Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- - The client is reporting email issues on his server.
- - They stated that they tried to change regarding DNS security. This may or may not be related.
- - The error they are reporting is this:
- ```
- Sep 13 14:20:03 Error parsing bind configuration: Error in bind configuration '/etc/named.conf' on line 50: syntax error.
- Sep 13 14:20:03 Caught an exception instantiating a backend: Error in bind configuration '/etc/named.conf' on line 50: syntax error.
- Sep 13 14:20:03 Cleaning up. Error: Error in bind configuration '/etc/named.conf' on line 50: syntax error.
- ```
- <hr/>
- - I am going to start by getting some basic server info.
- ```
- =========== Server Info ===========
- server.sand168.dizbox.us
- 184.171.253.168
- 16 CPUs
- 4 GB
- 0 Reseller Accounts
- 3 cPanel Accounts
- 4 Unique domains
- =========== Versions ===========
- cPanel 11.74.0.4
- CentOS Linux release 7.5.1804 (Core)
- mysql 5.7.23
- PHP 5.6.37 (cli) (built: Jul 24 2018 20:45:30)
- Python 2.7.5
- Perl 5.16.3
- Apache 2.4.34
- EasyApache 3
- Server running EA4 with Multi-PHP. Installed versions:
- ea-php56
- ea-php70
- ea-php71
- Dovecot 2.2.36
- ```
- - I am going to run a inital server check to look into the status of services on the server.
- ```
- ================================== Server Info ==================================
- Hostname | IP | Distro | Time
- --------------------------|-----------------|----------------|-------------------
- server.sand168.dizbox.us | 184.171.253.168 | CentOS Linux 7 | 15:21 EDT (-0400)
- ================================= System Info ==================================
- CPUs | RAM | Load | Users | Uptime
- ---------------|---------------|----------------|---------------|---------------
- 16 | 4G | 0.02 0.23 0.20 | 1 | 7 min
- Fatal error: Unable to connect to remote '/var/run/pdns.controlsocket': Connection refused
- ================================ Services Check ================================
- Service | Version | Daemon | Running
- --------------------|-------------------|-------------------|-------------------
- cPanel | 11.74.0.4 | cpsrvd | UP
- PowerDNS | | pdns_server | DOWN
- Apache | 2.4.34 | httpd | UP
- MySQL | 5.7.23 | mysqld | UP
- Exim | 4.91 | exim | UP
- Dovecot | 2.2.36 | dovecot | UP
- Pure-FTPd | 1.0.47 | pure-ftpd | UP
- ================================= cPanel Info ==================================
- Version | Accounts | Domains | Resellers | Python | Perl
- -------------|-------------|-------------|------------|------------|------------
- 11.74.0.4 | 3 | 4 | 0 | 2.7.5 | 5.16.3
- ================================= EasyApache 4 =================================
- Option | 5.6 | 7.0 | 7.1 | Native (5.6)
- ---------------------|--------------|--------------|-------------|--------------
- Handler | cgi | cgi | cgi | cgi
- memory_limit | 64M | 64M | 64M | 128M
- max_input_time | 60 | 60 | 60 | 60
- post_max_size | 8M | 8M | 8M | 8M
- upload_max_filesize | 2M | 2M | 2M | 2M
- allow_url_fopen | Off | Off | Off | On
- /proc/self/fd/0: line 79: csf: command not found
- awk: fatal: cannot open file `/etc/csf/csf.conf' for reading (No such file or directory)
- awk: fatal: cannot open file `/etc/csf/csf.conf' for reading (No such file or directory)
- ================================ Firewall Check ================================
- Incoming Ports:
- Outgoing Ports:
- ```
- - Two things jump out at me from the get go.
- - The server is not running csf.
- - The server is using power DNS as its named server.
- - I ran systemctl to see running damons on the server and found a few things that where down.
- ```
- ● cpanel_php_fpm.service loaded failed failed FPM service for cPanel Daemons
- ● cpgreylistd.service loaded failed failed cPanel Greylisting Daemon
- ● cphulkd.service loaded failed failed cPanel brute force detector services
- ● mailman.service loaded failed failed mailman services
- ● pdns.service loaded failed failed PowerDNS Authoritative Server
- ```
- - I also found that the user is using CentOS default firewall
- ```
- firewalld.service loaded active running firewalld - dynamic firewall daemon
- ```
- - So somthing is happening to the DNS server. I tired to dig the domain name and got a response but when I dig at the server I get nothing.
