Operating System & Version
CENTOS 7.7
cPanel & WHM Version
v84.0.21

coursevector

Well-Known Member
Feb 23, 2015
125
10
68
cPanel Access Level
Root Administrator
I am trying to renew my Let's Encrypt certificate through WHM/cPanel. It wont' because of my CAA records. It reports this issue:

Code:
1:29:53 PM Verifying “Let’s Encrypt™”’s authorization on domains via DNS CAA records …
1:29:53 PM ERROR CA forbidden: “example.com”
So I got to the zone editor in cPanel, and look at the CAA records. I have:

Code:
example.com.    3600    IN    CAA    0    issue    comodoca.com
example.com.    3600    IN    CAA    0    issue    amazon.com
example.com.    3600    IN    CAA    0    issuewild    ;
example.com.    3600    IN    CAA    0    iodef    mailto:[email protected]
So I go, oh lemme add Lets Encrypt then. So I do that and it looks like this in the zone record now:

Code:
example.com.    3600    IN    CAA    0    issue    comodoca.com
example.com.    3600    IN    CAA    0    issue    amazon.com
example.com.    3600    IN    CAA    0    issuewild    ;
example.com.    3600    IN    CAA    0    iodef    mailto:[email protected]
example.com.    3600    IN    CAA    0    issue    letsencrypt.org
I run AutoSSL again and I get this:

Code:
3:54:53 PM Verifying “Let’s Encrypt™”’s authorization on domains via DNS CAA records …
3:54:53 PM ERROR CA forbidden: “example.com”
I go, that's strange, I just added it. I go back to the zone file, and lo-and-behold the record I just added is now gone. Like it never even happened. WHAT is going on? My certificate expired and cPanel won't let me renew it. Please help.
 

cPanelLauren

Technical Support Community Manager
Staff member
Nov 14, 2017
13,304
1,247
313
Houston
You're doing this correctly, there must be something adding the record to the zone file or the change is not being retained for some reason.

Are you making the modification in cPanel's zone editor or through WHM? If you're doing it through cPanel could you try making the modification through WHM and let me know what the outcome is?

If the outcome is the same you might want to create an audit rule to see what's modifying the dns zone file for the domain, this isn't something that we add, my assumption is there's some script running that's adding this.
 

coursevector

Well-Known Member
Feb 23, 2015
125
10
68
cPanel Access Level
Root Administrator
@cPanelLauren

I was using the cPanel Zone Editor, so i tried the WHM DNS editor as you suggested. Same outcome, I can add the record and go back and verify it saved it. Then when I run Let's Encrypt from AutoSSL it says it's forbidden. I then go back and look and the record has been removed. I also checked the raw zone file to see if maybe it commented it out or something but nada.

I had never heard of an audit rule before so I had to look it up. This is what it logged:
Code:
# Add CAA record
type=CONFIG_CHANGE msg=audit(1581734154.486:32626): auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 op=add_rule key="example_dns_change" list=4 res=1
type=SYSCALL msg=audit(1581734255.007:32629): arch=c000003e syscall=2 success=yes exit=7 a0=1b01e50 a1=80042 a2=180 a3=2ac4c68b59d6 items=2 ppid=1608 pid=30250 auid=4294967295 uid=0gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053415645 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=CONFIG_CHANGE msg=audit(1581734255.008:32630): auid=4294967295 ses=4294967295 op=updated_rules path="/var/named/example.com.db" key="example_dns_change" list=4 res=1
type=SYSCALL msg=audit(1581734255.008:32631): arch=c000003e syscall=82 success=yes exit=0 a0=1b0cda0 a1=1ace150 a2=2ac4c6c39b80 a3=3 items=5 ppid=1608 pid=30250 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053415645 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1581734255.009:32632): arch=c000003e syscall=92 success=yes exit=0 a0=1b0e690 a1=19 a2=19 a3=7ffe1f9f1d20 items=1 ppid=1608 pid=30250 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053415645 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1581734257.028:32633): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865ec8 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0000" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1581734257.038:32634): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865400 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0000" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"

# Run AutoSSL
type=SYSCALL msg=audit(1581734446.945:32695): arch=c000003e syscall=2 success=yes exit=7 a0=1b2cd60 a1=80042 a2=180 a3=2ac4c68b59d6 items=2 ppid=1608 pid=30738 auid=4294967295 uid=0gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053594E43 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=CONFIG_CHANGE msg=audit(1581734446.946:32696): auid=4294967295 ses=4294967295 op=updated_rules path="/var/named/example.com.db" key="example_dns_change" list=4 res=1
type=SYSCALL msg=audit(1581734446.946:32697): arch=c000003e syscall=82 success=yes exit=0 a0=1b31870 a1=1b29020 a2=2ac4c6c39b80 a3=3 items=5 ppid=1608 pid=30738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053594E43 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1581734446.946:32698): arch=c000003e syscall=92 success=yes exit=0 a0=1b2ea70 a1=19 a2=19 a3=7ffe1f9f1d20 items=1 ppid=1608 pid=30738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053594E43 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1581734448.964:32699): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865ec8 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0001" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1581734448.970:32700): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865400 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0001" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"
 

cPanelLauren

Technical Support Community Manager
Staff member
Nov 14, 2017
13,304
1,247
313
Houston
Hi @coursevector

Nice job creating the audit rule, sometimes I forget that it might not be something people use often and that's completely my fault, I apologize, I should have given you instructions.

I was hoping to see a modification by a service besides root or named unfortunately but this output just shows named making a change and root - which is standard when either of these actions is occurring. Was there output from after you made the modification until you ran autossl? What are the permissions of /var/named/example.com.db? Do you have a DNS cluster?
 

coursevector

Well-Known Member
Feb 23, 2015
125
10
68
cPanel Access Level
Root Administrator
@cPanelLauren
I couldn't find the original log anymore, i guess it cycled out so I re-ran the test. What I did before was set the "key" to a easy to find identifier and filtered to just show the records with that key. Below is a more verbose version based on the start of the first record and the end of the last record. But to answer your questions:

Permissions:
Code:
-rw-------.  1 named named 3.7K Feb 18 15:34 example.com.db
Code:
# stat example.com.db
  File: ‘example.com.db’
  Size: 3703            Blocks: 8          IO Block: 4096   regular file
Device: ca01h/51713d    Inode: 12809223    Links: 1
Access: (0600/-rw-------)  Uid: (   25/   named)   Gid: (   25/   named)
Context: system_u:object_r:named_zone_t:s0
Access: 2020-02-18 15:34:49.457145166 -0500
Modify: 2020-02-18 15:34:47.431159732 -0500
Change: 2020-02-18 15:34:47.431159732 -0500
 Birth: -
I am not running a DNS cluster.

Code:
type=SYSCALL msg=audit(1582058070.552:92870): arch=c000003e syscall=2 success=yes exit=7 a0=2b92190 a1=80042 a2=180 a3=2ad70e2479d6 items=2 ppid=1608 pid=19049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053415645 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=CWD msg=audit(1582058070.552:92870):  cwd="/"
type=PATH msg=audit(1582058070.552:92870): item=0 name="/var/named/" inode=12747081 dev=ca:01 mode=040755 ouid=25 ogid=25 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1582058070.552:92870): item=1 name="/var/named/example.com.db" inode=12602763 dev=ca:01 mode=0100600 ouid=25 ogid=25 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1582058070.552:92870): proctitle=646E7361646D696E202D20534156455A4F4E45202D20444C45467533713168536C6D49495836594935576478664B46325133793065305F3135383230353830373020284C4F43414C29
type=CONFIG_CHANGE msg=audit(1582058070.554:92871): auid=4294967295 ses=4294967295 op=updated_rules path="/var/named/example.com.db" key="example_dns_change" list=4 res=1
type=SYSCALL msg=audit(1582058070.554:92872): arch=c000003e syscall=82 success=yes exit=0 a0=2b98a70 a1=2b8f4c0 a2=2ad70e5cbb80 a3=3 items=5 ppid=1608 pid=19049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053415645 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=CWD msg=audit(1582058070.554:92872):  cwd="/"
type=PATH msg=audit(1582058070.554:92872): item=0 name="/var/named/" inode=12747081 dev=ca:01 mode=040755 ouid=25 ogid=25 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1582058070.554:92872): item=1 name="/var/named/" inode=12747081 dev=ca:01 mode=040755 ouid=25 ogid=25 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1582058070.554:92872): item=2 name="/var/named/example.com.db-25e658099a235-2a3ae543-16f8b" inode=12809226 dev=ca:01 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1582058070.554:92872): item=3 name="/var/named/example.com.db" inode=12602763 dev=ca:01 mode=0100600 ouid=25 ogid=25 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1582058070.554:92872): item=4 name="/var/named/example.com.db" inode=12809226 dev=ca:01 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1582058070.554:92872): proctitle=646E7361646D696E202D20534156455A4F4E45202D20444C45467533713168536C6D49495836594935576478664B46325133793065305F3135383230353830373020284C4F43414C29
type=SYSCALL msg=audit(1582058070.555:92873): arch=c000003e syscall=92 success=yes exit=0 a0=2b921c0 a1=19 a2=19 a3=7ffc7c7282a0 items=1 ppid=1608 pid=19049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053415645 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=CWD msg=audit(1582058070.555:92873):  cwd="/"
type=PATH msg=audit(1582058070.555:92873): item=0 name="/var/named/example.com.db" inode=12809226 dev=ca:01 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1582058070.555:92873): proctitle=646E7361646D696E202D20534156455A4F4E45202D20444C45467533713168536C6D49495836594935576478664B46325133793065305F3135383230353830373020284C4F43414C29
type=SYSCALL msg=audit(1582058072.572:92874): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865ec8 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0001" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"
type=CWD msg=audit(1582058072.572:92874):  cwd="/var/named"
type=PATH msg=audit(1582058072.572:92874): item=0 name="/var/named/example.com.db" inode=12809226 dev=ca:01 mode=0100600 ouid=25 ogid=25 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1582058072.572:92874): proctitle=2F7573722F7362696E2F6E616D6564002D75006E616D6564002D63002F6574632F6E616D65642E636F6E66
type=SYSCALL msg=audit(1582058072.578:92875): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865400 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0001" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"
type=CWD msg=audit(1582058072.578:92875):  cwd="/var/named"
type=PATH msg=audit(1582058072.578:92875): item=0 name="/var/named/example.com.db" inode=12809226 dev=ca:01 mode=0100600 ouid=25 ogid=25 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1582058072.578:92875): proctitle=2F7573722F7362696E2F6E616D6564002D75006E616D6564002D63002F6574632F6E616D65642E636F6E66
type=SYSCALL msg=audit(1582058087.430:92876): arch=c000003e syscall=2 success=yes exit=7 a0=2bb7d70 a1=80042 a2=180 a3=2ad70e2479d6 items=2 ppid=1608 pid=19142 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053594E43 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=CWD msg=audit(1582058087.430:92876):  cwd="/"
type=PATH msg=audit(1582058087.430:92876): item=0 name="/var/named/" inode=12747081 dev=ca:01 mode=040755 ouid=25 ogid=25 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1582058087.430:92876): item=1 name="/var/named/example.com.db" inode=12809226 dev=ca:01 mode=0100600 ouid=25 ogid=25 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1582058087.430:92876): proctitle=646E7361646D696E202D2053594E435A4F4E4553202D2058394E68764E414C5866394C4B4B35794C41486E6949377466515A596B4E4C305F3135383230353830383720284C4F43414C29
type=CONFIG_CHANGE msg=audit(1582058087.431:92877): auid=4294967295 ses=4294967295 op=updated_rules path="/var/named/example.com.db" key="example_dns_change" list=4 res=1
type=SYSCALL msg=audit(1582058087.431:92878): arch=c000003e syscall=82 success=yes exit=0 a0=2bbc890 a1=2bb3fa0 a2=2ad70e5cbb80 a3=3 items=5 ppid=1608 pid=19142 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053594E43 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=CWD msg=audit(1582058087.431:92878):  cwd="/"
type=PATH msg=audit(1582058087.431:92878): item=0 name="/var/named/" inode=12747081 dev=ca:01 mode=040755 ouid=25 ogid=25 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1582058087.431:92878): item=1 name="/var/named/" inode=12747081 dev=ca:01 mode=040755 ouid=25 ogid=25 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1582058087.431:92878): item=2 name="/var/named/example.com.db-25e658099a235-1d16c4c43-5e7f" inode=12809223 dev=ca:01 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1582058087.431:92878): item=3 name="/var/named/example.com.db" inode=12809226 dev=ca:01 mode=0100600 ouid=25 ogid=25 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1582058087.431:92878): item=4 name="/var/named/example.com.db" inode=12809223 dev=ca:01 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1582058087.431:92878): proctitle=646E7361646D696E202D2053594E435A4F4E4553202D2058394E68764E414C5866394C4B4B35794C41486E6949377466515A596B4E4C305F3135383230353830383720284C4F43414C29
type=SYSCALL msg=audit(1582058087.431:92879): arch=c000003e syscall=92 success=yes exit=0 a0=2bb9a80 a1=19 a2=19 a3=7ffc7c7282a0 items=1 ppid=1608 pid=19142 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053594E43 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=CWD msg=audit(1582058087.431:92879):  cwd="/"
type=PATH msg=audit(1582058087.431:92879): item=0 name="/var/named/example.com.db" inode=12809223 dev=ca:01 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1582058087.431:92879): proctitle=646E7361646D696E202D2053594E435A4F4E4553202D2058394E68764E414C5866394C4B4B35794C41486E6949377466515A596B4E4C305F3135383230353830383720284C4F43414C29
type=SYSCALL msg=audit(1582058089.457:92880): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865ec8 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0000" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"
type=CWD msg=audit(1582058089.457:92880):  cwd="/var/named"
type=PATH msg=audit(1582058089.457:92880): item=0 name="/var/named/example.com.db" inode=12809223 dev=ca:01 mode=0100600 ouid=25 ogid=25 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1582058089.457:92880): proctitle=2F7573722F7362696E2F6E616D6564002D75006E616D6564002D63002F6574632F6E616D65642E636F6E66
type=SYSCALL msg=audit(1582058089.465:92881): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865400 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0000" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"
type=CWD msg=audit(1582058089.465:92881):  cwd="/var/named"
type=PATH msg=audit(1582058089.465:92881): item=0 name="/var/named/example.com.db" inode=12809223 dev=ca:01 mode=0100600 ouid=25 ogid=25 rdev=00:00 obj=system_u:object_r:named_zone_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PROCTITLE msg=audit(1582058089.465:92881): proctitle=2F7573722F7362696E2F6E616D6564002D75006E616D6564002D63002F6574632F6E616D65642E636F6E66
 

cPanelLauren

Technical Support Community Manager
Staff member
Nov 14, 2017
13,304
1,247
313
Houston
Hello,


A lot of what I'm looking for here is the UID of the user changing the file. All I'm seeing here is root and named making changes. Also to not get this confused with other rules in the audit logs you can just grep for that key so:

Code:
grep example_dns_change /var/log/audit/audit.log
Which leaves you with:
Code:
[[email protected] logs]# grep example_dns_change audit
type=SYSCALL msg=audit(1582058070.552:92870): arch=c000003e syscall=2 success=yes exit=7 a0=2b92190 a1=80042 a2=180 a3=2ad70e2479d6 items=2 ppid=1608 pid=19049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053415645 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=CONFIG_CHANGE msg=audit(1582058070.554:92871): auid=4294967295 ses=4294967295 op=updated_rules path="/var/named/example.com.db" key="example_dns_change" list=4 res=1
type=SYSCALL msg=audit(1582058070.554:92872): arch=c000003e syscall=82 success=yes exit=0 a0=2b98a70 a1=2b8f4c0 a2=2ad70e5cbb80 a3=3 items=5 ppid=1608 pid=19049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053415645 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1582058070.555:92873): arch=c000003e syscall=92 success=yes exit=0 a0=2b921c0 a1=19 a2=19 a3=7ffc7c7282a0 items=1 ppid=1608 pid=19049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053415645 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1582058072.572:92874): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865ec8 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0001" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1582058072.578:92875): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865400 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0001" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1582058087.430:92876): arch=c000003e syscall=2 success=yes exit=7 a0=2bb7d70 a1=80042 a2=180 a3=2ad70e2479d6 items=2 ppid=1608 pid=19142 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053594E43 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=CONFIG_CHANGE msg=audit(1582058087.431:92877): auid=4294967295 ses=4294967295 op=updated_rules path="/var/named/example.com.db" key="example_dns_change" list=4 res=1
type=SYSCALL msg=audit(1582058087.431:92878): arch=c000003e syscall=82 success=yes exit=0 a0=2bbc890 a1=2bb3fa0 a2=2ad70e5cbb80 a3=3 items=5 ppid=1608 pid=19142 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053594E43 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1582058087.431:92879): arch=c000003e syscall=92 success=yes exit=0 a0=2bb9a80 a1=19 a2=19 a3=7ffc7c7282a0 items=1 ppid=1608 pid=19142 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053594E43 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1582058089.457:92880): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865ec8 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0000" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1582058089.465:92881): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865400 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0000" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"
I'm most interested in these which are putting out an exit=7 rather than a success which would be 0:

Code:
[[email protected] logs]# grep example_dns_change audit |grep exit=7
type=SYSCALL msg=audit(1582058070.552:92870): arch=c000003e syscall=2 success=yes exit=7 a0=2b92190 a1=80042 a2=180 a3=2ad70e2479d6 items=2 ppid=1608 pid=19049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053415645 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1582058087.430:92876): arch=c000003e syscall=2 success=yes exit=7 a0=2bb7d70 a1=80042 a2=180 a3=2ad70e2479d6 items=2 ppid=1608 pid=19142 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=646E7361646D696E202D2053594E43 exe="/usr/local/cpanel/whostmgr/bin/dnsadmin" subj=system_u:system_r:unconfined_service_t:s0 key="example_dns_change"
I believe this is you changing the DNS zone file - what is output in WHM when you do this? Is there an error?

There is also:
Code:
[[email protected] logs]# grep example_dns_change audit |grep exit=6
type=SYSCALL msg=audit(1582058072.572:92874): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865ec8 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0001" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1582058072.578:92875): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865400 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0001" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1582058089.457:92880): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865ec8 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0000" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"
type=SYSCALL msg=audit(1582058089.465:92881): arch=c000003e syscall=2 success=yes exit=6 a0=7fbde9865400 a1=0 a2=1b6 a3=24 items=1 ppid=1 pid=1609 auid=4294967295 uid=25 gid=25 euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="isc-worker0000" exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key="example_dns_change"
Which is named itself

What do you get when you run named-checkzone?

Code:
named-checkzone full /var/named/domain.tld.db
 

coursevector

Well-Known Member
Feb 23, 2015
125
10
68
cPanel Access Level
Root Administrator
"I believe this is you changing the DNS zone file - what is output in WHM when you do this?" - This is what I get:
Modifying Zone example.com
zone example.com/IN: loaded serial 2020022212 OK

Bind reloading on host using rndc zone: [example.com]
Bind reloading on host using rndc zone: [example.com]


Reconfiguring Mail Routing:

LOCAL MAIL EXCHANGER: This server will serve as a primary mail exchanger for example.com's mail.: This configuration has been manually selected.



Your settings have been updated.
"What do you get when you run named-checkzone? "
Code:
/var/named/example.com.db:4: ignoring out-of-zone data (example.com)
/var/named/example.com.db:19: ignoring out-of-zone data (example.com)
/var/named/example.com.db:20: ignoring out-of-zone data (example.com)
/var/named/example.com.db:22: ignoring out-of-zone data (example.com)
/var/named/example.com.db:23: ignoring out-of-zone data (example.com)
/var/named/example.com.db:27: ignoring out-of-zone data (example.com)
/var/named/example.com.db:37: ignoring out-of-zone data (example.com)
/var/named/example.com.db:38: ignoring out-of-zone data (example.com)
/var/named/example.com.db:39: ignoring out-of-zone data (example.com)
/var/named/example.com.db:40: ignoring out-of-zone data (example.com)
/var/named/example.com.db:41: ignoring out-of-zone data (example.com)
zone full/IN: has 0 SOA records
zone full/IN: has no NS records
zone full/IN: not loaded due to errors.
Now, I did take a look at the raw zone file after editing it with WHM. I do see the record added and saved properly:
Code:
example.com.   3600    IN      TYPE257 \# 22 000569737375XXXXXXXXXXXXXXXXXXXX742E6F7267
But after running AutoSSL, that line disappears from the zone file. Before and after named-checkzone says the same thing. The ONLY weird thing I have in the zone file I could possibly attribute any weirdness to is I have a text record in there that contains a JavaScript embed. So something along the lines of this:
Code:
example.com.   3600    IN      TXT     "<script src='//example2.com/joke.js'></script>"
The script just plays some music and other silly stuff for the DNS lookup services that don't properly escape the records. But it shouldn't cause any errors in the zone file as it's properly quoted, so I don't THINK that's a factor but thought I'd mention it. i was able to add another subdomains after that record without issues for months.
 

cPanelLauren

Technical Support Community Manager
Staff member
Nov 14, 2017
13,304
1,247
313
Houston
What line is that TXT record on in the Zone file? Also what is on the lines as follows: 4, 19, 20, 22, 23, 27, 37, 38, 39, 40, 41



The output from named-checkzone indicates there were some issues with the zone file in other spots too:

Code:
zone full/IN: has 0 SOA records
zone full/IN: has no NS records
zone full/IN: not loaded due to errors.
Namely that it wasn't loaded because of errors - I'd assume that's when named is rebuilding the configuration and overwriting what you're adding - is an SOA and NS records present in the zone?

I wonder if this is related to the difference in name for zone type with CAA records - Bind didn't use to support it ( prior to 9.9) and if you're on CentOS 6 it may not still, so using TYPE257 was what you'd enter but bind 9.9 and higher recognize the CAA type.
 

coursevector

Well-Known Member
Feb 23, 2015
125
10
68
cPanel Access Level
Root Administrator
Here is a sanitized version of my zone file in question. The server is running CENTOS 7.7 and WHM 84.0.21 with BIND version 9.11.4.

