Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Switched to PowerDNS, cannot access domain now.

Discussion in 'Bind / DNS / Nameserver Issues' started by Spork Schivago, Oct 29, 2016.

Tags:
  1. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    514
    Likes Received:
    54
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    Hello,

    I was running Bind on my server, everything was good. A while back, cPanel had an update and there was this powerDNS option for the nameserver. I picked that.

    Today, I try SSHing into my machine and my SSH client says hostname not found. I try pinging my domain, hostname not found, I try visiting my domain in Chrome, hostname not found.

    I open up my SSH client (putty) and put in the IP address instead of the domain name and I can access my site. I try going to https://<ipaddress>:<whm port> and I can access WHM.

    I'm thinking there is a problem with my DNS records. For some reason, when the upgrade happened, I thought I could just pick PowerDNS and cPanel / WHM would automatically convert my Bind configuration to the PowerDNS configuration and things would just work. Was I wrong in thinking that? Any suggestions on how I should go about fixing this issue?

    I look at /etc/resolv.conf and can see two external nameservers owned by my hosting provider. Not sure what I'm doing wrong here or how to fix it. Any help would be greatly appreciated. I can send a copy of the DNS records that I have setup if anyone would like to see them. I'd prefer to replace my real domain name with example.com though. Thanks.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,745
    Likes Received:
    312
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    The easy answer to get your sites back up might be to just switch back to BIND.
     
  3. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    514
    Likes Received:
    54
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    Thank you. That is the easy answer, you're right. But right now, I'd prefer to try and keep PowerDNS. Are there any cPanel related tutorials that describe how to set it up? I've found non-cPanel related tutorials that talk about setting the MySQL database, etc, but I haven't found anything cPanel related yet. A lot of times, I've noticed, things have to be done in cPanel and not via the shell or it tends to mess things up a bit. I'm wondering if PowerDNS is one of those things.

    Thanks for the response though. I appreciate it. Worst case, I'll switch back to Bind.
     
  4. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    514
    Likes Received:
    54
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    I believe I discovered the answer to my problem, however, I have a new issue I'll create a thread for.

    I executed:
    Code:
    cat /var/log/messages
    
    After a very long time, the entire contents of the file where displayed and I saw the problem.
    Code:
    Oct 29 18:58:33 franklin pdns[1035]: Respawning
    Oct 29 18:58:34 franklin pdns[16330]: Guardian is launching an instance
    Oct 29 18:58:34 franklin pdns[16330]: Reading random entropy from '/dev/urandom'
    Oct 29 18:58:34 franklin pdns[16330]: Loading '/usr/lib64/pdns/libbindbackend.so'
    Oct 29 18:58:34 franklin pdns[16330]: This is a guarded instance of pdns
    Oct 29 18:58:34 franklin pdns[16330]: UDP server bound to 0.0.0.0:53
    Oct 29 18:58:34 franklin pdns[16330]: Unable to acquire a UDPv6 socket: Address family not supported by protocol
    Oct 29 18:58:34 franklin pdns[16330]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol
    Oct 29 18:58:35 franklin pdns[1035]: Our pdns instance exited with code 1
    
    Over and over and over again. Seeing how I don't have IPv6 setup and only use IPv4, I figured PowerDNS was configured to use IPv6. I opened up /etc/pdns/pdns.conf and commented out:
    Code:
    # local-ipv6=::
    # local-ipv6-nonexist-fail=no
    
    Then, I added:
    Code:
    local-address=0.0.0.0
    local-address-nonexist-fail=yes
    
    I restarted PowerDNS:
    Code:
    /etc/init.d/pdns restart
    
    And everything was working properly.

    Right now, I'm using the bind backend, but I'm thinking of switching to the MySQL backend. I currently am running MariaDB. I don't think that should be too hard.

    Now I want to figure out how to go about setting my server to use IPv6 and if it's a wise idea to just use IPv6 and no IPv4, but I think that's for another thread. Thanks!
     
