Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SELinux on DNSonly losing connection

Discussion in 'Bind/DNS/Nameserver' started by Ray Hayes, Jan 22, 2019.

  1. Ray Hayes

    Ray Hayes Member

    Joined:
    May 29, 2018
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    North Carolina
    cPanel Access Level:
    Root Administrator
    About 2 days ago our DNSonly server (NS2) was hit with the SELinux bug (if no SELinux was enabled or a config file did not exist, an update would add it...and it was enabled).

    The DNS went completely down until SELinux was disabled.

    I am now able to access the dns server in the cluster...BUT, at random times now it drops...

    Could not connect to https://xxx.xxx.xx.xx:2087/scripts2/getzones_local: Could not read from SSL socket: 'SSL read error'
    at /usr/local/cpanel/3rdparty/perl/526/lib64/perl5/5.26.0/HTTP/Tiny.pm line 1191

    If I log into NS1 and re-enable it, it works again for a while. (NOTE: the xxx is IP and not name...example https://111.222.33.44:2087 and not the hostname, which would be ns2.dnsonly.com...as an example, which seems odd...)

    All IP's have been added to CPHulk and whitelisted. All firewall rules (APF) allow access to the IP...just now, randomly, it breaks.

    Thoughts
     
  2. Ray Hayes

    Ray Hayes Member

    Joined:
    May 29, 2018
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    North Carolina
    cPanel Access Level:
    Root Administrator
    I feel this may be a hijack, but I am gaining zero traction on this issue.

    I was hit with the SELinux bug. It has since been repaired. But, now this has created a new issue. This was a DNSOnly server that was hit (NS2). It is part of a cluster. Since this bug, the first node (NS1) keeps disconnecting from the DNSonly node.

    Could not connect to https://xxx.xxx.xx.xx:2087/scripts2/getzones_local: Could not read from SSL socket: 'SSL read error'
    at /usr/local/cpanel/3rdparty/perl/526/lib64/perl5/5.26.0/HTTP/Tiny.pm line 1191


    This of course, disables the dnsonly server. I can go back in, reconnect, and it is fine...for a while. (Side note: The third server in the cluster, NS3, has NOT disconnected. It is ONLY on the main server (ns1).)

    Nothing has changed on either device, except for the loss of service on ns2 (dnsonly) due to the SELinux bug.

    This is taking a lot of my time to review, and the fact that the only issue was this stupid bug...I am at a loss. (NOTE: IP's have been whitelisted, etc since the inception of this setup almost 2 years ago.)

    Hopefully I can get some input on this.
     
  3. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,206
    Likes Received:
    478
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Ray Hayes

    I'm unsure what would cause this behavior but it might be best if we were able to investigate on the box itself.
    Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Ray Hayes

    Ray Hayes Member

    Joined:
    May 29, 2018
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    North Carolina
    cPanel Access Level:
    Root Administrator
    cPanel dnsonly ID# 11268763 - Underway. Hope to hear what weirdness this may be.
     
  5. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,206
    Likes Received:
    478
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Ray Hayes


    Thanks for that I'm watching that ticket and I can see we've already begun troubleshooting. I'll update here with the resolution as soon as it's available.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Ray Hayes

    Ray Hayes Member

    Joined:
    May 29, 2018
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    North Carolina
    cPanel Access Level:
    Root Administrator
    At this point, there is no solution. Something blocks the master unit of the cluster from writing to the DNSOnly machine. I even bailed and went ahead and completely reinstalled from scratch. EXACT same error after all was said and done.

    The only concern I have is the constant SSL errors. As I reviewed the SSL's on the DNSOnly unit, I do not see the one I installed. Only self-signed. I then saw this...

    cPanel DNSonly SSL No Records Found error

    I quote "Note this issue only affects the visibility of the certificate in "WHM >> Manage Service SSL Certificates", as the certificate itself is installed successfully". Is it? If so, why am I seeing so many "Could not connect to https://serverip - Could not read from SSL socket: 'SSL read error'"

    This has caused a lot of frustration. I had hoped to get closure...but, right now, I am stuck trying to be all Columbo.

    I will update if I find anything.
     
  7. Ray Hayes

    Ray Hayes Member

    Joined:
    May 29, 2018
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    North Carolina
    cPanel Access Level:
    Root Administrator
    Fighting a losing battle...but, I have verified one thing. It has boiled down to one specific server. I currently have all of the other nodes reconnected to the DNSOnly node. Any changes in Zone Editor are written immediately to that DNS.

    But, on the main node with problems...the following error keeps popping up in DNSAdmin logs.

    substr outside of string at /usr/local/cpanel/Cpanel/Gzip/ungzip.pm line 74.
    Use of uninitialized value in unpack at /usr/local/cpanel/Cpanel/Gzip/ungzip.pm line 74.
    Use of uninitialized value in numeric eq (==) at /usr/local/cpanel/Cpanel/Gzip/ungzip.pm line 74.

    Is this dnsadmin? But, I know support updated dnsadmin to the latest.

    What could that be?
     
  8. Ray Hayes

    Ray Hayes Member

    Joined:
    May 29, 2018
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    North Carolina
    cPanel Access Level:
    Root Administrator
    Issue solved!

    Decided to use an alternate vps/droplet provider than Vultr (where the original broken NS node existed.)...Digital Ocean. The new ns server is humming along, and with zero issues. And considerably faster.

    So...moral? Be wary if using certain hosting providers and Vultr...who knows...they may be blocking Vultr....and yet, we will really never know what happened.
     
  9. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,206
    Likes Received:
    478
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Ray Hayes

    Interesting, vultr uses their own templates when provisioning their VPS's it may have been some misconfiguration within the template. I'm really glad to hear you got it all resolved!

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice