Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Whois query took longer than 30 seconds

Discussion in 'Bind / DNS / Nameserver Issues' started by WaldoPepper, Aug 25, 2017.

  1. WaldoPepper

    WaldoPepper Member

    Joined:
    May 3, 2012
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    53
    cPanel Access Level:
    Root Administrator
    I constantly receive the following warning that the whois lookup of my server's ip adress took too long.
    Code:
    usr/local/cpanel/logs/error_log:
    [2017-08-24 03:42:04 +0200] warn [update_neighbor_netblocks] (XID ) The whois query for the address 'my_server_ip' took longer than 30 seconds. at /usr/local/cpanel/Cpanel/Debug.pm line 29.
       Cpanel::Debug::log_warn("(XID ) The whois query for the address 'my_server_ip' t"...) called at /usr/local/cpanel/Cpanel/Net/Whois/IP/Cached.pm line 101
       Cpanel::Net::Whois::IP::Cached::__ANON__(Cpanel::Exception::Timeout=HASH()) called at /usr/local/cpanel/3rdparty/perl/524/lib64/perl5/cpanel_lib/Try/Tiny.pm line 119
       Try::Tiny::try(CODE(), Try::Tiny::Catch=REF()) called at /usr/local/cpanel/Cpanel/Net/Whois/IP/Cached.pm line 102
       Cpanel::Net::Whois::IP::Cached::lookup_address(Cpanel::Net::Whois::IP::Cached=HASH(), "my_server_ip") called at /usr/local/cpanel/Cpanel/IP/Neighbors.pm line 51
       Cpanel::IP::Neighbors::get_netblocks() called at /usr/local/cpanel/Cpanel/IP/Neighbors.pm line 65
       Cpanel::IP::Neighbors::update_neighbor_netblocks() called at /usr/local/cpanel/Cpanel/IP/Neighbors.pm line 75
       Cpanel::IP::Neighbors::__ANON__() called at /usr/local/cpanel/3rdparty/perl/524/lib64/perl5/cpanel_lib/Try/Tiny.pm line 98
       eval {...} called at /usr/local/cpanel/3rdparty/perl/524/lib64/perl5/cpanel_lib/Try/Tiny.pm line 89
       Try::Tiny::try(CODE(), Try::Tiny::Catch=REF()) called at /usr/local/cpanel/Cpanel/IP/Neighbors.pm line 84
       Cpanel::IP::Neighbors::update_neighbor_netblocks_or_log() called at /usr/local/cpanel/scripts/update_neighbor_netblocks line 12
    
    The same warning is logged several times ...
    Code:
    [2017-08-24 03:44:43 +0200] warn [update_spamassassin_config] (XID ) The whois query for the address 'my_server_ip' took longer than 30 seconds. at /usr/local/cpanel/Cpanel/Debug.pm line 29.
    [..]
    
    [2017-08-24 03:45:13 +0200] warn [update_spamassassin_config] (XID ) The whois query for the address 'my_server_ip' took longer than 30 seconds. at /usr/local/cpanel/Cpanel/Debug.pm line 29.
    [..]
    
    [2017-08-24 03:50:06 +0200] warn [cPanel] (XID ) The whois query for the address 'my_server_ip' took longer than 30 seconds. at /usr/local/cpanel/Cpanel/Debug.pm line 29.
    [..]
    Do you have any ideas what might be wrong?
    Thanks in advance.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,220
    Likes Received:
    1,376
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Do you have any firewall or network rules that could be preventing the whois query (over port 43) from completing?

    Thank you.
     
  3. WaldoPepper

    WaldoPepper Member

    Joined:
    May 3, 2012
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    53
    cPanel Access Level:
    Root Administrator
    I run CSF 10.22 on Centos 7.3 on latest CPanel release. I configured CSF with profile protection_high + IPSet (CC_Deny).

    Fortunately I found out that it may have something to do with CSF. After disabling CSF temporarily (csf -x)
    Code:
    whois my-server.ip
    just works as expected. After restarting CSF whois my-server-ip timed out again. (whois on domain name performs well)

    By switching to CSF's default_profile whois performs as expected, while the profile_medium leads to time out again.

    After that I played around with whois options, especially querying a specified whois server. Guess what
    Code:
    whois my-server.ip -h whois.iana.org
    performed as expected again and delivers the respective text.

    While running
    Code:
    whois my-server.ip --verbose
    shows that whois.ripe.net is being queried.

    Is it possible that RIPE handles the whois protocol in a different way than IANA. What could be the role of CSF in that case? Maybe a problem with connection tracking?

    Thanks in advance.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,220
    Likes Received:
    1,376
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    You may want to review the firewall settings for port 43, as that's the port used for whois lookups. Or, consider posting to the CSF support forums for help configuring the firewall:

    ConfigServer Community Forum - Index page

    Thank you.
     
  5. WaldoPepper

    WaldoPepper Member

    Joined:
    May 3, 2012
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    53
    cPanel Access Level:
    Root Administrator
    Problem solved: As the TLD NL was listed under CC_Deny the whois queries to whois.ripe.net, whose ip address belongs to NL, were dropped. Removed the entry and everything works as expected again.
     
    cPanelMichael likes this.
Loading...

Share This Page