Hi guys,
Hope someone can help. This issue is more in relation to CSF than WHM but I thought I'd ask here as the people here are super helpful and I've always managed to find a solution on this forum.
I have WHM + CSF installed on a CentOS server, and it's come to my attention we've had issues with some limited mail flow, and a few visitors trying to visit their websites.
Long story short, we came to the conclusion that Google DNS is having trouble resolving any domains on my server. One example is
When I run a dig command using any other DNS server such as open DNS, I get this result:
As you can see, in the Answer section, the IP 66.187.xx.xxx is retreived. Which is the IP for the server ms1.exampletoo.com.au.
However, when I use either 8.8.8.8 or 8.8.4.4, this is the result:
Now, the reason I think CSF has something to do with it, is because as soon as I disable csf, the Google command instantly works and no more issues. Then when I re-enable csf, the issue re-occurs.
The command I use to diable csf is just csf -x.
Port 53 is open on TCP and UDP - both incoming and outgoing - both IP4 and IP6.
Other than that, I dont know how to figure this out and it's becoming urgent.
One thing that should be noted is that adding the following line to /etc/csf/csfpre.sh seemed to fix the issue, but I do not know what the line does and don't want to use it if it leaves the server vulnerable.
Any help would be very much appreciated. Thank you.
Regards,
Hays
Hope someone can help. This issue is more in relation to CSF than WHM but I thought I'd ask here as the people here are super helpful and I've always managed to find a solution on this forum.
I have WHM + CSF installed on a CentOS server, and it's come to my attention we've had issues with some limited mail flow, and a few visitors trying to visit their websites.
Long story short, we came to the conclusion that Google DNS is having trouble resolving any domains on my server. One example is
When I run a dig command using any other DNS server such as open DNS, I get this result:
Code:
>dig @208.67.xxx.xxx example.com.au
; <<>> DiG 9.12.2 <<>> @208.67.xxx.xxx example.com.au
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34338
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com.au. IN A
;; ANSWER SECTION:
example.com.au. 14400 IN A 66.187.xx.xxx
;; Query time: 579 msec
;; SERVER: 208.67.xxx.xxx#53(208.67.xxx.xxx)
;; WHEN: Thu Sep 06 14:14:57 AUS Eastern Standard Time 2018
;; MSG SIZE rcvd: 61
However, when I use either 8.8.8.8 or 8.8.4.4, this is the result:
Code:
>dig @8.8.8.8 example.com.au
; <<>> DiG 9.12.2 <<>> @8.8.8.8 example.com.au
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 60005
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;example.com.au. IN A
;; Query time: 15 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Sep 06 14:13:10 AUS Eastern Standard Time 2018
;; MSG SIZE rcvd: 45
The command I use to diable csf is just csf -x.
Port 53 is open on TCP and UDP - both incoming and outgoing - both IP4 and IP6.
Other than that, I dont know how to figure this out and it's becoming urgent.
One thing that should be noted is that adding the following line to /etc/csf/csfpre.sh seemed to fix the issue, but I do not know what the line does and don't want to use it if it leaves the server vulnerable.
Code:
/sbin/iptables -I INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
Any help would be very much appreciated. Thank you.
Regards,
Hays
Last edited by a moderator: