Results 1 to 8 of 8
-
06-19-2009, 01:58 PM #1Junior Guru Wannabe
- Join Date
- May 2009
- Posts
- 66
Dedicated Server Resolver Issues Since Suhosin Install
Hello all,
For the last several days on one of our dedicated servers, a AMD 3000+ 2GB RAM 2x80GB HDD 5TB traffic installed with CentOS 5.3 64-bit w/a GNU Linux kernel-2.6.18-128.1.10.el5, we use as a 'backup' to our master, we've been having resolver issues. If we attempt to ping, dig or nslookup ANY hostname, we get "unknown host domainexample.com". We can, however, ping IP addresses, including the external one for the server. (Pinging the server from another, not connected to the network returns 0% packet loss.)
Our package managers can't resolve hostnames, either. For instance, when we try to run yum, we get:
"Could not retrieve reponamehere http://mrepodomainnamehere.com
[Errno 4] IOError: <urlopen error (-2, 'Name or service not known')>
Error: Cannot find a valid baseurl for repo: reponamehere"
We've already tried disabling several repos and it should be noted that when we use "wget" or "git" or any other package installer, we have the same resolving issues.
Our "/etc/resolv.conf" contains nameservers for the major upstream DC to our provider, which gave us permission to use them. We've tried two sets from them as well as those from our provider and from a DNS service provider. None have worked. (BTW, We have two servers with this provider and the other one is fine; the provider, though this is an unmanaged sever, is attempting to be very helpful and responsive. No problems there.)
We've tried rebooting the server and flushing IPtables as well as stopping it altogether. (Thankfully, we've set our DNS, SQL and httpd servers to run on boot) Nothing seems to resolve the issue (no pun intended).
However, we think this problem may have to do with having installed Suhosin on the server this past weekend since it seems to have started shortly after that but we're not sure. We are getting the following errors in from our httpd logs, though:
[Fri Jun 19 12:52:25 2009] [notice] Graceful restart requested, doing restart
[Fri Jun 19 12:52:25 2009] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
[Fri Jun 19 12:52:26 2009] [notice] Digest: generating secret for digest authentication ...
[Fri Jun 19 12:52:26 2009] [notice] Digest: done
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/suhosin.so' - /usr/lib64/php/modules/suhosin.so: undefined symbol: php_rfc1867_callback in Unknown on line 0
[Fri Jun 19 12:52:26 2009] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Fri Jun 19 12:52:27 2009] [notice] Apache configured -- resuming normal operations
When we ran 'tcpdump', all it returned was the IP address for the server connected on several ports via SSH. Running 'netstat -an' shows the server's IP address, again connected on different ports, and the localhost address connected on a few. No other IP addresses--and we have about 10--are showing as connected.
Anyway, this is all we've been able to figure out. Anyone had this problem and solved it successfully?
We look forward to your helpful, solutions-oriented responses. Let us know if you need more hardware or software info to provide assistance.
Sasha
-
06-19-2009, 02:13 PM #2Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
I doubt it is because of suhosin. What does
host webhostingtalk.com 4.2.2.2
return?Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
06-19-2009, 02:17 PM #3Junior Guru Wannabe
- Join Date
- May 2009
- Posts
- 66
Thanks, Steven, for your prompt response. Here's the output:
Using domain server:
Name: 4.2.2.2
Address: 4.2.2.2#53
Aliases:
webhostingtalk.com has address 174.37.84.67
webhostingtalk.com has address 174.37.71.235
webhostingtalk.com mail is handled by 10 mail.inetinteractive.com.
So, what does this mean?
Anya
-
06-19-2009, 02:26 PM #4Junior Guru
- Join Date
- Mar 2009
- Location
- Chicago, IL
- Posts
- 219
I think you have two separate problems here.
1. Something is broken with your suhosin installation, this is why you're seeing the message below...
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/suhosin.so' - /usr/lib64/php/modules/suhosin.so: undefined symbol: php_rfc1867_callback in Unknown on line 0
It's hard to say exactly what's broken there as we'd need more information on how you installed it. Source build, package, etc?
