SOLVED Whois query took longer than 30 seconds

WaldoPepper

Member
May 3, 2012
14
1
53
cPanel Access Level
Root Administrator
I constantly receive the following warning that the whois lookup of my server's ip adress took too long.
Code:
usr/local/cpanel/logs/error_log:
[2017-08-24 03:42:04 +0200] warn [update_neighbor_netblocks] (XID ) The whois query for the address 'my_server_ip' took longer than 30 seconds. at /usr/local/cpanel/Cpanel/Debug.pm line 29.
   Cpanel::Debug::log_warn("(XID ) The whois query for the address 'my_server_ip' t"...) called at /usr/local/cpanel/Cpanel/Net/Whois/IP/Cached.pm line 101
   Cpanel::Net::Whois::IP::Cached::__ANON__(Cpanel::Exception::Timeout=HASH()) called at /usr/local/cpanel/3rdparty/perl/524/lib64/perl5/cpanel_lib/Try/Tiny.pm line 119
   Try::Tiny::try(CODE(), Try::Tiny::Catch=REF()) called at /usr/local/cpanel/Cpanel/Net/Whois/IP/Cached.pm line 102
   Cpanel::Net::Whois::IP::Cached::lookup_address(Cpanel::Net::Whois::IP::Cached=HASH(), "my_server_ip") called at /usr/local/cpanel/Cpanel/IP/Neighbors.pm line 51
   Cpanel::IP::Neighbors::get_netblocks() called at /usr/local/cpanel/Cpanel/IP/Neighbors.pm line 65
   Cpanel::IP::Neighbors::update_neighbor_netblocks() called at /usr/local/cpanel/Cpanel/IP/Neighbors.pm line 75
   Cpanel::IP::Neighbors::__ANON__() called at /usr/local/cpanel/3rdparty/perl/524/lib64/perl5/cpanel_lib/Try/Tiny.pm line 98
   eval {...} called at /usr/local/cpanel/3rdparty/perl/524/lib64/perl5/cpanel_lib/Try/Tiny.pm line 89
   Try::Tiny::try(CODE(), Try::Tiny::Catch=REF()) called at /usr/local/cpanel/Cpanel/IP/Neighbors.pm line 84
   Cpanel::IP::Neighbors::update_neighbor_netblocks_or_log() called at /usr/local/cpanel/scripts/update_neighbor_netblocks line 12
The same warning is logged several times ...
Code:
[2017-08-24 03:44:43 +0200] warn [update_spamassassin_config] (XID ) The whois query for the address 'my_server_ip' took longer than 30 seconds. at /usr/local/cpanel/Cpanel/Debug.pm line 29.
[..]

[2017-08-24 03:45:13 +0200] warn [update_spamassassin_config] (XID ) The whois query for the address 'my_server_ip' took longer than 30 seconds. at /usr/local/cpanel/Cpanel/Debug.pm line 29.
[..]

[2017-08-24 03:50:06 +0200] warn [cPanel] (XID ) The whois query for the address 'my_server_ip' took longer than 30 seconds. at /usr/local/cpanel/Cpanel/Debug.pm line 29.
[..]
Do you have any ideas what might be wrong?
Thanks in advance.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,245
463
Hello,

Do you have any firewall or network rules that could be preventing the whois query (over port 43) from completing?

Thank you.
 

WaldoPepper

Member
May 3, 2012
14
1
53
cPanel Access Level
Root Administrator
Hello,

Do you have any firewall or network rules that could be preventing the whois query (over port 43) from completing?

Thank you.
I run CSF 10.22 on Centos 7.3 on latest CPanel release. I configured CSF with profile protection_high + IPSet (CC_Deny).

Fortunately I found out that it may have something to do with CSF. After disabling CSF temporarily (csf -x)
Code:
whois my-server.ip
just works as expected. After restarting CSF whois my-server-ip timed out again. (whois on domain name performs well)

By switching to CSF's default_profile whois performs as expected, while the profile_medium leads to time out again.

After that I played around with whois options, especially querying a specified whois server. Guess what
Code:
whois my-server.ip -h whois.iana.org
performed as expected again and delivers the respective text.

While running
Code:
whois my-server.ip --verbose
shows that whois.ripe.net is being queried.

Is it possible that RIPE handles the whois protocol in a different way than IANA. What could be the role of CSF in that case? Maybe a problem with connection tracking?

Thanks in advance.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,245
463
You may want to review the firewall settings for port 43, as that's the port used for whois lookups. Or, consider posting to the CSF support forums for help configuring the firewall:

ConfigServer Community Forum - Index page

Thank you.
 

WaldoPepper

Member
May 3, 2012
14
1
53
cPanel Access Level
Root Administrator
Problem solved: As the TLD NL was listed under CC_Deny the whois queries to whois.ripe.net, whose ip address belongs to NL, were dropped. Removed the entry and everything works as expected again.
 
  • Like
Reactions: cPanelMichael