Joe Gold

Oct 31, 2018
Las Vegas
cPanel Access Level
Root Administrator
On (1) of (4), identical WHM server configurations, I started having problems over the last few weeks with DNS issues. It started first with nightly notifications of "Failed UPCP update". Then I started getting complaints that customers were getting their IP addresses banned. Then AutoSSL stopped being able to update. I asked Cpanel's amazing support team to investigate and they found that when they executed:

for i in {a..m}; do echo -n "$ "; dig -4 "$i" @"$i" +short;done
That several of the root servers were being blocked. They also found when executing:

dig version.bind txt chaos +short
that "the server's nat configuration is not properly configured for loopback (hairpin)" -- [when you run that the response is "connection timed out; no servers could be reached"]

Cpanel support concluded that this was a network issue by the provider. The provider is AWS, and after some quick investigation, I was able to conclude this was not the case.

After a lot of troubleshooting, I did find out that if I disabled CSF firewall, none of these DNS issues occur any longer. However, once it's enabled, the problem occurs. I've tried comparing my CSF config with my other identical servers and it is the same. I cleared all current IP blocks from CSF and this did not help. I also whitelisted all (11) root server IP's in CSF and this cleared up that issue.

However, I still have the UPCP update issue. I also still have the NAT issue. The AutoSSL issue still also occurs with CSF on too.

I've spent hours trying to figure out why this (1) server out of (4) is the only one having these issues. I've also tried configuring NAT in CSF (something that is not configured in CSF for the the other (3) servers) but that did not help either.

Does anyone have any suggestions on what I should try to resolve these problems?

NOTE: all servers are running ConfigServer Security & Firewall - csf v14.01 and WHM - v84.0.21.

Thank you very much!
Last edited:


Well-Known Member
Nov 20, 2014
cPanel Access Level
Root Administrator
If your'e confident that it's CSF related, have you tried exporting the config from one server to another.
Rather than comparing ?