    #4 Spork Schivago, Oct 29, 2016
    Last edited: Oct 29, 2016
    Infopro likes this.
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,424
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @Spork Schivago,

    Could you verify if the affected system is under an OpenVZ/Virtuozzo environment? Internal case CPANEL-9315 was opened to report a scenario affecting systems using OpenVZ/Virtuozzo environments, where if IPv6 is disabled on the host node, and if no IPv6 addresses are LISTENING, then you may notice DNS resolution failures and error output like this in /var/log/messages:

    Code:
    pdns[1652]: Respawning
    pdns[3117]: Guardian is launching an instance
    pdns[3117]: Reading random entropy from '/dev/urandom'
    pdns[3117]: Loading '/usr/lib64/pdns/libbindbackend.so'
    pdns[3117]: This is a guarded instance of pdns
    pdns[3117]: UDP server bound to 0.0.0.0:53
    pdns[3117]: Unable to acquire a UDPv6 socket: Address family not supported by protocol
    pdns[3117]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol
    pdns[1652]: Our pdns instance exited with code 1
    
    The workaround is to disable the following lines in /etc/pdns/pdns.conf:

    Code:
    local-ipv6=::
    local-ipv6-nonexist-fail=no
    The updated lines would look like this:

    Code:
    # local-ipv6=::
    # local-ipv6-nonexist-fail=no
    Then, restart PowerDNS:

    Code:
    /scripts/restartsrv_pdns
    It's not yet determined if this happens because no IPv6 module is enabled on the host node, or if entries disabling IPv6 exist in the /etc/sysctl.conf file. Could you let us now if either of these situations apply in your case?

    I'll update this thread with more information on the status of this case as it becomes available.

    Thank you.
     
    AccessWeb and Spork Schivago like this.
  6. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    514
    Likes Received:
    54
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    @cPanelMichael

    I am running a virtual environment. I believe it's Virtuozzo, but if you want, I can double check and verify. In my previous post, I described how I fixed the issue. I commented out the ipv6 stuff in the /etc/pdns.conf file but I also added the ipv4 stuff. I'd like to add for my system, I currently do NOT have IPv6 enabled. When I find more time, I planned on creating a thread and asking for advice on IPv6. I wanted to know if I could switch to IPv6 only or if I should still have IPv4 enabled.

    For my system, here's a copy of the contents of /etc/sysctl.conf. Notice how there's no IPv6 entries, just IPv4.
    Code:
    # Kernel sysctl configuration file for Red Hat Linux
    #
    # For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
    # sysctl.conf(5) for more details.
    #
    # Use '/sbin/sysctl -a' to list all possible parameters.
    
    # Controls IP packet forwarding
    net.ipv4.ip_forward = 0
    
    # Controls source route verification
    net.ipv4.conf.default.rp_filter = 1
    
    # Do not accept source routing
    net.ipv4.conf.default.accept_source_route = 0
    
    # Controls the System Request debugging functionality of the kernel
    # kernel.sysrq = 0
    
    # Controls whether core dumps will append the PID to the core filename.
    # Useful for debugging multi-threaded applications.
    kernel.core_uses_pid = 1
    
    # Controls the use of TCP syncookies
    net.ipv4.tcp_syncookies = 1
    
    # Disable netfilter on bridges.
    net.bridge.bridge-nf-call-ip6tables = 0
    net.bridge.bridge-nf-call-iptables = 0
    net.bridge.bridge-nf-call-arptables = 0
    
    # Controls the default maxmimum size of a mesage queue
    # kernel.msgmnb = 65536
    
    # Controls the maximum size of a message, in bytes
    # kernel.msgmax = 65536
    
    # Controls the maximum shared segment size, in bytes
    # kernel.shmmax = 68719476736
    
    # Controls the maximum number of shared memory segments, in pages
    # kernel.shmall = 4294967296
    
    Just to be clear, I do not have an IPv6 IP address, only an IPv4. If you'd like, I can try enabling IPv6 in WHM and undoing my /etc/pdns.conf changes to see if the same issue occurs. I just thought PowerDNS used IPv6 by default and because I don't have IPv6 configured, it just failed to start. PowerDNS was trying to bind to a IPv6 IP address, which didn't exist, so I thought that was the reason for the failure. If there's anything I can do to help diagnose the issue further, please let me know and I'll do whatever you ask. Thanks.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,424
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The information you have provided is sufficient for now. I'll update this thread with more information on the status of case CPANEL-9315 as it becomes available.

