The service “nameserver” appears to be down / the “pdns” service is down.

[joshstovall]

I am having an issue with my server.
I am getting an email every 10 minutes that says this:

The service “nameserver” appears to be down.
Server myserver.secureserver.net
Primary IP Address xxx.xx.xxx.xxx
Service Name nameserver
Service Status failed
Notification The service “nameserver” appears to be down.
Service Check Method The system’s command to check or to restart this service failed.
Service Check Raw Output (XID tknbm6) The “pdns” service is down. The subprocess “/usr/local/cpanel/scripts/restartsrv_named” reported error number 255 when it ended.


I read in another thread that suggested to run this, and see what it returns

rpm -qf --queryformat '%{VERSION}\n' /etc/redhat-release

This returns the number 6.

What do I do now?
Does anyone know how I can fix this?

Thank you
-- Josh

 

[cPanelLauren]

Hello,


All that command does is output the version of the operating system. If you run the following what is the output?

/usr/local/cpanel/scripts/restartsrv_named

 

[joshstovall]

[[email protected] ~]# /usr/local/cpanel/scripts/restartsrv_named
Waiting for “pdns” to start …………failed.

Cpanel::Exception::Services::StartError
Service Status

Service Error
        (XID n9n42m) The “pdns” service failed to start.

Startup Log
        Starting PowerDNS authoritative nameserver: Mar 17 00:07:23 Reading random entropy from '/dev/urandom'
        Mar 17 00:07:23 Loading '/usr/lib64/pdns/libbindbackend.so'
        started

Log Messages
        Mar 16 17:07:23 instbible pdns[11207]: Fatal error: Unable to acquire TCPv6 socket: Address family not supported by protocol
        Mar 16 17:07:23 instbible pdns[11207]: TCP server bound to 0.0.0.0:53
        Mar 16 17:07:23 instbible pdns[11207]: IPv6 Address Family is not supported - skipping UDPv6 bind
        Mar 16 17:07:23 instbible pdns[11207]: UDP server bound to 0.0.0.0:53
        Mar 16 17:07:23 instbible pdns[11207]: Listening on controlsocket in '/var/run/pdns.controlsocket'

pdns has failed. Contact your system administrator if the service does not automagically recover.
[[email protected] ~]#

Thanks for the response!

Here is what I get

 

[cPanelLauren]

Hello,


If you go to /etc/pdns/pdns.conf and change the ipv6 line from:

local-ipv6=::

to

local-ipv6=

and attempt to restart it is the issue resolved?

 

[joshstovall]

Is that something I do through the command line?

It seems there is no folder named /pdns in /etc

 

[cPanelLauren]

It is definitely something you'd need to do over the CLI. You should definitely have that folder, it may be best to open a ticket so our analysts can look at this for you. Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!

 

[joshstovall]

My Ticket ID is 93463790

 

[cPanelLauren]

Hello,

I just checked in on this ticket and found that they were able to resolve this and used the same steps I suggested. Please let us know if you continue to experience issues with this.

Thanks!

 

[Junosprite007]

Hello,

I just checked in on this ticket and found that they were able to resolve this and used the same steps I suggested. Please let us know if you continue to experience issues with this.

Thanks!

Hi, there. I'm having the same issue, but in my /etc/pdns/pdns.conf file, the local-ipv6=:: line is commented out showing this:

#local-ipv6=::

.

Thus, it looks like that's not the issue for me. In the CLI as root, when I run the above suggested command:

/usr/local/cpanel/scripts/restartsrv_named

I get the following output:

[[email protected] ~]# /usr/local/cpanel/scripts/restartsrv_named
Waiting for “pdns” to start ……info [restartsrv_pdns] systemd failed to start the service “pdns” (The “/usr/bin/systemctl restart pdns.service --no-ask-password” command (process 3591) reported error number 1 when it ended.): Job for pdns.service failed because the control process exited with error code. See "systemctl status pdns.service" and "journalctl -xe" for details.

…Waiting for named,mydns,nsd,pdns_server to shutdown ... not running.
info [restartsrv_pdns] systemd failed to start the service “pdns” (The “/usr/bin/systemctl restart pdns.service --no-ask-password” command (process 3597) reported error number 1 when it ended.): Job for pdns.service failed because the control process exited with error code. See "systemctl status pdns.service" and "journalctl -xe" for details.

…failed.

Cpanel::Exception::Services::StartError
Service Status
        undefined status from Cpanel::ServiceManager::Services::Pdns

Service Error
        (XID 7cgkvm) The “pdns” service failed to start.