Code:
; cPanel first:11.56.0.24 (update_time):1582397296 Cpanel::ZoneFile::VERSION:1.3 hostname:host.server.com latest:84.0.21
; Zone file for example.com
$TTL 14400
example.com.   3600    IN      SOA     ns1.server.com. servers.vendor.com.       (
                                                2020022212 ;Serial Number
                                                3600 ;refresh
                                                1800 ;retry
                                                1209600 ;expire
                                                86400 ;minimum
        )
; example.com. 86400   IN      SOA     ns1.old-server.com.       webmaster.vendor.com.     ( ; Previous value removed by cPanel restore auto-merge on 20190412124608 GMT
;                                               2018090500 ;Serial Number ; Previous value removed by cPanel restore auto-merge on 20190412124608 GMT
;                                               3600 ;refresh ; Previous value removed by cPanel restore auto-merge on 20190412124608 GMT
;                                               7200 ;retry ; Previous value removed by cPanel restore auto-merge on 20190412124608 GMT
;                                               1209600 ;expire ; Previous value removed by cPanel restore auto-merge on 20190412124608 GMT
;                                               86400 ;minimum ; Previous value removed by cPanel restore auto-merge on 20190412124608 GMT
;       ) ; Previous value removed by cPanel restore auto-merge on 20190412124608 GMT
; example.com. 86400   IN      NS      ns1.old-server.com. ; Previous value removed by cPanel restore auto-merge on 20190412124608 GMT
example.com.   3600    IN      NS      ns2.server.com.
example.com.   3600    IN      NS      ns1.server.com.
; example.com. 86400   IN      NS      ns2.old-server.com. ; Previous value removed by cPanel restore auto-merge on 20190412124608 GMT
example.com.   3600    IN      A       255.255.255.255
example.com.   3600    IN      MX      0       example.com.
mail    3600    IN      CNAME   example.com.
www     3600    IN      CNAME   example.com.
ftp     3600    IN      A       255.255.255.255
example.com.   3600    IN      TXT     "v=spf1 ip4:255.255.255.255 ip4:255.255.255.255 +a +mx +ip4:255.255.255.254 -all"
cpanel  3600    IN      A       255.255.255.255
webmail 3600    IN      A       255.255.255.255
autoconfig      3600    IN      A       255.255.255.255
autodiscover    3600    IN      A       255.255.255.255
_autodiscover._tcp      3600    IN      SRV     0       0       443     cpanelemaildiscovery.cpanel.net.
default._domainkey      3600    IN      TXT     "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB...szFrcRRfp0nEVhZZad5PqUnLJGi6Z8uAZcvowIDAQAB\;
minecraft       3600    IN      CNAME   example2.com.
_7f188...4974b0d.cdn   3600    IN      CNAME   _2dfb97a...674678.acm-validations.aws.
cdn     3600    IN      CNAME   d1no...pp9.cloudfront.net.
example.com.   3600    IN      TYPE257 \# 19 0005697373...D6F646F63612E636F6D
example.com.   3600    IN      TYPE257 \# 17 0005697373...617A6F6E2E636F6D
example.com.   3600    IN      TYPE257 \# 12 0009697373...C643B
example.com.   3600    IN      TYPE257 \# 30 0005696F646...746F3A646E73406D617269616E692E6C696665
example.com.   3600    IN      TXT     "<script src='//example3.com/topkek.js'></script>"
_5bb0f2c...727e55c.api   14400   IN      CNAME   _20797b3c34...b1953d24.olprtlswtu.acm-validations.aws.
api     3600    IN      CNAME   d-o...k.execute-api.us-east-1.amazonaws.com.
gallery 3600    IN      CNAME   example-gallery.netlify.com.
 

cPanelLauren

Technical Support Community Manager
Staff member
Nov 14, 2017
13,304
1,247
313
Houston
Ok, I just wanted to ensure that it wasn't being automatically created. Can you tell me what you're adding when you add the record? Are you adding the Type as TYPE257? Modern CAA records are input in the following format (since =>Bind 9.9)

Code:
sectigo. IN CAA 0 issue "sectigo.com"
Old Legacy type looks like the following for the same record:
Code:
sectigo. IN TYPE257 \# 18 000569737375657365637469676F2E636F6D
What I'm curious about occurring here is that the TYPE257 type is not being recognized.
 

coursevector

Well-Known Member
Feb 23, 2015
125
10
68
cPanel Access Level
Root Administrator
i go into cpanel, click add CAA record (or select CAA as a type) and fill out the record options and hit save. I didn't even realize it was saving it as TYPE257 until I looked at the raw zone file.
 

cPanelLauren

Technical Support Community Manager
Staff member
Nov 14, 2017
13,304
1,247
313
Houston
Yea, that's really strange, I am pretty confused as to why it's doing that as well. I'm sure that's what is causing the issue. I'm going to do a bit of research to see what I can find out on that, but in the meantime if you manually edit the zone file to include teh record you need included and remove the old type record (ensure you increase the serial on the zone file) does it still get changed?
 

coursevector

Well-Known Member
Feb 23, 2015
125
10
68
cPanel Access Level
Root Administrator
I just went through cPanel -> Zone Editor -> Manage -> Add CAA Record. Filled in the form for letsencrypt.org and it added this record to the zone file:

Code:
example.com.   3600    IN      TYPE257 \# 22 00056973....0742E6F7267
I then removed the record using the Zone Editor and added in the record as you formatted it manually to the zone file and incremented the serial number.

Code:
example.com.   3600    IN      CAA     0 issue "letsencrypt.org"
It shows up correctly in the Zone Editor. I then tried to run AutoSSL again, and it still says it's forbidden but it did NOT remove the record this time.

5:00:57 PM AutoSSL’s configured provider is “Let’s Encrypt™”.
Analyzing “example”’s domains …
5:00:57 PM Analyzing “example.com” …
5:00:57 PM ERROR TLS Status: Defective
ERROR Certificate expiry: 2/9/20, 8:26 AM UTC (17.57 days ago)
ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:10:CERT_HAS_EXPIRED).
5:00:57 PM Attempting to ensure the existence of necessary CAA records …
5:00:57 PM No CAA records were created.
5:00:57 PM Verifying “Let’s Encrypt™”’s authorization on domains via DNS CAA records …
5:00:57 PM ERROR CA forbidden: “example.com”
ERROR CA forbidden: “www.example.com” (alias of “example.com.”)
ERROR CA forbidden: “mail.example.com” (alias of “example.com.”)
ERROR CA forbidden: “cpanel.example.com” (via “example.com”)
ERROR CA forbidden: “webdisk.example.com” (via “example.com”)
ERROR CA forbidden: “webmail.example.com” (via “example.com”)
ERROR CA forbidden: “autodiscover.example.com” (via “example.com”)
5:00:57 PM AutoSSL cannot increase “example”’s SSL coverage.
I'm not sure if I have to reload any services after editing the file directly, I did not.
 

cPanelLauren

Technical Support Community Manager
Staff member
Nov 14, 2017
13,304
1,247
313
Houston
Ok, good, so can you give me the output of the following on that server?

Code:
rpm -qa |grep bind
(and I know it's reporting as 9.11 but I just want to confirm thats what you get when you look at the version)

Code:
named -v
Code:
ps faux |egrep -i 'named|bind'
Also, we made a bunch of changes for how these records are translated some time ago and I wonder, do you have anything being excluded in /etc/cpanelsync.exclude

and anything set in /etc/cpupdate.conf

As well as any custom settings in /var/cpanel/rpm.versions.d/


Also if you manually edited the zone file you'd want to update the serial within the zone file, the format is YYYY-MM-DD-CC where C stands for counter (number of times that day you've edited)

Once it's updated accordingly you'd then reload the zone.

Do you have any custom zone templates? You can view them at WHM>>DNS Functions>>Edit Zone Templates
 
Last edited:

coursevector

Well-Known Member
Feb 23, 2015
125
10
68
cPanel Access Level
Root Administrator
Here you go

Code:
# rpm -qa |grep bind
rpcbind-0.2.0-48.el7.x86_64
bind-lite-devel-9.11.4-9.P2.el7.x86_64
bind-utils-9.11.4-9.P2.el7.x86_64
bind-license-9.11.4-9.P2.el7.noarch
bind-libs-lite-9.11.4-9.P2.el7.x86_64
cpanel-bindp-1.0.0-1.cp1152.x86_64
bind-libs-9.11.4-9.P2.el7.x86_64
bind-devel-9.11.4-9.P2.el7.x86_64
bind-9.11.4-9.P2.el7.x86_64
bind-export-libs-9.11.4-9.P2.el7.x86_64
Code:
# named -v
BIND 9.11.4-P2-RedHat-9.11.4-9.P2.el7 (Extended Support Version) <id:7107deb>
Code:
# ps faux |egrep -i 'named|bind'
rpc 801 0.0 0.0 69276 1092 ? Ss Feb13 0:02 /sbin/rpcbind -w
named 1609 0.0 1.4 317696 115384 ? Ssl Feb13 1:38 /usr/sbin/named -u named -c /etc/named.conf
root     24813  0.0  0.0 112712   988 pts/0    S+   14:45   0:00                      \_ grep -E --color=auto -i named|bind
 

cPanelLauren

Technical Support Community Manager
Staff member
Nov 14, 2017
13,304
1,247
313
Houston
@coursevector


All good with bind - I added a few things I was requesting to my response previously as well, that were more on the cPanel end of things