SOLVED PowerDNS shows down on Server Status after received email PowerDNS Configuration updated.

Operating System & Version
CENTOS 7.9 virtuozzo [sco]
cPanel & WHM Version
v94.0.2

rickscotch

Member
Mar 10, 2021
6
0
1
Concord, CA
cPanel Access Level
Root Administrator
I received the email below from CPanel regarding my website. Now it's down. I'm in the process of Propagation with my hosting service but after 6 hours its still down.

In my Service Status report in WHM (see attached) it shows down. How can I resolve this issue?

Thank you

[migrate-pdns-conf] Updated PowerDNS Configuration on
The system disabled the following invalid configuration directives:

Disabled configuration directives​
local-ipv6=::

The system renamed the following configuration directives:

Old​
New​
local-ipv6-nonexist-faillocal-address-nonexist-fail
 

Attachments

Last edited by a moderator:

rickscotch

Member
Mar 10, 2021
6
0
1
Concord, CA
cPanel Access Level
Root Administrator
Hey there! It sounds like this may be your issue:


Can you speak with your host about the kernel version to see if that is the case?
So frustrating. I keep getting wrong credentials when logging into the cPanelID. I've reset my password and it stills say wrong credentials.

Could you please copy and paste that article? I truly appreciate this.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,148
784
313
cPanel Access Level
Root Administrator
Sure thing! Here's the important parts:

Code:
Description

This issue is caused by PowerDNS attempting to bind to an IPv6 port but failing because IPv6 is disabled.

We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-36101. Follow this article to receive an email notification when a solution is published in the product.
 
Workaround
 
Add the following line to your PowerDNS configuration file at - /etc/pdns/pdns.conf:

local-address=0.0.0.0

and then restart your PowerDNS service with:

/scripts/restartsrv_pdns
 

rickscotch

Member
Mar 10, 2021
6
0
1
Concord, CA
cPanel Access Level
Root Administrator
You're welcome! If they aren't able to get to that quickly you can switch the machine to BIND to get things working.
Would that mess up anything because I saw that and it warned me "If you switch your nameserver away from PowerDNS, your DNS server will no longer serve DNSSEC records." I've attached the screenshot when I pick BIND.
 

Attachments

rickscotch

Member
Mar 10, 2021
6
0
1
Concord, CA
cPanel Access Level
Root Administrator
Another novice(stupid) set of questions.
How do I know if I have DNSSEC records in place? Could I check somewhere on the CPanel?

Also if I do change it to BIND would it be okay to change it back afterward? You are truly great for helping me out with this. Thank you
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,148
784
313
cPanel Access Level
Root Administrator
Sure - people flip between the two versions for testing all the time, as that will not hurt anything.

DNSSEC records are basically security keys that get added to the registrar. If you don't recall manually setting up keys and placing them at your registrar, you wouldn't have any of those enabled. You can see if there are any keys in the Zone Editor for cPanel, and there are more details about this tool here:

 

samuelldrew

Registered
Mar 25, 2021
2
1
3
Kent, OH
cPanel Access Level
Root Administrator
It worked. It's crazy. I'm with Hostgator with their VPS package, and they still haven't fixed the issue 36 hours later now.

You were the one that fixed the issue. Thank you, thank you.
We have a VPS with HostGator as well, and it's been 24 hours without remedy or even an update about this. Even after I provided the workaround, all that they said it that they'll add it to the case notes. How were you able to do this yourself? I can't wait any longer; we have angry clients who are ready to leave us. Did you do the workaround or just switch it to BIND?
 
Last edited:

samuelldrew

Registered
Mar 25, 2021
2
1
3
Kent, OH
cPanel Access Level
Root Administrator
If you aren't getting good support from the host it would be best to just switch to BIND. Even if you have DNSSEC records, having those not work while the rest of your DNS works is at least some progress.
Yeah; that's what I ended up doing just to get it working again. Having to wait 24 or even 36 hours for something that seems like would take a minute is a terrible way to run a support department.
 
  • Like
Reactions: cPRex