The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

resolv.conf resets to 8.8.8.8 and 8.8.4.4

Discussion in 'General Discussion' started by Mango45, Nov 8, 2013.

  1. Mango45

    Mango45 Active Member

    Joined:
    Apr 21, 2009
    Messages:
    42
    Likes Received:
    1
    Trophy Points:
    58
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    Periodically my resolv.conf gets reset to 8.8.8.8 and 8.8.4.4. I discover this when my users report they are receiving too much spam. Unless resolv.conf is set to the server's own public IP, DNS-based blocklists do not work properly.

    I'm using the Resolver Configuration wizard in WHM to set this; any advice on making it stick?
     
    #1 Mango45, Nov 8, 2013
  2. MikeDVB

    MikeDVB Well-Known Member
    PartnerNOC

    Joined:
    Jun 4, 2008
    Messages:
    212
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Indiana, USA
    If you're on a OpenVZ VPS it's being reset on boot/reboot. If not - then I don't know anything within WHM that would cause it to change automatically.

    That said - 8.8.8.8 and 8.8.4.4 are Google PublicDNS Resolvers - we actually use them in our office, on our servers, and on just about everything. I've not had or seen any issues with RBLs not working while using Google PublicDNS and I suspect you may be correlating two unrelated issues.
     
    #2 MikeDVB, Nov 8, 2013
  3. Mango45

    Mango45 Active Member

    Joined:
    Apr 21, 2009
    Messages:
    42
    Likes Received:
    1
    Trophy Points:
    58
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    Thanks Mike. It is a VPS and probably OpenVZ. I will write a script to correct resolv.conf at each boot.

    The error in question that is resolved by using the server's public IP in resolv.conf is:

    Code:
    0.0 URIBL_BLOCKED     ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                      See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information.
    From the link:

    Some RBLs don't seem to care, but URIBL in particular does seem to limit the queries a single DNS server can make. I really like this RBL in particular - it catches 75% of spam that hits my server, with zero false positives.
     
    #3 Mango45, Nov 8, 2013
  4. MikeDVB

    MikeDVB Well-Known Member
    PartnerNOC

    Joined:
    Jun 4, 2008
    Messages:
    212
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Indiana, USA
    /etc/rc.local
    Code:
    echo -e "nameserver IPHERE\nnameserver IPHERE" > /etc/resolv.conf
    That should give you the desired result I imagine if on CentOS.
     
    #4 MikeDVB, Nov 8, 2013
  5. Mango45

    Mango45 Active Member

    Joined:
    Apr 21, 2009
    Messages:
    42
    Likes Received:
    1
    Trophy Points:
    58
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    A follow-up question: Is it simply a matter of making sure resolv.conf is correct, or do I need to restart anything after I correct it?

    EDIT: I saw your post above after I wrote this. Thank you. :)
     
    #5 Mango45, Nov 8, 2013
  6. MikeDVB

    MikeDVB Well-Known Member
    PartnerNOC

    Joined:
    Jun 4, 2008
    Messages:
    212
    Likes Received:
    3
    Trophy Points:
    68
    Location:
    Indiana, USA
    I don't believe anything needs restarted. You could do some simple tests with 'dig' to see what DNS it's querying.
     
    #6 MikeDVB, Nov 8, 2013
  7. kdean

    kdean Well-Known Member

    Joined:
    Oct 19, 2012
    Messages:
    267
    Likes Received:
    12
    Trophy Points:
    18
    Location:
    Orlando, FL
    cPanel Access Level:
    Root Administrator
    You could make the changes to your resolv.conf and then set the immutable flag so it is basically locked from further changes.

    chattr +i /etc/resolv.conf

    Then if you do need to make changes in the future, just remove the immutable flag with:

    chattr -i /etc/resolv.conf
     
    #7 kdean, Nov 10, 2013
  8. Tom Risager

    Tom Risager Well-Known Member

    Joined:
    Jul 10, 2012
    Messages:
    112
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Copenhagen, Denmark, Denmark
    cPanel Access Level:
    Root Administrator
    How does this actually work - if you set resolv.conf to your servers own public IP, how does domain name resolution work?

    I'd like to use URIBL, but cannot at the moment because my hosting providers resolvers are blocked.
     
    #8 Tom Risager, Nov 10, 2013
  9. Mango45

    Mango45 Active Member

    Joined:
    Apr 21, 2009
    Messages:
    42
    Likes Received:
    1
    Trophy Points:
    58
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    From within WHM, navigate to Nameserver Selection and verify that BIND is working. If it is, you're already good to go. :)

    You may also be interested in another RBL called Barracuda. It's free but requires registration of your IP address. It too is very accurate and in my testing caught 61% of spam with no false positives. The other RBL I use is Spamhaus's Zen.

    I use the following scores:

    score URIBL_BLACK 10
    score RCVD_IN_SBL 10
    score RCVD_IN_XBL 10
    score RCVD_IN_PBL 10
    score URIBL_DBL_SPAM 10
    score RCVD_IN_BRBL_LASTEXT 10
    score RCVD_IN_BL_SPAMCOP_NET 0 1.246 0 1.347

    These high scores of 10 tag any mail on these RBLs as spam, but still deliver it to the users so they can inspect what is being tagged if necessary. (Assuming your "SpamAssassin™ reject spam score threshold" is high.)

    In my testing, 98.5% of spam is on one of these blocklists. 1.3% is caught by Bayesian or other rules. I'm still trying to figure out how to catch the remaining 0.2%.
     
    #9 Mango45, Nov 10, 2013
    Last edited: Nov 10, 2013
  10. Tom Risager

    Tom Risager Well-Known Member

    Joined:
    Jul 10, 2012
    Messages:
    112
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Copenhagen, Denmark, Denmark
    cPanel Access Level:
    Root Administrator
    So easy - thanks for your response :)
     
    #10 Tom Risager, Nov 10, 2013
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    35,700
    Likes Received:
    1,138
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    I am happy to see your question was answered. I am marking this thread as [Resolved].

    Thank you.
     
    #11 cPanelMichael, Nov 11, 2013
(You must log in or sign up to post here.)
Loading...
Similar Threads - resolv conf resets
  1. serverxy

    modification to resolv.conf

    serverxy, Jan 23, 2017, in forum: General Discussion
    Replies:
    3
    Views:
    229
    cPanelMichael
    Jan 23, 2017
  2. phillbooth

    SOLVED Resolver Configuration Keeps Resetting

    phillbooth, Dec 16, 2016, in forum: Bind / DNS / Nameserver Issues
    Replies:
    3
    Views:
    482
    phillbooth
    Dec 19, 2016
  3. hicom

    EasyApache 4 not resolving conflict correctly

    hicom, Sep 3, 2016, in forum: CloudLinux
    Replies:
    4
    Views:
    493
    cPanelMichael
    Sep 19, 2016
  4. gareth.star

    EasyApache 4 not resolving conflict correctly

    gareth.star, Jun 28, 2016, in forum: EasyApache
    Replies:
    13
    Views:
    1,678
    aNightOne
    Jul 16, 2016
  5. SteveW0ndersWhatHappened

    /etc/resolv.conf - Host lookup did not complete

    SteveW0ndersWhatHappened, Jun 15, 2016, in forum: Bind / DNS / Nameserver Issues
    Replies:
    3
    Views:
    742
    cPanelMichael
    Jun 20, 2016

Share This Page