- ```
- # dig account.sand168.dizinc.com
- account.sand168.dizinc.com. 14400 IN A 184.171.253.168
- # dig account.sand168.dizinc.com @184.171.253.168
- ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> account.sand168.dizinc.com @184.171.253.168
- ;; global options: +cmd
- ;; connection timed out; no servers could be reached
- ```
- - I am going to start with the named server and then look into the mailman service.
- - When I try to restart PowerDNS I get an error. The error tells me to look in the journalctl maybe I'll get lucky this time.
- ```
- # /scripts/restartsrv_pdns --restart
- Waiting for “pdns” to start ………Waiting for named,mydns,nsd,pdns_server to shutdown ... not running.
- info [restartsrv_pdns] systemd failed to start the service “pdns” (The “/usr/bin/systemctl restart pdns.service --no-ask-password” command (process 9790) reported error number 1 when it ended.): Job for pdns.service failed because start of the service was attempted too often. See "systemctl status pdns.service" and "journalctl -xe" for details.
- To force a start use "systemctl reset-failed pdns.service" followed by "systemctl start pdns.service" again.
- …failed.
- Cpanel::Exception::Services::StartError
- Service Status
- Service Error
- (XID qshgve) The “pdns” service failed to start.
- Startup Log
- Sep 14 15:35:01 server.sand168.dizbox.us systemd[1]: Starting PowerDNS Authoritative Server...
- Sep 14 15:35:01 server.sand168.dizbox.us systemd[1]: start request repeated too quickly for pdns.service
- Sep 14 15:35:01 server.sand168.dizbox.us systemd[1]: Failed to start PowerDNS Authoritative Server.
- Sep 14 15:35:01 server.sand168.dizbox.us systemd[1]: Unit pdns.service entered failed state.
- Sep 14 15:35:01 server.sand168.dizbox.us systemd[1]: pdns.service failed.
- pdns has failed. Contact your system administrator if the service does not automagically recover.
- ```
- - This is what I found in the journalctl logs
- ```
- Sep 14 15:38:32 server.sand168.dizbox.us pdns[10113]: Creating backend connection for TCP
- Sep 14 15:38:32 server.sand168.dizbox.us pdns[10113]: Error parsing bind configuration: Error in bind configuration '/etc/named.conf' on line 50: syntax error
- Sep 14 15:38:32 server.sand168.dizbox.us pdns[10113]: Caught an exception instantiating a backend: Error in bind configuration '/etc/named.conf' on line 50: syntax error
- Sep 14 15:38:32 server.sand168.dizbox.us pdns[10113]: Cleaning up
- ```
- - Lets see what is going on at line 50 of the `/etc/named.conf` but first a backup.
- ```
- # cp /etc/named.conf /etc/named.conf.bak
- ```
- - It looks like the `66` string on line `43` in the config file was causing the `/etc/named.conf` file to error out
- - I restarted PDNS and it is running now.
- ```
- # /scripts/restartsrv_pdns --restart
- Waiting for “pdns” to start ……waiting for “pdns” to initialize ………finished.
- Service Status
- pdns (/usr/sbin/pdns_server --daemon) is running as named with PID 12148 (systemd+/proc check method).
- Startup Log
- Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: PowerDNS Authoritative Server 3.4.11 (jenkins@autotest.powerdns.com) (C) 2001-2016 PowerDNS.COM BV
- Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: Using 64-bits mode. Built on 20171130121240 by root@rpmbuild-64-centos-7.dev.cpanel.net, gcc 4.8.2 20140120 (Red Hat 4.8.2-16).
- Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
- Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: Creating backend connection for TCP
- Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: [bindbackend] Parsing 15 domain(s), will report when done
- Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: [bindbackend] Warning! Skipping 'hint' zone ''
- Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: [bindbackend] Warning! Skipping 'hint' zone ''
- Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: [bindbackend] Warning! Skipping 'hint' zone ''
- Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: [bindbackend] Done parsing domains, 0 rejected, 9 new, 0 removed
- Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: Only asked for 1 backend thread - operating unthreaded
- Log Messages
- Sep 14 15:44:27 server pdns[12148]: Only asked for 1 backend thread - operating unthreaded
- Sep 14 15:44:27 server pdns[12148]: [bindbackend] Done parsing domains, 0 rejected, 9 new, 0 removed
- Sep 14 15:44:27 server pdns[12148]: [bindbackend] Warning! Skipping 'hint' zone ''
- Sep 14 15:44:27 server pdns[12148]: [bindbackend] Warning! Skipping 'hint' zone ''
- Sep 14 15:44:27 server pdns[12148]: [bindbackend] Warning! Skipping 'hint' zone ''
- pdns started successfully.
