CPanel using old named db files and ignoring chroot

[caldwell]

Our CPanel on CentOS is set to run in a chroot environment on /var/named/chroot/.

We recently edited a number of zones by hand instead of using the web interface to Edit DNS Zone due to the speed of finishing the task.

However, when we pulled up a zone in DNS Edit Zone, it showed NONE of the changes.

Upon looking further, it appears that CPanel, for some unknown reason, was doing the following:

1) All zones were in /var/named/chroot/var/named

2) Some zones had a symlink in /var/named

3) Some zones had a hard COPY in /var/named

So, in an effort to figure out what the problem was, I moved all of the .db files out of /var/named into a temporary directory. Then I restarted named using /etc/init.d/named restart.

No change. CPanel/WHM was still pulling the old zone information from somewhere else.

If I look at the file "/var/named/chroot/var/named/somedomain.com" in an editor, it is the new copy of the file as I have edited it.

If I look at the zone in WHM Edit DNS Zone, it shows me an old copy from somewhere else. It can't be from /var/named, as that directory is now emtpy.

Also interesting is the fact that if I create the symbolic link /var/named/somedomain.com -> /var/named/chroot/var/named/somedomain.com, then the proper zone file shows up in the WHM Edit DNS Zone editor.

Can someone explain the following:

1) Why is CPanel not solely using /var/named/chroot as it should?

2) Where is it finding/locating an older copy of the DNS zone file

3) Is there a way to force an update to see all of the changes we made to the files in /var/named/chroot/var/named without losing those changes?

4) If symlinks in /var/named are required, is there a way to force a recreation of all of those links since many of the files were not symlinked there?

5) Must /etc/named.conf and /var/named/chroot/etc/named.conf point to the directory /var/named/chroot/var/named, or should it be recognizing this due to the "-t /var/named/chroot" command line flag?

Any other thoughts on questions I should have asked but didn't would also be appreciated.

Thank you.

[cPanelDavidG]

cPanel/WHM does not support Bind-chroot environments.

[cpanelkenneth]

From your description it sounds like you have a cPanel DNS cluster, is that correct?

[caldwell]

From your description it sounds like you have a cPanel DNS cluster, is that correct?

Correct. At least trying to get one going.

As regards "cpanel doesn't support chroot," we have a standard CentOS install and then the standard CPanel install (done by the reseller) on the box.

I'm not sure what "cpanel doesn't support this" means in that context. It was apparently putting files in /var/named/chroot/var/named and adding a symlink in /var/named to the zone files. We didn't imagine that, and we didn't do the symlinks by hand. Nor did we create the original zone files any other way than CPanel.

Something changed...

[cpanelkenneth]

Correct. At least trying to get one going.

As regards "cpanel doesn't support chroot," we have a standard CentOS install and then the standard CPanel install (done by the reseller) on the box.

I'm not sure what "cpanel doesn't support this" means in that context. It was apparently putting files in /var/named/chroot/var/named and adding a symlink in /var/named to the zone files. We didn't imagine that, and we didn't do the symlinks by hand. Nor did we create the original zone files any other way than CPanel.

Something changed...

In a cPanel DNS Cluster, the WHM DNS interfaces will retrieve, and display, the newest zone file in the cluster. This is determined by the serial number in the zone.

Since your zone files are in multiple locations, the clustering functions are likely getting confused.

If you need assistance in sorting this matter, I encourage you open a support ticket.

[caldwell]

In a cPanel DNS Cluster, the WHM DNS interfaces will retrieve, and display, the newest zone file in the cluster. This is determined by the serial number in the zone.

Since your zone files are in multiple locations, the clustering functions are likely getting confused.

If you need assistance in sorting this matter, I encourage you open a support ticket.

I realize how BIND works and that the serial number is controlling that. What is confusing me is how it originally set up DNS zone file symlinks in the first place and why it suddenly changed.

What is further confusing is that after deleting xyz.com.db zone file from /var/named and ONLY having that zone file exist only as /var/named/chroot/var/named/xyz.com.db, CPanel's WHM "DNS Edit Zone" function is STILL picking up the old file! Old serial number. Old data.

Where? I can't find where it is even pulling the old zone file from.

That's bugging me. Does CPanel make a backup copy somewhere or store the zone file elsewhere? If it does, it's not in a directory or name that is indexed by the 'locate' command.

This is with restarting BIND in between.

[cpanelkenneth]

I realize how BIND works and that the serial number is controlling that. What is confusing me is how it originally set up DNS zone file symlinks in the first place and why it suddenly changed.

What is further confusing is that after deleting xyz.com.db zone file from /var/named and ONLY having that zone file exist only as /var/named/chroot/var/named/xyz.com.db, CPanel's WHM "DNS Edit Zone" function is STILL picking up the old file! Old serial number. Old data.

Where? I can't find where it is even pulling the old zone file from.

That's bugging me. Does CPanel make a backup copy somewhere or store the zone file elsewhere? If it does, it's not in a directory or name that is indexed by the 'locate' command.

This is with restarting BIND in between.

BIND has little to nothing to do with this.

With a cPanel DNS Cluster, all Zone files must be kept in sync throughout the cluster. The DNS Editor interfaces in WHM will query the cluster for the zone with the newest serial. When deducing problems with Zone files in a cPanel DNS Cluster it's not enough to examine the server where you are performing work. Every server in the cluster must be examined. More than likely one of them has a zone file with the incorrect data in it, which is what gets displayed when you load the zone in the DNS Editor within WHM.

The initial symlinks were setup by having the bind-chroot RPM installed, which also alters the BIND configuration to have zone files be in /var/named/chroot. As David Grega mentioned earlier, we don't support bind chroot configurations at this time. Our Tech Support Analysts will gladly assist you in reconfiguring the DNS setup and Zone files on your server.