    Thanks!
     
  8. AccessWeb

    AccessWeb Registered

    Joined:
    Nov 19, 2016
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Belgium
    cPanel Access Level:
    Root Administrator
    I have the same problem after the latest 60.0.24 upgrade, I switched to PowerDNS, also the server was rebooted for a kernel update. Since then, I get alarms from mxtoolbox my primary DNS server is not responding. Luckely I have 3 other backup DNS servers running on 3 other geographical locations. However, I am concerned changes on the main server do not get synched anymore. This server is NOT on any Virtual platform and is fully dedicated.

    Same error reported on this forum (when rebooting PowerDNS):

    Nov 19 20:53:51 aw01 pdns[7163]: Fatal error: Unable to acquire a UDPv6 socket: Address family not supported by protocol
    Nov 19 20:53:51 aw01 pdns[7163]: Unable to acquire a UDPv6 socket: Address family not supported by protocol
    Nov 19 20:53:51 aw01 pdns[7163]: UDP server bound to 0.0.0.0:53
    Nov 19 20:53:51 aw01 pdns[7163]: This is a guarded instance of pdns
    Nov 19 20:53:51 aw01 pdns[7163]: Loading '/usr/lib64/pdns/libbindbackend.so'

    Any solutions to this case?

    PS: I also came from BIND
     
  9. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    514
    Likes Received:
    54
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    AccessWeb,

    Perhaps you missed the solution I posted. It's up above, a few posts. Here's a direct link:

    Switched to PowerDNS, cannot access domain now.

    From my end, by default, PowerDNS was trying to bind to an IPv6 IP address. My server only had an IPv4 address, hence the error:
    Code:
    Unable to acquire a UDPv6 socket: Address family not supported by protocol
    
    message.

    In the configuration file for PowerDNS, on my system,
    /etc/pdns/pdns.conf

    I comment out
    Code:
    # local-ipv6=::
    # local-ipv6-nonexist-fail=no
    
    Then, I added:
    Code:
    local-address=0.0.0.0
    local-address-nonexist-fail=yes
    
    I then restart the PowerDNS service:
    Code:
    service pdns restart
    
    But if you have cPanel installed, you can restart the service with:
    Code:
    /scripts/restartsrv_pdns
    
    Whenever cPanel updates PowerDNS (like it did the other night), you'll have to repeat the process, unless there's some way to tell cPanel not to touch the configuration file for PowerDNS. I tried going to my domain and sure enough, the changes were reverted. There was a pdns.conf.rpmsave file that contained my original changes, so I compared the new config file to my config file, to make sure nothing else changed, and then just replaced the new configuration file with the rpmsave one.

    Another way to fix the issue would be to simply assign an IPv6 address to your server. If you have a VPS from GoDaddy, you might have issues with this though. Their documents online say their VPSes are assigned 16 IPv6 by default and if you need more, contact them. Their support forum says if you don't have any (in my case), just to reach out to live support and they'll assign them to you....but when I call, they say IPv6 is too new, it isn't widely adopted, and they cannot provide any IPv6 addresses because of this (which is utter nonsense if you ask me)

    I hope this helps. Perhaps you could leave a message here letting me know either way, if this fixed your problem or not.
     
  10. AccessWeb

    AccessWeb Registered

    Joined:
    Nov 19, 2016
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Belgium
    cPanel Access Level:
    Root Administrator
    I am sorry, Spork Schivago, thank you.

    I've edited the post, or I diden't sent it or it wasn't edited because of moderation, your solution works perfectly.

    Most of my servers have IPv6, I've setup an unused dedicated some hours ago to install CentOS 6 and WHM/cPanel (trial license), on a clean install the same problem occures, so I guess cPanel really should fix this for servers not having IPv6. Once I've added a /32 block of IPv6 to the test server and rebooted PowerDNS service, after adding the IPv6 block (without editing config files manually) the error was gone (you're also right about that one).

    From my experience (using cPanel over 7 years) editing config files manually tends to brake things, so I prefer not to use manual root ssh at all on cPanel servers unless for simple repair/fix scripts..

