The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problems in Authoritive DNS Detection

Discussion in 'Bind / DNS / Nameserver Issues' started by Spiral, May 14, 2009.

  1. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    As unusual and rare as it is, I finally got one question that is puzzling me a bit ...

    I am running latest EDGE and in Cpanel, there is now a "Email Authentication"
    area for setting up "Domain Keys" and "SPF" from Cpanel directly which is
    actually quite nice to finally have this built into Cpanel instead of having
    to set these options up manually.

    However, my Cpanel displays the following warning incorrectly:
    Code:
    WARNING: DomainKeys cannot be used because this server is not a DNS server for myserverexpert.com [?] 
    And similar respectively for SPF as well ....

    The only problem is that my server is in fact the authorative DNS server
    for all domains on the server and the DNS is in fact registered correctly
    and setup to use DNS servers with the server's main and secondary IP
    addresses.

    I get the sneaky suspicion that Cpanel setup their detection code on
    this to check to see if the server's hostname is registered as an
    authorative DNS server for the domain instead of checking what IP
    addresses the authorative DNS server names actually resolve to
    which would explain this warning error being falsely generated.

    Does anyone know exactly what Cpanel is using to determine if a
    domain's DNS is being handled by the server or not because I can
    tell you first hand right now whatever they are doing is broken
    since they should be resolving and checking IPs of the authorative
    DNS servers for the domains instead of checking the name against
    the server hostname which I suspect what they may be doing.

    Does anyone have any experience with this issue or know off hand
    how to make the warning go away?

    Example setup for illustration:
    Code:
    mydomain.com is a domain on the server with let's say IP 11.22.33.44
    
    nextdomain.com is another domain on the server also with 11.22.33.44
    as the account IP address and both domains use the following nameservers
    as the registered authorative dns servers on their respective domain
    registrations and WHOIS details:
    
    ns1.mydomain.com is registered as the authorative DNS with the
    IP address registered at the registrar 11.22.33.44
    
    ns2.mydomain.com is registered as the secondary authorative DNS server
    with the IP address 11.22.33.45
    
    The server has IP addresses 11.22.33.44 to 11.22.33.48 with the 
    primary and shared IP address being the first IP in that series.
    
    The server main hostname being "server.mydomain.com" and also has
    the main server IP address of 11.22.33.44 as the IP address.
    
    In this situation, both mydomain.com and nextdomain.com report in
    their Cpanel control panels under Email Authentication the warnings
    listed at the top of this post even though the server is indeed the
    authorative server for the respective domains and all DNS functions
    are working correctly and no problems with DNS whatsoever.

    Incidentally, changing the Domain Keys and SPF records in the Cpanel
    does actually work as well and the DNS queries are actually being updated
    with the new SPF and Domain Key information. It's just simply the
    stupid erroneous warning that I am trying to figure out and get rid of
    telling me the server is not authorative for the domains when it really is!

    So again, anyone know how to shutdown those warnings or know
    specifically how Cpanel is trying to make their authorative determinations
    for the domains because they definitely got it wrong as far as their
    authorative detection code is concerned and I suspect that might
    possibly be because of resolving hostnames instead of comparing
    registered authorative DNS servers against known server IP addresses
    in the IP pool for the server which would make a lot more sense.
     
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Any chance your resolvers (set up in /etc/resolv.conf) are storing stale DNS information relating to the domains in question.

    As root, on the server experiencing the problems:

    dig mydomain.com ns @xxx.xxx.xxx.xxx
    dig nextdomain.com ns @xxx.xxx.xxx.xxx

    where xxx.xxx.xxx.xxx = the IP address of each one of the resolvers you have listed in /etc/resolv.conf

    When you do this, those resolvers should list the nameservers for the domain as being the ones that are listed at WHOIS, which should be your local DNS on the machine.

    Mike
     
  3. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    That's actually the first thing I did (dig) followed by checking
    the zone files in /var/named and WHOIS reviews.

    I thought I made that clear in my post above but I guess not ...

    Anyway, dig returns both the correct nameserver host names
    and the correct IPs and correctly shows authority flag for the IPs.

    The /etc/resolv.conf has the correct server and network IPs
    for the DNS resolution for where I am at and all DNS queries
    come back correctly as well.

    Actually, other than the error in Cpanel where the system
    incorrectly gives a warning that my server isn't an authoritive
    server for any of the domains on the server, everything actually
    appears to be running 100% perfectly DNS resolution wise as
    well as cpanel adding the email authentication TXT lines to
    the zone files and the responses to those as well.

    The only trouble I can find seems to be just the warning itself.
     
  4. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Is this server part of a cPanel DNS Cluster?
     
  5. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Sorry for the delay getting back to you, Dave .... busy week.

    Anyway, no the server in question is a standalone single Cpanel server
    operating by itself only.
     
  6. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I recommend letting one of our technical analysts to look into this with you: http://tickets.cPanel.net/submit
     
Loading...

Share This Page