Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Amazon Linux 2016.03 / cPanel DNSONLY / Bind Defaults

Discussion in 'Bind / DNS / Nameserver Issues' started by oldchili, Jul 4, 2016.

Tags:
  1. oldchili

    oldchili Member

    Joined:
    Mar 18, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    Installing cPanel DNSONLY on Amazon Linux 2016.03 is pretty straight forward, however there is an issue with BIND's default /etc/named.conf vanilla setup. Bind on Amazon Linux is installed as a caching only nameserver. This is an issue when creating your own public ns1. and ns2. nameservers.

    You can see the following default configuration below which clearly states is for caching only nameserver:

    Code:
    include "/etc/rndc.key";
    
    controls {
      inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
    };
    
    //
    // named.conf
    //
    
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    
    options {
      listen-on { any; }; /*      updated by cPanel*/
      listen-on-v6 port 53 { ::1; };
      directory   "/var/named";
      dump-file   "/var/named/data/cache_dump.db";
      statistics-file "/var/named/data/named_stats.txt";
      memstatistics-file "/var/named/data/named_mem_stats.txt";
      allow-query     { localhost; };
      recursion yes;
      dnssec-enable yes;
      dnssec-validation yes;
      dnssec-lookaside auto;
    
      /* Path to ISC DLV key */
      bindkeys-file "/etc/named.iscdlv.key";
      managed-keys-directory "/var/named/dynamic";
    
    };
    
    logging {
      channel default_debug {
        file "data/named.run";
        severity dynamic;
      };
    };
    
    zone "." IN {
      type hint;
      file "named.ca";
    };
    
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
    
    Under the default installation your nameservers will REFUSE all DNS queries from the public...

    To fix this you need change
    Code:
    allow-query { localhost; }
    to
    Code:
    allow-query { any; }
    in order to allow zones to be queried.

    I belive cPanel should update Amazon Linux's bind configurations from fresh install otherwise installing out of the box when creating public nameservers is broken.
     
  2. UHLHosting

    UHLHosting Well-Known Member

    Joined:
    Sep 26, 2014
    Messages:
    57
    Likes Received:
    4
    Trophy Points:
    8
    Location:
    Bratislava
    cPanel Access Level:
    Root Administrator
    Twitter:

    How did you enabled DNSSEC since is not supported in cpanel or?
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you verify the steps you took to install Amazon Linux? Did you use the Amazon AMI offered by cPanel?

    Thank you.
     
  4. kbisignani

    kbisignani Member

    Joined:
    Jan 29, 2012
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    Root Administrator
    I was able to confirm this is still the case today - I was able to set up Amazon Linux AMI on an Amazon EC2 instance (I think a perfect and inexpensive option for something like cPanel DNSONLY). The installation went pretty smooth. But I ran in to the same issues that @oldchili did.

    The fix worked, but don't forget that you also need to restart the DNS service on the DNSONLY machine in order to for the changes to take effect.
     
  5. oldchili

    oldchili Member

    Joined:
    Mar 18, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    No I did not user the Amazon Linux AMI offered by cPanel because it's rarely up to date. Kinda disappointing this platform seems to lag behind CentOS compatibility.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Thank you for the valued feedback. There are plans to streamline updated images in the future. In the meantime, we recommend installing the older version of cPanel included with the official AMI offered by cPanel and then manually updating cPanel to the newer version.

    Thank you.
     
Loading...

Share This Page