rndc status failed, connect failed: 127.0.0.1#953: timed out

postcd

Well-Known Member
Oct 22, 2010
717
19
68
Hello,

i found this in cpanel error log:

[2016-04-04 08:39:03 +0000] warn [restartsrv_base] /usr/sbin/rndc status failed: WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)rndc: connect failed: 127.0.0.1#953: timed out at /usr/local/cpanel/Cpanel/DNSLib.pm line 263.
Cpanel::DNSLib::checkrndc(Cpanel::DNSLib=HASH(0x2134380)) called at /usr/local/cpanel/Cpanel/ServiceManager/Services/Named.pm line 84
Cpanel::ServiceManager::Services::Named::check(Cpanel::ServiceManager::Services::Named=HASH(0x1afc4f8)) called at /usr/local/cpanel/Cpanel/ServiceManager/Base.pm line 552
Cpanel::ServiceManager::Base::run_from_argv(Cpanel::ServiceManager::Services::Named=HASH(0x1afc4f8), "--verbose", "named", "--check", "--notconfigured-ok") called at bin/restartsrv_base.pl line 81
main::__ANON__() called at /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80
eval {...} called at /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71
Try::Tiny::try(CODE(0x1ef3ee8), Try::Tiny::Catch=REF(0x15fa418)) called at bin/restartsrv_base.pl line 110
[2016-04-04 08:39:03 +0000] warn [restartsrv_base] named: call to rndc failed
at /usr/local/cpanel/Cpanel/ServiceManager/Services/Named.pm line 85.
Cpanel::ServiceManager::Services::Named::check(Cpanel::ServiceManager::Services::Named=HASH(0x1afc4f8)) called at /usr/local/cpanel/Cpanel/ServiceManager/Base.pm line 552
Cpanel::ServiceManager::Base::run_from_argv(Cpanel::ServiceManager::Services::Named=HASH(0x1afc4f8), "--verbose", "named", "--check", "--notconfigured-ok") called at bin/restartsrv_base.pl line 81
main::__ANON__() called at /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80
eval {...} called at /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71
Try::Tiny::try(CODE(0x1ef3ee8), Try::Tiny::Catch=REF(0x15fa418)) called at bin/restartsrv_base.pl line 110
[2016-04-04 08:39:15 +0000] info [restartsrv_base] Domming remaining dovecot processes
[2016-04-04 08:39:16 +0000] info [tailwatchd] chkservd::Notify Notification => [email protected]***** via EMAIL [eventimportance => High (1)]
[2016-04-04 08:39:28 +0000] info [tailwatchd] chkservd::Notify Notification => [email protected]***** via EMAIL [eventimportance => High (1)]
[2016-04-04 08:39:39 +0000] info [tailwatchd] chkservd::Notify Notification => [email protected]***** via EMAIL [eventimportance => High (1)]
[2016-04-04 08:39:48 +0000] info [cpsrvd] Restarting cpsrvd daemon process 1820 via /usr/local/cpanel/cpsrvd
==> cpsrvd 11.54.0.21 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up native SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
[2016-04-04 08:39:50 +0000] info [tailwatchd] chkservd::Notify Notification => [email protected]***** via EMAIL [eventimportance => High (1)]
Please which commands / steps to do to discover cause and fix it? Thank You
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello :)

Check to see if local connections to port 953 are possible from your server's command line. EX:

Code:
telnet 127.0.0.1 953
You may need to review any firewall rules you have enabled if the connection is blocked.

Thank you.
 

postcd

Well-Known Member
Oct 22, 2010
717
19
68
thx, no, Yours mentioned command returns this: :(

telnet: connect to address 127.0.0.1: Connection timed out
# netstat -penta|grep named
tcp 0 0 SERVERIPHERE:53 0.0.0.0:* LISTEN 25 1558635645 7805/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 1558635643 7805/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 1558635648 7805/named
# cat /etc/rndc.conf|grep port
default-port 953;
# inet 127.0.0.1 port 953
csf -p|grep named
53/tcp 4/- - (7805/named) /usr/sbin/named -u named /usr/sbin/named
53/udp 4/- - (7805/named) /usr/sbin/named -u named /usr/sbin/named
(port 53 is within allowed ports in CSFirewall and 953 is not there)

When i pause CSF (firewall) and do # service named status
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
version: 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 (Not disclosed)
CPUs found: 9
worker threads: 9
number of zones: *
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 1/100
server is up and running
named (pid 7805) is running...
What/why went wrong please?
Seems that after CSFirewall was enabled again, timeout no longer appears

but newly created cPanels DNS fails to work. I do command "host newcpaneldomain.tld" and result is "Host newcpaneldomain.tld not found: 2(SERVFAIL)"
but after i manually reload DNS zone, i see it start working/resolving and WHM says this upon reloading:
"Bind reloading on hostname using rndc: WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
server reload successful"
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
but newly created cPanels DNS fails to work. I do command "host newcpaneldomain.tld" and result is "Host newcpaneldomain.tld not found: 2(SERVFAIL)"
but after i manually reload DNS zone, i see it start working/resolving and WHM says this upon reloading:
"Bind reloading on hostname using rndc: WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
server reload successful"
Does DNS fail externally as well, or is it just the local server that returns the "not found" error when using the "host" command?

Thank you.
 

postcd

Well-Known Member
Oct 22, 2010
717
19
68
I can"t confirm if DNS fails externally, i already reloaded that DNS Zone manually.

I followed cpanel support suggestion (Add 127.0.0.0/8 to /etc/csf/csf.allow and also to /etc/csf/csf.ignore.) and restarted CSF (firewall).

But i still see timeout when telnet localhost and port 953 or 80

(example: telnet 127.0.0.1 953)

service named status and rndc reload
is timeouting too
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
I followed cpanel support suggestion (Add 127.0.0.0/8 to /etc/csf/csf.allow and also to /etc/csf/csf.ignore.) and restarted CSF (firewall).

But i still see timeout when telnet localhost and port 953 or 80

(example: telnet 127.0.0.1 953)

service named status and rndc reload
is timeouting too
To update, it looks like the issue was isolated to your firewall rules, per the support ticket. I suggest updating your custom firewall rules, or going through each custom rule one by one to narrow down the culprit.

Thank you.