Results 1 to 8 of 8
  1. #1
    Join Date
    May 2009
    Posts
    66

    Exclamation Dedicated Server Resolver Issues Since Suhosin Install

    Hello all,

    For the last several days on one of our dedicated servers, a AMD 3000+ 2GB RAM 2x80GB HDD 5TB traffic installed with CentOS 5.3 64-bit w/a GNU Linux kernel-2.6.18-128.1.10.el5, we use as a 'backup' to our master, we've been having resolver issues. If we attempt to ping, dig or nslookup ANY hostname, we get "unknown host domainexample.com". We can, however, ping IP addresses, including the external one for the server. (Pinging the server from another, not connected to the network returns 0% packet loss.)

    Our package managers can't resolve hostnames, either. For instance, when we try to run yum, we get:

    "Could not retrieve reponamehere http://mrepodomainnamehere.com
    [Errno 4] IOError: <urlopen error (-2, 'Name or service not known')>
    Error: Cannot find a valid baseurl for repo: reponamehere"

    We've already tried disabling several repos and it should be noted that when we use "wget" or "git" or any other package installer, we have the same resolving issues.

    Our "/etc/resolv.conf" contains nameservers for the major upstream DC to our provider, which gave us permission to use them. We've tried two sets from them as well as those from our provider and from a DNS service provider. None have worked. (BTW, We have two servers with this provider and the other one is fine; the provider, though this is an unmanaged sever, is attempting to be very helpful and responsive. No problems there.)

    We've tried rebooting the server and flushing IPtables as well as stopping it altogether. (Thankfully, we've set our DNS, SQL and httpd servers to run on boot) Nothing seems to resolve the issue (no pun intended).

    However, we think this problem may have to do with having installed Suhosin on the server this past weekend since it seems to have started shortly after that but we're not sure. We are getting the following errors in from our httpd logs, though:

    [Fri Jun 19 12:52:25 2009] [notice] Graceful restart requested, doing restart
    [Fri Jun 19 12:52:25 2009] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
    [Fri Jun 19 12:52:26 2009] [notice] Digest: generating secret for digest authentication ...
    [Fri Jun 19 12:52:26 2009] [notice] Digest: done
    PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/suhosin.so' - /usr/lib64/php/modules/suhosin.so: undefined symbol: php_rfc1867_callback in Unknown on line 0
    [Fri Jun 19 12:52:26 2009] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
    [Fri Jun 19 12:52:27 2009] [notice] Apache configured -- resuming normal operations

    When we ran 'tcpdump', all it returned was the IP address for the server connected on several ports via SSH. Running 'netstat -an' shows the server's IP address, again connected on different ports, and the localhost address connected on a few. No other IP addresses--and we have about 10--are showing as connected.

    Anyway, this is all we've been able to figure out. Anyone had this problem and solved it successfully?

    We look forward to your helpful, solutions-oriented responses. Let us know if you need more hardware or software info to provide assistance.

    Sasha

  2. #2
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    I doubt it is because of suhosin. What does

    host webhostingtalk.com 4.2.2.2

    return?
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  3. #3
    Join Date
    May 2009
    Posts
    66
    Quote Originally Posted by Steven View Post
    I doubt it is because of suhosin. What does

    host webhostingtalk.com 4.2.2.2

    return?
    Thanks, Steven, for your prompt response. Here's the output:

    Using domain server:
    Name: 4.2.2.2
    Address: 4.2.2.2#53
    Aliases:

    webhostingtalk.com has address 174.37.84.67
    webhostingtalk.com has address 174.37.71.235
    webhostingtalk.com mail is handled by 10 mail.inetinteractive.com.

    So, what does this mean?

    Anya

  4. #4
    Join Date
    Mar 2009
    Location
    Chicago, IL
    Posts
    219
    I think you have two separate problems here.

    1. Something is broken with your suhosin installation, this is why you're seeing the message below...

    PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/suhosin.so' - /usr/lib64/php/modules/suhosin.so: undefined symbol: php_rfc1867_callback in Unknown on line 0

    It's hard to say exactly what's broken there as we'd need more information on how you installed it. Source build, package, etc?

    2. Local Resolver issue: If the above host command to 4.2.2.2 works, then whatever you have in /etc/resolv.conf is simply failing. I would contact your datacenter and find out what they use for local resolvers and verify against the content of /etc/resolv.conf. If that doesn't work, you should update resolve.conf to use a set of nameservers that you *know* works, such as 4.2.2.2 and 4.2.2.3 .

    The above resolvers should *only* be used until your datacenter can help you get going on their own resolvers again. It's simply bad form to use a public resolver without permission from the people that run it.

