The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

what should /etc/resolv.conf look like?

Discussion in 'General Discussion' started by spaceman, Sep 22, 2005.

  1. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Hi All,

    Can someone tell me what a default or 'good' /etc/resolv.conf should look like?

    I ask because we were observing lots of failures (timeouts) in exim_mainlog when our server was trying to connect and send mail to other mail servers. It was eventually tracked down to an incorrect config of resolv.conf (nameserver 127.0.0.1 was missing, no idea why).

    So I'm assuming therefore that nameserver 127.0.0.1 in resolv.conf is essential? What else is essential or recommended?

    Thanks.
     
  2. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    442
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    US
    cPanel Access Level:
    DataCenter Provider
    Your resolv.conf file should look like :

    nameserver [primary IP]
    nameserver [secondary IP]
    nameserver [or another DNS IP that you have]

    And, never put 127.0.0.1 at this configuration, it is not recommended to put this into the file, i think it is a security issue.

    Good luck ;)
     
  3. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for your comments.

    I've been researching around this issue and...

    Some say that having 127.0.0.1 in there is not a security risk IF in WHM > Tweak Settings you have this enabled:

    "Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)"

    Others say if you've got 'search yourdomain.com' in there then you don't need 127.0.0.1 in there as well.

    So many opinions! :)
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You should definitely not have 127.0.0.1 there as it is a security risk and there's simply no need as you can use the main IP address of the server if you have bind correctly setup and working. Adding the DNS resolvers that your NOC provides is also a good idea incase named falls over.
     
  5. astopy

    astopy Well-Known Member

    Joined:
    Apr 3, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    What would be the difference to security of using the server's main external IP instead of 127.0.0.1?
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  7. neonix

    neonix Well-Known Member

    Joined:
    Oct 21, 2004
    Messages:
    124
    Likes Received:
    2
    Trophy Points:
    0
    resolv.conf

    Hi,

    I was reading this article and just happened to check resolv.conf file. - My name servers have been commented and replaced with nameservers which are not of my datacenter.


    cat resolv.conf
    domain mydomain.com
    search mydomain.com
    #nameserver xx.xx.xx.xx
    #nameserver xx.xx.xx.xx
    nameserver zz.zz.aa.bb
    nameserver zz.zz.e.f

    /etc/nameserverips is fine
    /etc/wwwacct.conf is fine

    root@cat3 [/etc]#
    -rw-r--r-- 1 root root 147 Jun 12 2005 resolv.conf

    As per the above output; resolv.conf hasn't been modifed since Jun 12 2005 and I have not made these modifications. Strangely none of my sites have reported a problem till date.

    /tmp is secure - no suspicious files, mod-security in place... bind version 9.2.4

    What could be the reason for this modification in resolv.conf? Is this a known exploit ??

    Thanks!
     
  8. HostMerit

    HostMerit Well-Known Member

    Joined:
    Oct 24, 2004
    Messages:
    160
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New Jersey, USA
    cPanel Access Level:
    DataCenter Provider
    Might be cpanels default resolvers

    Try:

    nameserver 4.2.2.4
    nameserver 4.2.2.2
    nameserver 4.2.2.6
    nameserver 4.2.2.7

    Genuity's main DNS servers, my favorite, always resolve to a server near yours, and always seem to update the fastest.

    Just my thoughts...
     
  9. neonix

    neonix Well-Known Member

    Joined:
    Oct 21, 2004
    Messages:
    124
    Likes Received:
    2
    Trophy Points:
    0
    nameserver 151.164.1.8
    nameserver 151.164.11.201

    Those IPs belong to ns1.swbell.net and ns2.swbell.net.

    This is the reply from my DC:
    "Rkhunter was ran on the system which only noticed a few few update need to be preformed. You have likely been cross site scripted through an old or outdated version of PHP. Up date you scripts and you should also disable direct root login. Resume.doc and several others were found in the tmp directory. Refrain from using /tmp as a place to store files."


    ----

    My direct root login is disabled and /tmp folder is also secure.

    I need help to clear some queries about this situation:

    1. The permissions on resolv.conf still show root as the owner. How was resolv.conf modified by a script?

    2. How do I prevent /tmp as a place to store files.

    3. Most importantly; how is that all my sites were working without a problem inspite of incorrect nameservers in resolv.conf.

    4. What were the security implications due to the nameservers being modified in resolv.conf

    5. I have now changed resolv.conf to show my ips' as the nameservers. Do I have to do anything now?


    P.S. I have a RHEL/cPanel server.
     
    #9 neonix, Dec 15, 2005
    Last edited: Dec 15, 2005
  10. ThunderHostingDotCom

    ThunderHostingDotCom Well-Known Member

    Joined:
    Nov 18, 2002
    Messages:
    450
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    All over!
    Does our /etc/resolv.conf need the below entries? We only have the nameserver IPs in there now.

    domain mydomain.com
    search mydomain.com
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    They aren't a requirement (they're only for non-FQDN lookups) and you should never have both in a resolv.conf anyway as they're mutually exclusive.
     
  12. ThunderHostingDotCom

    ThunderHostingDotCom Well-Known Member

    Joined:
    Nov 18, 2002
    Messages:
    450
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    All over!
    Ok so I now only have the below in it. Plus all of the NS1 nameservers

    domain mydomain.com
     
  13. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    That's fine, but as I said - usually unnecessary.
     
  14. ThunderHostingDotCom

    ThunderHostingDotCom Well-Known Member

    Joined:
    Nov 18, 2002
    Messages:
    450
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    All over!
    Ok, what does yours look like?
     
  15. isputra

    isputra Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    576
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mbelitar
    Hi,

    Is there anyway that resolv.conf will change by itself ?

    Because today my resolv.conf change not pointed to my IP but to old IP.

    Recently my DC move my IP server from old to new IP. And i already change this resolv to new IP but today change back to old IP.

    just want to know about it... already search the forum but none discuss about this changing. :eek:
     
  16. acenetryan

    acenetryan Well-Known Member
    PartnerNOC

    Joined:
    Aug 21, 2005
    Messages:
    197
    Likes Received:
    1
    Trophy Points:
    18
    I can't say that I've seen a resolv.conf change by itself. If you're on a virtual envirnoment, there are configuration files for virtuozzo which will set the resolv.conf on boot. If you're on a VE and you recently had a reboot, this could have changed the resolv.conf. Other than that, I haven't seen any other settings that would change this.
     
Loading...

Share This Page