SOLVED PowerDNS shows down on Server Status after received email PowerDNS Configuration updated.

[rickscotch]

I received the email below from CPanel regarding my website. Now it's down. I'm in the process of Propagation with my hosting service but after 6 hours its still down.

In my Service Status report in WHM (see attached) it shows down. How can I resolve this issue?

Thank you

[migrate-pdns-conf] Updated PowerDNS Configuration on

The system disabled the following invalid configuration directives: Disabled configuration directives​ local-ipv6=:: The system renamed the following configuration directives: Old​ New​ local-ipv6-nonexist-fail local-address-nonexist-fail

 

[cPRex]

Hey there! It sounds like this may be your issue:

cPanel

support.cpanel.net

Can you speak with your host about the kernel version to see if that is the case?

 

[rickscotch]

Hey there! It sounds like this may be your issue:

cPanel

support.cpanel.net

Can you speak with your host about the kernel version to see if that is the case?

So frustrating. I keep getting wrong credentials when logging into the cPanelID. I've reset my password and it stills say wrong credentials.

Could you please copy and paste that article? I truly appreciate this.

 

[cPRex]

Sure thing! Here's the important parts:

Description

This issue is caused by PowerDNS attempting to bind to an IPv6 port but failing because IPv6 is disabled.

We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-36101. Follow this article to receive an email notification when a solution is published in the product.
 
Workaround
 
Add the following line to your PowerDNS configuration file at - /etc/pdns/pdns.conf:

local-address=0.0.0.0

and then restart your PowerDNS service with:

/scripts/restartsrv_pdns

 

[rickscotch]

Thank you for sending that. I'm still waiting on my hosting provider to take care of that.

 

[cPRex]

You're welcome! If they aren't able to get to that quickly you can switch the machine to BIND to get things working.

 

[rickscotch]

You're welcome! If they aren't able to get to that quickly you can switch the machine to BIND to get things working.

Would that mess up anything because I saw that and it warned me "If you switch your nameserver away from PowerDNS, your DNS server will no longer serve DNSSEC records." I've attached the screenshot when I pick BIND.

 

[cPRex]

That's the only change - if you don't have DNSSEC records in place, you won't notice a difference.

 

[rickscotch]

Another novice(stupid) set of questions.
How do I know if I have DNSSEC records in place? Could I check somewhere on the CPanel?

Also if I do change it to BIND would it be okay to change it back afterward? You are truly great for helping me out with this. Thank you

 

[cPRex]

Sure - people flip between the two versions for testing all the time, as that will not hurt anything.

DNSSEC records are basically security keys that get added to the registrar. If you don't recall manually setting up keys and placing them at your registrar, you wouldn't have any of those enabled. You can see if there are any keys in the Zone Editor for cPanel, and there are more details about this tool here:

DNSSEC | cPanel & WHM Documentation

DNSSEC adds a layer of security to your domains' DNS records.

docs.cpanel.net

 

[rickscotch]

It worked. It's crazy. I'm with Hostgator with their VPS package, and they still haven't fixed the issue 36 hours later now.

You were the one that fixed the issue. Thank you, thank you.

 

[cPRex]

I'm glad things are working well for you now!!!

 

[samuelldrew]

It worked. It's crazy. I'm with Hostgator with their VPS package, and they still haven't fixed the issue 36 hours later now.

You were the one that fixed the issue. Thank you, thank you.

We have a VPS with HostGator as well, and it's been 24 hours without remedy or even an update about this. Even after I provided the workaround, all that they said it that they'll add it to the case notes. How were you able to do this yourself? I can't wait any longer; we have angry clients who are ready to leave us. Did you do the workaround or just switch it to BIND?

 

[cPRex]

If you aren't getting good support from the host it would be best to just switch to BIND. Even if you have DNSSEC records, having those not work while the rest of your DNS works is at least some progress.

 

[samuelldrew]

If you aren't getting good support from the host it would be best to just switch to BIND. Even if you have DNSSEC records, having those not work while the rest of your DNS works is at least some progress.

Yeah; that's what I ended up doing just to get it working again. Having to wait 24 or even 36 hours for something that seems like would take a minute is a terrible way to run a support department.