    Please note I did NOT add:

    Code:
    local-address=0.0.0.0
    local-address-nonexist-fail=yes
    Anyhow, a better question at this time now would be, is there any progress on this issue?

    Again, thank you for your answers and comments, they all work perfect (I did not have an updated rpm yet since I just started deployment so I don't know about the config file getting replaced just yet) but it realy seems this issue should be fixed for servers not having IPv6.
     
    Spork Schivago likes this.
  11. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    514
    Likes Received:
    54
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    That's okay, I've missed stuff like that myself before. No biggy.

    I'm not 100% sure this is a problem that cPanel should be fixing. Depending on if it just happens with PowerDNS that gets installed from cPanel or if it happens with all PowerDNS installs, it might just be a PowerDNS bug. I use the term bug very loose like here. To me, it doesn't really seem like a bug. I'm used to installing everything via a package manager and most of the time, I do it from the console (either locally or remotely). Even when my package manager installs software, a lot of times, I need to edit the default config file, and customize it for my server. For example, the default Apache config file probably won't work for 99% of the people out there, especially seeing how we can get free SSL certificates now.

    The default PowerDNS config file that comes with cPanel just says to bind to the IPv6 address. PowerDNS tries to bind to that address, and because it doesn't exist, it fails. I don't think there's any programs that come with PowerDNS that create these config files. I haven't looked into it too much, but I guess if cPanel wanted to add a fix, they could just have a script that checks to see if there's any IPv6 addresses, if there are, write the config with IPv6 variables. If there's not, write the config with IPv4 variables. This wouldn't be that hard. I'm sure there's a cPanel API call to check for IPv4 / IPv6 addresses.


    Because you added and configured an IPv6 address, the lines in the config file that I told you to add shouldn't be needed. On top of that, when there's an update to PowerDNS and the config file gets overwritten, it shouldn't break. I wanted to do what you did. I tried contacting GoDaddy to get an IPv6 address / range but had no luck. They said because they're so new and not widely adapted, they don't provide them, but I think that's a mistake, seeing how they have a few documents talking about how to setup your IPv6 addresses, saying that a VPS comes with 16 by default, but if you need more, contact them, etc.

    I'm going to try calling them again. That'd be the easiest solution, just adding an IPv6 address to your server. Thanks for verifying that it works.

    Spork
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,424
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    An active IPv6 address range itself isn't required, but what is required is support for IPv6 in the kernel installed on the system.

    Internal case CPANEL-9666 was opened to ensure the installed kernel supports basic IPv6 functionality in order for the cPanel installer to proceed. This change is not yet published, but you will see it listed on the installer change log once it is:

    Installer Change Log - Change Logs - cPanel Documentation

    This will help prevent the issue from happening on new cPanel installations. For existing cPanel installations, case CPANEL-9315 is still open to determine if a check to determine if IPv6 is supported in the kernel before allowing an administrator to enable PowerDNS. I've added a note to the case with a link to this thread so our developers are aware of the feedback. I'll update this thread with the outcome of this case as it becomes available.

    Thank you.
     
    Spork Schivago likes this.
  13. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    514
    Likes Received:
    54
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    This is a bit odd. I don't think IPv6 is enabled in my kernel, but I'm in a Virtuozzo environment, I believe, so it's hard to tell. On a normal Linux system, I'd just test for the existence of /proc/net/if_inet6. On my VPS, that file doesn't exist, however, I was successfully able to assign an IPv6 address to my VPS server. That confuses me a bit.

    So, I want to make sure I understand this. You're saying CPANEL-9315 and CPANEL-9666, when they're implemented, will prevent a person from installing PowerDNS if they don't have an IPv6 address? Personally, I think that's a horrible idea, because PowerDNS will work with an IPv4 address. It's just the default configuration file that gets installed when cPanel installs PowerDNS is setup for an IPv6 address.

    Wouldn't a better fix be to check if IPv6 is enabled in the kernel and properly configured, and if so, use the default configuration, if not, modify the config file (or use a different config file) for PowerDNS so it's using the IPv4 address?

    If I understand CPANEL-9315 and CPANEL-9666, it sounds like if the person doesn't have an IPv6 address, they won't be able to use PowerDNS. I'd imagine at this point in time, that'd be a good amount of users...there's absolutely nothing preventing a person from using PowerDNS with IPv4.
     
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,424
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    We're actually updating our installation requirements documentation in the near future to include the following information:

    cPanel & WHM and cPanel DNSONLY require that your kernel includes the ipv6 module, or includes that functionality directly within the kernel. This has been a requirement since cPanel version 11.54. Most distributed kernels include this support by default. However, some users of custom kernels may experience problems. If your kernel does not include it in the ipv6 module, the AF_INET6 address family must also be available.

    Also, to your point, on most environments a user can simply run the following command to see if IPv6 support is enabled in the kernel:

    Code:
    test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"
    On Virtuozzo systems, the existence of the /proc/net/sockstat6 file should also confirm IPv6 support:

    Code:
    stat /proc/net/sockstat6
    CPANEL-9666 prevents new installations of cPanel that don't support IPv6. The installer attempts to open an IPv6 socket and temporarily bind to port 2087 on :: to ensure that the ipv6 kernel module is loaded and that the address family is available. It's not yet determined what, if any, changes will stem from CPANEL-9315. Keep in mind that IPv6 addresses aren't required, it's only an IPv6 enabled kernel that's required.

    The lack of a IPv6 support in the kernel is unsupported in cPanel as of cPanel version 11.54. However, CPANEL-9315 is open to discuss how to best handle instances where users enable PowerDNS on systems without IPv6 support.

    An actual IPv6 address is not required. The only requirement is for the server's kernel to support IPv6. This is supported by default in most distributions.

    Thank you.
     
    Spork Schivago likes this.
  15. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    514
    Likes Received:
    54
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    Thanks cPanelMichael. I checked for the presence of /proc/net/sockstat6 and I don't have it. To me, this means my kernel does not support IPv6. Because I'm in a Virtuozzo environment, there are no modules. After talking to GoDaddy, my understanding is none of their servers, not even their cloud servers, have IPv6 support. Only their old VPS servers had it. To me, I think that means cPanel won't install on the GoDaddy servers. Although the lack of IPv6 support in the kernel has been unsupported in cPanel as of cPanel version 11.54, some reason, I have cPanel 11.60. When I run ifconfig, I don't see an IPv6 stuff, no ::'s, none of that. Perhaps this is why PowerDNS breaks with the default config.
     
  16. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,424
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @Spork Schivago,

    Support for an IPv6-enabled kernel has been required since cPanel version 54, but it's not been enforced on new installations or updates, and it's not likely to have lead to any functionality issues. PowerDNS is one of the most recent instances where it's resulted in an noticeable error, which is what lead to internal case CPANEL-9315.

    You can also try running the following command to find your network device name:

    Code:
    ifconfig
    It's listed on the left-side of the output (E.g. eth0). Then, run a command such as:

    Code:
    ip -6 address show dev eth0
    Replace "eth0" with the network device name and see if you see the IPv6 address next to "inet6" in the output.

    Thank you.
     
    Spork Schivago likes this.
  17. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    514
    Likes Received:
    54
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    Yeah, I get no output for the ip -6 address show dev eth0 command. My ethernet interfaces are named eth0 and eth0:0. When I run the ip -6 command on either interfaces, I get nothing, as if I didn't run the program at all. Therefore, I'm going with my GoDaddy's VPS kernel does not support IPv6. I wonder how I was able to assign an IPv6 address to it. Maybe I had some sort of typo and pinged another domain? But that doesn't make sense, because the response was from the IPv6 address I assigned.

    Either way, I'm working on switching from GoDaddy to another provider that supports IPv6. They don't provide cPanel. I'm going to have to purchase that myself, if I want it, but it's a bit pricey here. GoDaddy offered it for an extra 10$ a month. Here, I think it's 20$ a month. I found a place that has it for 14.95$ a month. I wish I could find a place that offered licenses for 10$ a month though. I don't want to lose cPanel but I gotta keep the price in mind, now that we have a little one. Thanks.
     
Loading...

Share This Page