The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DNSonly port 2087 problem. Very weird problem

Discussion in 'Bind / DNS / Nameserver Issues' started by web2corp, Apr 27, 2006.

  1. web2corp

    web2corp Member

    Joined:
    Mar 28, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    All of the machines quoted below are running CentOS 4.3 (Redhat Enterprise 4) with kernel 2.34

    Here's the deal. I need to offload the DNS from our new cpanel box onto a seperate machine for redundancy and because we will be adding more cpanel boxes very soon. I read about the DNSonly install and decided to try it out. I was finally able to get a successful install onto a Dell 6450 (Older quad CPU 4 rack space machine). The problem I experienced with that install was realperlinstaller hanging at the end and not installing all of the necessary packages. I foudn the thread on this forum that gave instructions for which packages to install and it finalyl worked.

    Here's the problem I am having now, and it's a weird one. I need to offload NS2 also, so I tried to install it on a Dell 600SC (P4 2.4, 1 gig of ram). The installer actualyl finished, no realperlinstaller hang at the end. I was happy. I then tried to set up the DNScluster and none of the other machines could connect on port 2087. I looked through this forum, and have tried every soultion posted, to no avail. Nothing is listening on port 2087. stunnel is not logging anything but startup succeded in the logs. Nothing in messages. No kernel panics, no hanging processes. Nothing. It should work.

    Next thing I tried was to install it on a completely seperate machine. This machine is an older dual proc pIII 500 with 512 megs of ram. Exact same result. No errors, nothing abnormal in the logs, nadda. I am at my wits end, and I need to get these nameservers offloaded.

    Does anyone have any ideas? I purchased my licenses directly from cpanel, so do you think they would respond to a ticket for the dns-only install? It's free so I highly doubt they support it. I just need someone to point me in the right direction. I have been administering linux for a long time, and I have never seen anything like this.

    Thanks for your help,

    Brandon
    110 Media Group inc.
    Web1000.com
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I would imagine they would support you since you have direct licenses anyway.

    As for port 2087, make sure it's bound to stunnel:

    netstat -lpn | grep 2087

    If it is, do you have a local OS firewall blocking the port perhaps (quite common on plain OS installs):

    iptables -L -n
     
  3. olliemaitland

    olliemaitland Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Hey web2corp...

    I too have installed DNS ONLY on a new box (RHEL4) to serve as a redundant nameserver. I previously was running RHEL3 on the machine and everything ran ok.

    stunnel keeps stopping...so i use:

    Code:
    /usr/sbin/stunnel /usr/local/cpanel/etc/stunnel/default/stunnel.conf
    
    to get it going again which solves my problems with connetions on 2087.

    The problem I get is that if I try to sync the zones to the server using the fast sync it hammered (100% CPU) on both boxes. There are only about 100 domains to sync. I reinstalled using upcp --force and then sync'd using the v1 (slow) method... I'm still waiting for this to finish but it looks like it has worked...I'll keep you posted :)

    But let me know if you find a resolution to you problem as it sounds similar to mine. (I'm not running SELINUX in enforcing mode either)
     
  4. olliemaitland

    olliemaitland Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Just to report on using the v1 method; that seemed to do the trick and how the server reports as authoritive for the domains.
     
  5. web2corp

    web2corp Member

    Joined:
    Mar 28, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    We don't have a firewall per se, but we do some port filtering on our main pipe (100 meg). I know it's not a filtering issue, because 1 it's router level, and all of this traffic remains internal and doesn't hit the router, and 2, the other box is working fine (The quad CPU, NS1).

    Nothing is listening on 2087, and I have tried starting stunnel by hand using /usr/sbin/stunnel /usr/local/cpanel/etc/stunnel/default/stunnel.conf.

    Something that I just noticed that seems a little strange is in /usr/local/cpanel/etc there is a file called stunnel.cnf. Stunnel won't run using that (It errors on line 3, so I don't think it's a configuration file)

    I will submit a ticket to cpanel. I was hoping on spending today resolving this, but found myself wading through other issues with other products (any systems person on this forum understands how easily that happens)

    Thanks for all the suggestions, and I will keep this thread updated with whatever cpanel comes back with. The one other ticket I submitted to them they were very very friendly, and someone else has had to have this issue before.

    Thanks again,

    Brandon
     
  6. web2corp

    web2corp Member

    Joined:
    Mar 28, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Cpanel Support ROCKS!

    Man these cpanel guys know their products. It's so good to deal with a support department that actually has a clue. Here is their reply:

    Hi Brandon,

    Thank you for your detailed ticket. Stunnel should now be running on your
    server and listening on port 2087.

    root@localhost [/usr/local/cpanel]# netstat -nlp | grep 2087
    tcp 0 0 0.0.0.0:2087 0.0.0.0:*
    LISTEN 3315/stunnel-4.04lo

    There were a couple of problems... one was that cPanel's stunnel script was
    looking for a different cpanel binary than what your distribution had
    installed. I changed this by creating a symbolic link to the expected
    destination:

    root@localhost [/usr/local/cpanel]# ln -s /usr/sbin/stunnel
    /usr/bin/stunnel-4.04local

    Additionally, stunnel would not start because the certificate file
    /usr/local/cpanel/etc/cpanel.pem was missing. I re-build this with the
    following command:

    root@localhost [/usr/local/cpanel]# /scripts/rebuildcpanelsslcrt

    Afterwards I was able to start stunnel successfully using the command:

    root@localhost [/usr/local/cpanel]# /usr/local/cpanel/startstunnel

    Please verify that this is now working and let me know if you have any further
    questions. Thank you.


    Hopefully this information can help anyone else that has this issue.

    Thanks again for everyone's help. This forum has been a wealth of information (Especially Chirpy, keep up the good work)

    Brandon
     
  7. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    Interesting to read that the DNS-only version is free. I had wondered about the price for DNS-only simply because it's not listed anywhere!
     
  8. web2corp

    web2corp Member

    Joined:
    Mar 28, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I know, it's perfect for our situation as it allows us to scale up as our needs fit without worrying about keeping up with multiple name servers (Other than the 2) We are buying another datacenter, so I am going to pop one of these boxes in that center so we can have geographically separated dns, which will help with uptime substantially.

    The next step is to find a way to build this new cpanel cluster like my other clusters here with failover, GFS and the Redhat Cluster Suite. I'm already using GFS to connect our cpanel machines to a 2 TB array, it's just figuring all of the inner workings of cpanel. That project is still a ways off though.
     
  9. Imai

    Imai Well-Known Member

    Joined:
    Aug 11, 2003
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Thank You

    Thanks a lot for sharing this.
    I already spent 3 hours trying to figure this out.
     
  10. gutizz

    gutizz Member

    Joined:
    Jun 14, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    run Reset Server Certificates on DNSOnly server WHM will solve this issue.
     
Loading...

Share This Page