Billing | Inventory & Asset Management | Server Control
    Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management

  19. #19
    I think it's because of the new version of BIND and will be solved by cpanel in no time.
    <<please see rules for signature setup>>

  20. #20
    Join Date
    Jun 2006
    Location
    NYC / Memphis, TN
    Posts
    1,454
    Quote Originally Posted by AFerrier View Post
    thats a great way to keep your customers happy, especially when they charge so damn much for their software!
    Agreed. CPanel is notorious for this sort of thing. Exactly why we changed control panels
    PeakVPN.Com | Complete Privacy VPN | Cloud Hosting | Guaranteed Security | 1Gbps-10Gbps Unmetered
    PeakVPN | 31 VPN Servers | 17-Years Experience | Emergency 24/7 Support
    Visit us @ PeakVPN.Com (Coming SOON) | ASN: 3915

  21. #21
    Join Date
    May 2006
    Posts
    74
    thanks,
    Worked perfectly for me!

  22. #22
    Join Date
    Feb 2002
    Location
    Vestal, NY
    Posts
    1,381
    As far as we can tell, the issue happens only with fresh installs on CentOS or RHEL 5.x.
    H4Y Technologies LLC .. Since 2001!!
    "Smarter, Cheaper, Faster" - SMB, Reseller, VPS, Dedicated, Colo hosting done right.

    ZERO PACKETLOSS, ZERO DOWNTIME Dedicated and Colo - USA: IA, CA, NC, OR, NV
    **http://h4y.us** **http://iwfhosting.net**
    Voice: (866)435-5642. *** askus at host4yourself d0t com

  23. #23
    Join Date
    Aug 2007
    Location
    L.A., CA
    Posts
    3,710
    another bump to this thread... just fixed another 5 servers over the past couple weeks with this bug, with the last one being today!

    cpanel!!!!! come on!!!!!!!!!!!!
    EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
    Bandwidth Billing | Inventory & Asset Management | Server Control
    Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management

  24. #24
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    This isn't directly a cpanel issue. In fact, you'd have the SAME issue with a stock FC6 configuration. So, Cpanel is incorrectly blamed for Redhat's screwups again!

    Yes, it's frustrating, but make sure you point the blame where it's supposed to be. Redhat released a version of bind which was improperly configured. CPanel can't just go around and reverse that, especially if your server already HAS bind on it. Cpanel won't ever remove it if it's there already, ESPECIALLY something as critical as bind, ESPECIALLY since it can work just fine with it.

    The problem here isn't cpanel, it's redhat's distribution of bind, and the fact that you're using a BETA OS!
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  25. #25
    Quote Originally Posted by linux-tech View Post
    This isn't directly a cpanel issue. In fact, you'd have the SAME issue with a stock FC6 configuration. So, Cpanel is incorrectly blamed for Redhat's screwups again!

    Yes, it's frustrating, but make sure you point the blame where it's supposed to be. Redhat released a version of bind which was improperly configured. CPanel can't just go around and reverse that, especially if your server already HAS bind on it. Cpanel won't ever remove it if it's there already, ESPECIALLY something as critical as bind, ESPECIALLY since it can work just fine with it.

    The problem here isn't cpanel, it's redhat's distribution of bind, and the fact that you're using a BETA OS!
    cpanel is supposed to replace the incorrect config file with a corrected one since they provide the installation script . not sure if they tested this before they released it .

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •