Skizzerz

Registered
May 25, 2015
2
0
51
Texas
cPanel Access Level
Root Administrator
Couldn't find the bugtracker, so leaving this here instead:

When cPanel is trying to determine if a domain can be added, it sends off a DNS query to get the nameservers of the target domain. However, if the nameserver it is querying uses recursion, this could result in a timeout followed by showing the end user the error message "Unable to add the domain name − Sorry, the domain is already pointed to an IP address that does not appear to use DNS servers associated with this server. Please transfer the domain to this servers nameservers or have your administrator add one of its nameservers to /etc/ips.remotedns and make the proper A entries on that remote nameserver."

When making these queries (sub _dig in /usr/local/cpanel/Cpanel/DnsRoots.pm), cPanel should specify that recursion is disabled for the query so that the target nameserver does not attempt to recurse the query. Otherwise if the user has their nameservers set correctly, the target server will attempt to recurse back to the cPanel server, which obviously doesn't have a zone for the domain since it hasn't been added yet. I've attached the results of two digs to illustrate this.

Code:
[email protected] [~]# dig @a.nic.io domain.io NS

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> @a.nic.io domain.io NS
; (2 servers found)
;; global options: +cmd
;; connection timed out; no servers could be reached

[email protected] [~]# dig @a.nic.io +norecurse domain.io NS

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> @a.nic.io +norecurse domain.io NS
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17757
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;domain.io. IN NS

;; AUTHORITY SECTION:
domain.io. 86400 IN NS ns1.dmain.com.
domain.io. 86400 IN NS ns2.dmain.com.

;; Query time: 41 msec
;; SERVER: 64.251.31.179#53(64.251.31.179)
;; WHEN: Tue May 19 01:55:48 2015
;; MSG SIZE rcvd: 82
As can be seen from the above output, the a.nic.io nameserver recurses by default, so when trying to add a .io domain as an addon/parked domain, a.nic.io then attempts to query our own nameservers, which times out due to not having a zone for the domain yet.

The fix for this is quite simple, see the provided patch file for /usr/local/cpanel/Cpanel/DnsRoots.pm (patch was made against cPanel 11.48)
Code:
--- Cpanel/DnsRoots.pm  2013-05-14 10:47:06.000000000 -0400
+++ Cpanel/DnsRoots.pm  2015-05-25 01:36:46.387241016 -0400
@@ -402,6 +402,7 @@
         if ($rNSIPS) {
             $res->nameservers( @{$rNSIPS} );
         }
+        $res->recurse(0);
         my $answer;
         if ($record) {
             $answer = $res->send( $query, $record, 'IN' );
@@ -427,6 +428,7 @@
                 }
                 push @DIGCMD, '@' . $rNSIPS->[0];
             }
+            push @DIGCMD, '+norecurse';
             push @DIGCMD, $query;
             if ($record) {
                 push @DIGCMD, $record;
Would appreciate if this fix could land in 11.48, but if we need to wait for 11.50 that should be fine as well, there are workarounds that we can manually apply for the affected users (and I may try editing the .pm file myself on a test server to see if that applies the proper fix and doesn't break upgrades).
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello,

Internal case number 189689 has been opened to address this issue. There's currently no time frame for a resolution, but you can monitor our change logs for this case number to see when a resolution has been released:

cPanel - Change Logs

Thank you.