The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Amazon Linux 2016.03 / cPanel DNSONLY / Bind Defaults

Discussion in 'Bind / DNS / Nameserver Issues' started by oldchili, Jul 4, 2016.

Tags:
  1. oldchili

    oldchili Registered

    Joined:
    Mar 18, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    Installing cPanel DNSONLY on Amazon Linux 2016.03 is pretty straight forward, however there is an issue with BIND's default /etc/named.conf vanilla setup. Bind on Amazon Linux is installed as a caching only nameserver. This is an issue when creating your own public ns1. and ns2. nameservers.

    You can see the following default configuration below which clearly states is for caching only nameserver:

    Code:
    include "/etc/rndc.key";
    
    controls {
      inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
    };
    
    //
    // named.conf
    //
    
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    
    options {
      listen-on { any; }; /*      updated by cPanel*/
      listen-on-v6 port 53 { ::1; };
      directory   "/var/named";
      dump-file   "/var/named/data/cache_dump.db";
      statistics-file "/var/named/data/named_stats.txt";
      memstatistics-file "/var/named/data/named_mem_stats.txt";
      allow-query     { localhost; };
      recursion yes;
      dnssec-enable yes;
      dnssec-validation yes;
      dnssec-lookaside auto;
    
      /* Path to ISC DLV key */
      bindkeys-file "/etc/named.iscdlv.key";
      managed-keys-directory "/var/named/dynamic";
    
    };
    
    logging {
      channel default_debug {
        file "data/named.run";
        severity dynamic;
      };
    };
    
    zone "." IN {
      type hint;
      file "named.ca";
    };
    
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
    
    Under the default installation your nameservers will REFUSE all DNS queries from the public...

    To fix this you need change
    Code:
    allow-query { localhost; }
    to
    Code:
    allow-query { any; }
    in order to allow zones to be queried.

    I belive cPanel should update Amazon Linux's bind configurations from fresh install otherwise installing out of the box when creating public nameservers is broken.
     
  2. UHLHosting

    UHLHosting Well-Known Member

    Joined:
    Sep 26, 2014
    Messages:
    53
    Likes Received:
    4
    Trophy Points:
    8
    Location:
    Bratislava
    cPanel Access Level:
    Root Administrator
    Twitter:

    How did you enabled DNSSEC since is not supported in cpanel or?
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you verify the steps you took to install Amazon Linux? Did you use the Amazon AMI offered by cPanel?

    Thank you.
     
Loading...

Share This Page