Startup Log
        Feb 23 07:13:55 container.domain.com pdns_server[441]: Received question from socket which had no remote address, dropping (Transport endpoint is not connected)
        Feb 23 07:51:15 container.domain.com pdns_server[441]: Received question from socket which had no remote address, dropping (Transport endpoint is not connected)
        Feb 27 21:25:11 container.domain.com pdns_server[441]: AXFR of domain 'localhost' initiated by 45.83.66.89
        Feb 27 21:25:11 container.domain.com pdns_server[441]: AXFR of domain 'localhost' failed: 45.83.66.89 cannot request AXFR
        Feb 28 01:05:17 container.domain.com pdns_server[441]: AXFR of domain 'localhost' initiated by 45.83.66.172
        Feb 28 01:05:17 container.domain.com pdns_server[441]: AXFR of domain 'localhost' failed: 45.83.66.172 cannot request AXFR
        Mar 07 03:42:56 container.domain.com pdns_server[441]: AXFR of domain 'qq.com' initiated by 109.238.11.14
        Mar 07 03:42:56 container.domain.com pdns_server[441]: AXFR of domain 'qq.com' failed: 109.238.11.14 cannot request AXFR
        Mar 07 03:42:56 container.domain.com pdns_server[441]: AXFR of domain 'qq.com' initiated by 109.238.11.14
        Mar 07 03:42:56 container.domain.com pdns_server[441]: AXFR of domain 'qq.com' failed: 109.238.11.14 cannot request AXFR

pdns has failed. Contact your system administrator if the service does not automagically recover.

EDIT: I already tried uncommenting the local-ipv6=:: line and formatting it as local-ipv6= then restarting the entire server, and it still does not work. Would cPanel be loading in another pdns.conf file from a different user or different location?

My site has been down since that last error date above, so any help is appreciated!

 

[cPRex]

@Junosprite007 - can you check this article to see if this is your issue? cPanel

 

[Junosprite007]

@Junosprite007 - can you check this article to see if this is your issue? cPanel

For the life of me, I cannot login to that cPanel site to view the article you're talking about. How do I do that?

 

[cPRex]

Here's the important parts of that page:

Description

This issue is caused by PowerDNS attempting to bind to an IPv6 port but failing because IPv6 is disabled.

We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-36101. Follow this article to receive an email notification when a solution is published in the product.

Workaround

Add the following line to your PowerDNS configuration file at - /etc/pdns/pdns.conf:

local-address=0.0.0.0

and then restart your PowerDNS service with:

/scripts/restartsrv_pdns

The login should be the same username and password as the cPanel support system, but if you haven't submitted a ticket for a while you may need to reset that password.

 

[Junosprite007]

I'm not even getting an email for resetting my password from cPanel.

Regardless, thanks for this info. My hosting provider just resolved this issue for me, but after comparing my two pdns.conf and pdns.conf.old files, it seems like it was solved by a different method. I inquired about how it was solved, so we'll see if they reply. Then I'll post back here for you guys.

To be clear, my site is up and running now, but the line "local-address=0.0.0.0" was not added to the pdns.conf file. I'm eager to find out how it was handle by me hosting provider.

 

[cPRex]

That's interesting - if you'd like to email "[email protected]" they can check your account settings and help out with that.

 

[Junosprite007]

Here's what my hosting provider told me after they fixed the issue:

To resolve the issue with pdns, our team created a set of rules for pdns to follow on startup in order for it to actually start successfully.

The configuration that was setup is located below.

/etc/systemd/system/pdns.service.d/override.conf

After browsing the history in my linux terminal, here are the commands they used:

mkdir /etc/systemd/system/pdns.service.d
less /etc/systemd/system/pdns.service.d/override.conf
cat <<EOT >> /etc/systemd/system/pdns.service.d/override.conf
>[Service]
>User=root
>Group=root
>AmbientCapabilities=
>CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
>EOT
less /etc/systemd/system/pdns.service.d/override.conf
systemctl daemon-reload
systemctl restart pdns.service
systemctl status pdns.service
netstat -tulnp | grep pdns_server

I'm not sure where those CapabilityBoundingSet rules were actually defined, but we can see where/how they were called above. Either way, this solved my issue.

 

[cPRex]

Thanks for the details. It looks like they applied the workaround rather than update the kernel, which is outlined here, and is slightly different than the previous issue I linked:

https://support.cpanel.net/hc/en-us...o-start-after-update-to-cPanel-WHM-version-94

but we use a very similar workaround in that post to fix the problem.

 

[Junosprite007]

That article is super helpful (finally able to login to see it). Thanks! I had used yum update, but I've noticed that this hosting provider has pretty out-of-date servers (and virtual machines, which is what I have), so it may not have even been able to be updated form my VPS; not sure. Always keep your servers updated, people!

 

[NaganoNow]

I'm having the same problem. Sorry, I'm a real newb and a lot of the above goes over my head. I don't even know how to run code.
Is there a tutorial somewhere I could see? If not, who/where can I turn to to resolve this? Mine is a self-managed VPS and the guy who usually helps me out is not answering emails.

 

[cPRex]

@NaganoNow - the best details we have available would be the ones provided in that support link. You do need to be signed in to our ticket system in order to see that link, but there isn't a way to fix the issue without SSH access to the machine.

The easiest solution for you would be to go to WHM >> Nameserver Selection and choose the BIND option.

 

[NaganoNow]

Thanks but I have DNSSEC records so that would cause other problems.