DNSonly port 2087 problem. Very weird problem

[web2corp]

Hello,

All of the machines quoted below are running CentOS 4.3 (Redhat Enterprise 4) with kernel 2.34

Here's the deal. I need to offload the DNS from our new cpanel box onto a seperate machine for redundancy and because we will be adding more cpanel boxes very soon. I read about the DNSonly install and decided to try it out. I was finally able to get a successful install onto a Dell 6450 (Older quad CPU 4 rack space machine). The problem I experienced with that install was realperlinstaller hanging at the end and not installing all of the necessary packages. I foudn the thread on this forum that gave instructions for which packages to install and it finalyl worked.

Here's the problem I am having now, and it's a weird one. I need to offload NS2 also, so I tried to install it on a Dell 600SC (P4 2.4, 1 gig of ram). The installer actualyl finished, no realperlinstaller hang at the end. I was happy. I then tried to set up the DNScluster and none of the other machines could connect on port 2087. I looked through this forum, and have tried every soultion posted, to no avail. Nothing is listening on port 2087. stunnel is not logging anything but startup succeded in the logs. Nothing in messages. No kernel panics, no hanging processes. Nothing. It should work.

Next thing I tried was to install it on a completely seperate machine. This machine is an older dual proc pIII 500 with 512 megs of ram. Exact same result. No errors, nothing abnormal in the logs, nadda. I am at my wits end, and I need to get these nameservers offloaded.

Does anyone have any ideas? I purchased my licenses directly from cpanel, so do you think they would respond to a ticket for the dns-only install? It's free so I highly doubt they support it. I just need someone to point me in the right direction. I have been administering linux for a long time, and I have never seen anything like this.

Thanks for your help,

Brandon
110 Media Group inc.
Web1000.com

 

[chirpy]

I would imagine they would support you since you have direct licenses anyway.

As for port 2087, make sure it's bound to stunnel:

netstat -lpn | grep 2087

If it is, do you have a local OS firewall blocking the port perhaps (quite common on plain OS installs):

iptables -L -n

 

[olliemaitland]

Hey web2corp...

I too have installed DNS ONLY on a new box (RHEL4) to serve as a redundant nameserver. I previously was running RHEL3 on the machine and everything ran ok.

stunnel keeps stopping...so i use:

/usr/sbin/stunnel /usr/local/cpanel/etc/stunnel/default/stunnel.conf

to get it going again which solves my problems with connetions on 2087.

The problem I get is that if I try to sync the zones to the server using the fast sync it hammered (100% CPU) on both boxes. There are only about 100 domains to sync. I reinstalled using upcp --force and then sync'd using the v1 (slow) method... I'm still waiting for this to finish but it looks like it has worked...I'll keep you posted

But let me know if you find a resolution to you problem as it sounds similar to mine. (I'm not running SELINUX in enforcing mode either)

 

[olliemaitland]

Just to report on using the v1 method; that seemed to do the trick and how the server reports as authoritive for the domains.

 

[web2corp]

We don't have a firewall per se, but we do some port filtering on our main pipe (100 meg). I know it's not a filtering issue, because 1 it's router level, and all of this traffic remains internal and doesn't hit the router, and 2, the other box is working fine (The quad CPU, NS1).

Nothing is listening on 2087, and I have tried starting stunnel by hand using /usr/sbin/stunnel /usr/local/cpanel/etc/stunnel/default/stunnel.conf.

Something that I just noticed that seems a little strange is in /usr/local/cpanel/etc there is a file called stunnel.cnf. Stunnel won't run using that (It errors on line 3, so I don't think it's a configuration file)

I will submit a ticket to cpanel. I was hoping on spending today resolving this, but found myself wading through other issues with other products (any systems person on this forum understands how easily that happens)

Thanks for all the suggestions, and I will keep this thread updated with whatever cpanel comes back with. The one other ticket I submitted to them they were very very friendly, and someone else has had to have this issue before.

Thanks again,

Brandon

 

[web2corp]

Cpanel Support ROCKS!

Man these cpanel guys know their products. It's so good to deal with a support department that actually has a clue. Here is their reply:

Hi Brandon,

Thank you for your detailed ticket. Stunnel should now be running on your
server and listening on port 2087.

[email protected] [/usr/local/cpanel]# netstat -nlp | grep 2087
tcp 0 0 0.0.0.0:2087 0.0.0.0:*
LISTEN 3315/stunnel-4.04lo

There were a couple of problems... one was that cPanel's stunnel script was
looking for a different cpanel binary than what your distribution had
installed. I changed this by creating a symbolic link to the expected
destination:

[email protected] [/usr/local/cpanel]# ln -s /usr/sbin/stunnel
/usr/bin/stunnel-4.04local

Additionally, stunnel would not start because the certificate file
/usr/local/cpanel/etc/cpanel.pem was missing. I re-build this with the
following command:

[email protected] [/usr/local/cpanel]# /scripts/rebuildcpanelsslcrt

Afterwards I was able to start stunnel successfully using the command:

[email protected] [/usr/local/cpanel]# /usr/local/cpanel/startstunnel

Please verify that this is now working and let me know if you have any further
questions. Thank you.


Hopefully this information can help anyone else that has this issue.

Thanks again for everyone's help. This forum has been a wealth of information (Especially Chirpy, keep up the good work)

Brandon

 

[webignition]

I purchased my licenses directly from cpanel, so do you think they would respond to a ticket for the dns-only install? It's free so I highly doubt they support it.

Interesting to read that the DNS-only version is free. I had wondered about the price for DNS-only simply because it's not listed anywhere!

 

[web2corp]

I know, it's perfect for our situation as it allows us to scale up as our needs fit without worrying about keeping up with multiple name servers (Other than the 2) We are buying another datacenter, so I am going to pop one of these boxes in that center so we can have geographically separated dns, which will help with uptime substantially.

The next step is to find a way to build this new cpanel cluster like my other clusters here with failover, GFS and the Redhat Cluster Suite. I'm already using GFS to connect our cpanel machines to a 2 TB array, it's just figuring all of the inner workings of cpanel. That project is still a ways off though.

 

[Imai]

Thank You

Thanks a lot for sharing this.
I already spent 3 hours trying to figure this out.

 

[gutizz]

run Reset Server Certificates on DNSOnly server WHM will solve this issue.