2. Local Resolver issue: If the above host command to 4.2.2.2 works, then whatever you have in /etc/resolv.conf is simply failing. I would contact your datacenter and find out what they use for local resolvers and verify against the content of /etc/resolv.conf. If that doesn't work, you should update resolve.conf to use a set of nameservers that you *know* works, such as 4.2.2.2 and 4.2.2.3 .
The above resolvers should *only* be used until your datacenter can help you get going on their own resolvers again. It's simply bad form to use a public resolver without permission from the people that run it.
-
06-19-2009, 02:28 PM #5WHT Addict
- Join Date
- Aug 2008
- Location
- Shoreline WA
- Posts
- 160
This looks to only have to do with the resolvers set in "/etc/resolv.conf". Each resolver should be referenced by IP address such as the common 2 resolver setup:
nameserver 63.129.243.140
nameserver 63.129.244.240
This is what allows anything on your system to look up a host name, translate it to an IP address, and then go about initiating a connection to that IP address. No other actions will resolve this other than setting up a good set of resolvers that function from your location. Without resolvers, you will still be able to communicate with the internet via their IP addresses, but host name translation to IP address will not function, this is normal for a system using resolvers that are not responding. You can check to see if a resolver is responding by taking the listed IP address of one of the resolvers in the "/etc/resolv.conf" and doing a query such as:
dig www.yahoo.com @63.129.243.140
With the 63.129.243.140 representing one of the resolvers listed in the "/etc/resolv.conf".
What you did with the "host" command was demonstrate that you were able to communicate with a DNS server, which means that iptables or any other firewall software is not getting in the way.
-
06-20-2009, 08:31 PM #6Junior Guru Wannabe
- Join Date
- May 2009
- Posts
- 66
Yum, Package Managers Still Not Working
We got our nameservers to work without having to go the public route and our server began resolving hostnames via dig and nslookup but we still can't ping them and whois doesn't work. And, we're still getting the following when we run "yum repolist":
http://mirror.centos.org/centos/5/os...ta/repomd.xml: [Errno 4] IOError: <urlopen error (-2, 'Name or service not known')>
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: base. Please verify its path and try again
At this point, we don't know what else to do. Any other ideas, please let us know. For now, we're passing it up the tech support DC chain.
Anya
-
06-20-2009, 11:19 PM #7Corporate Member
- Join Date
- Feb 2008
- Location
- Houston, Texas, USA
- Posts
- 3,262
Hi Anya,
Are you running a firewall? Perhaps it's blocking outgoing traffic. Please provide the output of the following command:
iptables -nL OUTPUTUNIXy - Fully Managed Servers and Clusters - Established in 2006
Server Management - Unlimited Servers. Unlimited Requests. One Plan!
cPanel Varnish Plugin -- Seamless SSL Caching (Let's Encrypt, AutoSSL, etc)
Slow Site or Server? Unable to handle traffic? Same day performance fix: joe@unixy
-
06-21-2009, 01:14 AM #8Junior Guru Wannabe
- Join Date
- May 2009
- Posts
- 66
UNIXy,
SA Chris and Jonathan helped me determine that the firewall isn't the issue. I was able to run their commands successfully and after changing the resolvers in /etc/resolv.conf to different ones, I have been able to dig and nslookup hostnames, though I still can't ping them.
I'm running IPTables with CSF. Are there specific ports I should add to IPTables (other than 22 for SSH and 80 for HTTP) in order to successfully run yum, smart, rpm, etc. as well as ping hostnames?
Anya
Similar Threads
-
how install Suhosin ???
By mixmox in forum Hosting Security and TechnologyReplies: 4Last Post: 06-01-2009, 07:28 AM -
problem with install suhosin and ...
By mixmox in forum Hosting Security and TechnologyReplies: 7Last Post: 11-14-2008, 10:47 AM -
Issues when i try to install AWBS Scripts on my server
By tkanaco in forum Hosting Security and TechnologyReplies: 3Last Post: 07-09-2008, 07:34 PM -
how to install mod_security, suhosin, Mod_Evasive on server plesk (apache2, php5)
By xserverx in forum Hosting Security and TechnologyReplies: 4Last Post: 07-26-2007, 09:46 AM -
Suhosin install
By H_Admin in forum Hosting Security and TechnologyReplies: 6Last Post: 06-18-2007, 07:29 AM