  5. #5
    Join Date
    Aug 2008
    Location
    Shoreline WA
    Posts
    160
    This looks to only have to do with the resolvers set in "/etc/resolv.conf". Each resolver should be referenced by IP address such as the common 2 resolver setup:

    nameserver 63.129.243.140
    nameserver 63.129.244.240

    This is what allows anything on your system to look up a host name, translate it to an IP address, and then go about initiating a connection to that IP address. No other actions will resolve this other than setting up a good set of resolvers that function from your location. Without resolvers, you will still be able to communicate with the internet via their IP addresses, but host name translation to IP address will not function, this is normal for a system using resolvers that are not responding. You can check to see if a resolver is responding by taking the listed IP address of one of the resolvers in the "/etc/resolv.conf" and doing a query such as:

    dig www.yahoo.com @63.129.243.140

    With the 63.129.243.140 representing one of the resolvers listed in the "/etc/resolv.conf".

    What you did with the "host" command was demonstrate that you were able to communicate with a DNS server, which means that iptables or any other firewall software is not getting in the way.
    Jonathan Kinney
    Data Systems Specialist
    Advantagecom Networks, Inc.
    http://www.simplywebhosting.com

  6. #6
    Join Date
    May 2009
    Posts
    66

    Exclamation Yum, Package Managers Still Not Working

    Quote Originally Posted by SA-ChrisM View Post
    ... If that doesn't work, you should update resolve.conf to use a set of nameservers that you *know* works, such as 4.2.2.2 and 4.2.2.3 .

    The above resolvers should *only* be used until your datacenter can help you get going on their own resolvers again. It's simply bad form to use a public resolver without permission from the people that run it.
    We got our nameservers to work without having to go the public route and our server began resolving hostnames via dig and nslookup but we still can't ping them and whois doesn't work. And, we're still getting the following when we run "yum repolist":

    http://mirror.centos.org/centos/5/os...ta/repomd.xml: [Errno 4] IOError: <urlopen error (-2, 'Name or service not known')>
    Trying other mirror.
    Error: Cannot retrieve repository metadata (repomd.xml) for repository: base. Please verify its path and try again
    We've disabled every repo, plugins, made sure port 80 was open via IPTables and ran rm -f /var/lib/rpm/__db* && rpmdb -vv --rebuilddb. Rebooting didn't restore anything, either.

    At this point, we don't know what else to do. Any other ideas, please let us know. For now, we're passing it up the tech support DC chain.

    Anya

  7. #7
    Join Date
    Feb 2008
    Location
    Houston, Texas, USA
    Posts
    2,955
    Hi Anya,

    Are you running a firewall? Perhaps it's blocking outgoing traffic. Please provide the output of the following command:

    iptables -nL OUTPUT
    Regards
    UNIXy - Fully Managed Servers and Clusters - Established in 2006
    [ cPanel Varnish Nginx Plugin ] - Enhance LiteSpeed and Apache Performance
    www.unixy.net - Los Angeles | Houston | Atlanta | Rotterdam
    Love to help pro bono (time permitting). joe > unixy.net

  8. #8
    Join Date
    May 2009
    Posts
    66
    Quote Originally Posted by UNIXy View Post
    Hi Anya,

    Are you running a firewall? Perhaps it's blocking outgoing traffic. Please provide the output of the following command:



    Regards
    UNIXy,

    SA Chris and Jonathan helped me determine that the firewall isn't the issue. I was able to run their commands successfully and after changing the resolvers in /etc/resolv.conf to different ones, I have been able to dig and nslookup hostnames, though I still can't ping them.

    I'm running IPTables with CSF. Are there specific ports I should add to IPTables (other than 22 for SSH and 80 for HTTP) in order to successfully run yum, smart, rpm, etc. as well as ping hostnames?

    Anya

Similar Threads

  1. how install Suhosin ???
    By mixmox in forum Hosting Security and Technology
    Replies: 4
    Last Post: 06-01-2009, 07:28 AM
  2. problem with install suhosin and ...
    By mixmox in forum Hosting Security and Technology
    Replies: 7
    Last Post: 11-14-2008, 10:47 AM
  3. Issues when i try to install AWBS Scripts on my server
    By tkanaco in forum Hosting Security and Technology
    Replies: 3
    Last Post: 07-09-2008, 07:34 PM
  4. how to install mod_security, suhosin, Mod_Evasive on server plesk (apache2, php5)
    By xserverx in forum Hosting Security and Technology
    Replies: 4
    Last Post: 07-26-2007, 09:46 AM
  5. Suhosin install
    By H_Admin in forum Hosting Security and Technology
    Replies: 6
    Last Post: 06-18-2007, 07:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •