In Progress CPANEL-42193 - Delete dns zones not in server

[speckados]

Hi.

- For error I setup one server in a relation with DNS cluster.
- Now server has ALL zones in cluster.
- Now I setup server in Write-only mode and verify that in second DNS (cluster) there not a reverse relation with this server
- Try clean up DNS but system not clean zones not owned by server

How can I remove all zones not owned by server?

 

[cPanelLauren]

This might work:

/scripts/autorepair unmanaged_zones

I ran it on my own server to be sure it's still valid

Writing unmanaged/unauthoritative domains to /etc/unmanaged_zones
To remove any unmanaged domains from this system please edit /etc/unmanaged_zones
and remove any domains that you wish to have removed and run /scripts/unmanaged_zones.
Zones added through the WHM directly will be included in this list. Please review the zones
listed in the file carefully and ensure that they should be removed before deleting their
respective entries in /etc/unmanaged_zones.

The thread (it's quite old) goes over its use a bit: dns mess

 

[speckados]

A lot of thanks. Work fine.

 

[speckados]

Not work or I don't understand.

Run script

Writing unmanaged/unauthoritative domains to /etc/unmanaged_zones
To remove any unmanaged domains from this system please edit /etc/unmanaged_zones
and remove any domains that you wish to have removed and run /scripts/unmanaged_zones.
Zones added through the WHM directly will be included in this list. Please review the zones
listed in the file carefully and ensure that they should be removed before deleting their
respective entries in /etc/unmanaged_zones.
Done
...Auto Repair is done.

Verify that all domains in /etc/unmanaged_zones are not managed my server (create script for this)
At end file

Re-run

Requesting script ... info [autorepair] Successfully verified signature for cpanel (key types: release).
Done
Auto Repair is running...The following zones are not directly managed by this server:
....

...Auto Repair is done.

At start 387, at end same 387 zones.

 

[4u123]

When you create the list by running /scripts/autorepair unmanaged_zones it adds the list of zones to a file... /etc/unmanaged_zones - then it generates a script... /scripts/unmanaged_zones specifically for that file.

You have to delete idividually from the /etc/unmanaged_zones file the zones you no longer want on the server - or empty the file completely. Then run /scripts/unmanaged_zones and it will remove the zones for you. If you want to start again, you must delete both /etc/unmanaged_zones and /scripts/unmanaged_zones then run /scripts/autorepair unmanaged_zones again.

I want to do this on all my servers but unfortunately when I try to run the script I get this...

# /scripts/unmanaged_zones
Bareword found where operator expected at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 30, near "m/^(?:\d+|-1)$/a"
syntax error at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 30, near "m/^(?:\d+|-1)$/a "
syntax error at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 34, near "else"
Global symbol "$uid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 35.
Global symbol "$uid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 35.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 38.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 38.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 38.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 39.
Global symbol "$uid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 39.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 41.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 42.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 42.
Global symbol "$uid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 45.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 46.
Global symbol "@files" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 50.
Global symbol "$uid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 65.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 65.
Global symbol "$uid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 66.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 66.
Global symbol "$count" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 69.
Global symbol "$count" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 72.
syntax error at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 73, near "}"
/usr/local/cpanel/Cpanel/SafetyBits/Chown.pm has too many errors.
Compilation failed in require at /usr/local/cpanel/Cpanel/SafetyBits.pm line 14.
BEGIN failed--compilation aborted at /usr/local/cpanel/Cpanel/SafetyBits.pm line 14.
Compilation failed in require at /usr/local/cpanel/Cpanel/DNSLib.pm line 18.
BEGIN failed--compilation aborted at /usr/local/cpanel/Cpanel/DNSLib.pm line 18.
Compilation failed in require at /scripts/unmanaged_zones line 10.

 

[4u123]

@cPanelLauren I wonder if you could possibly find out from your dev team if the /scripts/autorepair unmanaged_zones script is currently broken? Running the script it produces.... /scripts/unmanaged_zones results in the errors I've pasted above. We'd really like to use this script but it's not working.

 

[cPanelLauren]

Hi @4u123

I'm trying to replicate the issue before i discuss this with anyone further but I'm not experiencing the same issue when running the autorepair:

[[email protected] ~]# /scripts/autorepair unmanaged_zones
Requesting script ... info [autorepair] Successfully verified signature for cpanel (key types: release).
Done
Auto Repair is running...The following zones are not directly managed by this server:
centos7.11-80-0-18.tld
ns1.test.tech
ns2.test.tech
server.test.tech
server.test.us




Writing unmanaged/unauthoritative domains to /etc/unmanaged_zones
To remove any unmanaged domains from this system please edit /etc/unmanaged_zones
and remove any domains that you wish to have removed and run /scripts/unmanaged_zones.
Zones added through the WHM directly will be included in this list. Please review the zones
listed in the file carefully and ensure that they should be removed before deleting their
respective entries in /etc/unmanaged_zones.
Done
...Auto Repair is done.

Then I ran /scripts/unmanaged_zones

[[email protected] ~]# /scripts/unmanaged_zones --help
JSON::XS is missing the no_set_utf8 flag at /usr/local/cpanel/Cpanel/JSON.pm line 172.
The following zones are not directly managed by this server:

centos7.11-80-0-18.tld
ns1.test.tech
ns2.test.tech
server.test.tech
server.test.us

The following zones are subject to removal:
centos7.11-80-0-18.tld, ns1.test.tech, ns2.test.tech, server.test.tech, server.test.us
Would you like to remove the zone files and entries in /etc/named.conf for the unauthoritative zones on this server only? (y/n)  y
Will remove 5 zones
Removing zones ...
centos7.11-80-0-18.tld => deleted from server.
ns1.test.tech => deleted from server.
ns2.test.tech => deleted from server.
server.test.tech => deleted from server.
server.test.us => deleted from server.
Done.

 

[4u123]

Ok thank you for taking the time to look into it for me.

I tested this randomly on three of our CL6 based servers and had the same error result - but it works fine on CL7 servers. So it seems the error is specific to servers running version 6.

 

[cPanelLauren]

Ahh Ok, let me test it on CL 6 as I only tested on CentOS 7. I know we've talked about your servers before but I just didn't remember what you were on.

 

[cPanelLauren]

I've been able to replicate this @4u123

[[email protected] ~]# /scripts/autorepair unmanaged_zones
Requesting script ... info [autorepair] Successfully verified signature for cpanel (key types: release, development).
Done
Auto Repair is running...The following zones are not directly managed by this server:
cl6.test.tld
cloudlinux6.11-88-0-9.tld
install.narcissus.test.tld




Writing unmanaged/unauthoritative domains to /etc/unmanaged_zones
To remove any unmanaged domains from this system please edit /etc/unmanaged_zones
and remove any domains that you wish to have removed and run /scripts/unmanaged_zones.
Zones added through the WHM directly will be included in this list. Please review the zones
listed in the file carefully and ensure that they should be removed before deleting their
respective entries in /etc/unmanaged_zones.
Done
...Auto Repair is done.

[[email protected] ~]# /scripts/unmanaged_zones
Bareword found where operator expected at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 30, near "m/^(?:\d+|-1)$/a"
syntax error at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 30, near "m/^(?:\d+|-1)$/a "
syntax error at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 34, near "else"
Global symbol "$uid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 35.
Global symbol "$uid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 35.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 38.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 38.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 38.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 39.
Global symbol "$uid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 39.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 41.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 42.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 42.
Global symbol "$uid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 45.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 46.
Global symbol "@files" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 50.
Global symbol "$uid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 65.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 65.
Global symbol "$uid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 66.
Global symbol "$gid" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 66.
Global symbol "$count" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 69.
Global symbol "$count" requires explicit package name at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 72.
syntax error at /usr/local/cpanel/Cpanel/SafetyBits/Chown.pm line 73, near "}"
/usr/local/cpanel/Cpanel/SafetyBits/Chown.pm has too many errors.
Compilation failed in require at /usr/local/cpanel/Cpanel/SafetyBits.pm line 14.
BEGIN failed--compilation aborted at /usr/local/cpanel/Cpanel/SafetyBits.pm line 14.
Compilation failed in require at /usr/local/cpanel/Cpanel/DNSLib.pm line 18.
BEGIN failed--compilation aborted at /usr/local/cpanel/Cpanel/DNSLib.pm line 18.
Compilation failed in require at /scripts/unmanaged_zones line 10.
[[email protected] ~]#

I also believe I know why this is happening. CentOS 6 and CL 6 are both using an older Perl version and the script is by default using the system Perl instead of cPanel's Perl. To resolve this run it calling cPanel's Perl directly as follows:

[[email protected] ~]# /usr/local/cpanel/3rdparty/bin/perl /scripts/unmanaged_zones
The following zones are not directly managed by this server:

cl6.test.tld
cloudlinux6.11-88-0-9.tld
install.narcissus.test.tld

The following zones are subject to removal:
cl6.test.tld, cloudlinux6.11-88-0-9.tld, install.narcissus.test.tld
Would you like to remove the zone files and entries in /etc/named.conf for the unauthoritative zones on this server only? (y/n)  y
Will remove 3 zones
Removing zones ...
cl6.test.tld => deleted from cloudlinux6.
cloudlinux6.11-88-0-9.tld => deleted from cloudlinux6.
install.narcissus.test.tld => deleted from cloudlinux6.
Done.
[[email protected] ~]#

 

[4u123]

Ahah! great, thank you!

 

[Kent Brockman]

Hi there guys. I had the same issue but I needed to run the suggested path although I'm on CL7:
/usr/local/cpanel/3rdparty/bin/perl /scripts/unmanaged_zones

Will you fix this script maybe?

 

[cPRex]

@Kent Brockman - can you let me know what issue you're seeing with that? You will need to install the tool first with this command:

/scripts/autorepair unmanaged_zones

but then the script should be available to you. Is that not working on your end?

 

[Kent Brockman]

Yes yes, I was able to run it, using the suggested change in Perl path: /usr/local/cpanel/3rdparty/bin/perl

 

[Kent Brockman]

For the sake of curiosity, I'd like to share the full list of commands I recently used. I've run this on dozens of server and it greatly cleaned out old unneeded DNS entries:

rm -drf /scripts/unmanaged_zones /etc/unmanaged_zones && /scripts/autorepair unmanaged_zones && rm -drf /etc/unmanaged_zones && touch /etc/unmanaged_zones && /scripts/unmanaged_zones

It's a chain of commands that will ensure old cleaning attempts are reset first and then autoclean the registry. You only have to confirm the cleaning process by choosing Y or N as the /scripts/unmanaged_zones script will require. It's a leap of faith, yes. But it worked greatly in my servers.

What I need now is to clean DNS entries for no longer existent domains within the DNS Only servers. How can this be performed? Should I run this script onto the DNS Only servers to delete ALL domains and then synchronize all domains in every other server to the cluster? Does DNS Only have any maintanance script that could identify domains in no longer existent servers or domains that no longer exists in any server?

Thanks

 

[Kent Brockman]

What I need now is to clean DNS entries for no longer existent domains within the DNS Only servers. How can this be performed? Should I run this script onto the DNS Only servers to delete ALL domains and then synchronize all domains in every other server to the cluster? Does DNS Only have any maintanance script that could identify domains in no longer existent servers or domains that no longer exists in any server?

@cPRex, any ideas about this?

 

[cPRex]

I actually don't have any good ideas about this one. The unmanaged_zones tool is designed to handle data on the webservers, but not on the DNSOnly systems.

I think the more interesting issue is how you ended up with unmanaged zones in both places.

The good news, is that extra zones on the nameserver shouldn't really matter - they'll just sit there, and nothing will ever read them. You could try and use the unmanaged_zones tool there, but please make sure you have backups.

 

[Kent Brockman]

Ok, no, unmanaged zones script is dangerous on DNS Only server because it would delete ALL the stored entries. Then you should run Syncrhonize DNS Records from every child server, in "all records to all servers" mode. But it's a very hard manual job.

I think the more interesting issue is how you ended up with unmanaged zones in both places.

Just an incorrect setup, from a time in which documentation was misunderstood due to its lack of clarity and then all servers were in sync with each others, rather than Write-Only to DNS servers...

 

[Kent Brockman]

@cPRex:
I'm seeing the /scripts/autorepair unmanaged_zones has an important bug: it also delete the hostname that you may previously have added using the WHM interface "Add an A Entry for Your Hostname", and that's a no-no. This should be kept as some hostnames may contain important information in form of TXT entries. Not to mention that this destroy the DKIM and SPF signatures for that server.

Please provide a fast way to rebuild this mess by using console commands to:
- Add the A Entry for the Hostname.
- Create DKIM and SPF entries for that hostname.
- Synchronize the zone to the Cluster.

Thanks in advance

 

[cPRex]

Thanks for bringing this up. I'll do some testing and I'll let you know!