- ```
- - digging at the server also works.
- ```
- # dig account.sand168.dizinc.com @184.171.253.168
- ;; global options: +cmd
- ;; Got answer:
- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49328
- ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
- ;; WARNING: recursion requested but not available
- ;; OPT PSEUDOSECTION:
- ; EDNS: version: 0, flags:; udp: 1680
- ;; QUESTION SECTION:
- ;account.sand168.dizinc.com. IN A
- ;; ANSWER SECTION:
- account.sand168.dizinc.com. 14400 IN A 184.171.253.168
- ;; Query time: 0 msec
- ;; SERVER: 184.171.253.168#53(184.171.253.168)
- ;; WHEN: Fri Sep 14 15:44:50 EDT 2018
- ;; MSG SIZE rcvd: 71
- ```
- - When I try to send an email out from `john@account.sand168.dizinc.com` I fail some security checks at google.
- ```
- +++ 1g0u5a-0003O2-Bi has not completed +++
- 2018-09-14 15:49:14 1g0u5a-0003O2-Bi <= john@account.sand168.dizinc.com H=(server.sand168.dizbox.us) [::1]:51406 P=esmtpa A=dovecot_login:john@account.sand168.dizinc.com S=632 id=0a838fe8d274cad9d126bd33ee1a317a@account.sand168.dizinc.com T="Test" for emailtesthd@gmail.com
- 2018-09-14 15:49:14 1g0u5a-0003O2-Bi Sender identification U=accountsand168 D=account.sand168.dizinc.com S=john@account.sand168.dizinc.com
- 2018-09-14 15:49:14 1g0u5a-0003O2-Bi SMTP connection outbound 1536954554 1g0u5a-0003O2-Bi account.sand168.dizinc.com emailtesthd@gmail.com
- 2018-09-14 15:49:15 1g0u5a-0003O2-Bi H=gmail-smtp-in.l.google.com [64.233.170.26]: SMTP error from remote mail server after end of data: 421-4.7.0 This message does not have authentication information or fails to pass\n421-4.7.0 authentication checks. To best protect our users from spam, the\n421-4.7.0 message has been blocked. Please visit\n421-4.7.0 https://support.google.com/mail/answer/81126#authentication for more\n421 4.7.0 information. d140-v6si5651334vka.27 - gsmtp
- 2018-09-14 15:49:20 1g0u5a-0003O2-Bi H=alt1.gmail-smtp-in.l.google.com [74.125.193.27]: SMTP error from remote mail server after end of data: 421-4.7.0 This message does not have authentication information or fails to pass\n421-4.7.0 authentication checks. To best protect our users from spam, the\n421-4.7.0 message has been blocked. Please visit\n421-4.7.0 https://support.google.com/mail/answer/81126#authentication for more\n421 4.7.0 information. p43-v6si4324073eda.158 - gsmtp
- 2018-09-14 15:49:26 1g0u5a-0003O2-Bi H=alt2.gmail-smtp-in.l.google.com [108.177.15.26]: SMTP error from remote mail server after end of data: 421-4.7.0 This message does not have authentication information or fails to pass\n421-4.7.0 authentication checks. To best protect our users from spam, the\n421-4.7.0 message has been blocked. Please visit\n421-4.7.0 https://support.google.com/mail/answer/81126#authentication for more\n421 4.7.0 information. d12-v6si3269745wrn.105 - gsmtp
- 2018-09-14 15:49:27 1g0u5a-0003O2-Bi H=alt3.gmail-smtp-in.l.google.com [74.125.128.26]: SMTP error from remote mail server after end of data: 421-4.7.0 This message does not have authentication information or fails to pass\n421-4.7.0 authentication checks. To best protect our users from spam, the\n421-4.7.0 message has been blocked. Please visit\n421-4.7.0 https://support.google.com/mail/answer/81126#authentication for more\n421 4.7.0 information. g3-v6si4745642ede.139 - gsmtp
- 2018-09-14 15:49:29 1g0u5a-0003O2-Bi H=alt4.gmail-smtp-in.l.google.com [64.233.162.26]: SMTP error from remote mail server after end of data: 421-4.7.0 This message does not have authentication information or fails to pass\n421-4.7.0 authentication checks. To best protect our users from spam, the\n421-4.7.0 message has been blocked. Please visit\n421-4.7.0 https://support.google.com/mail/answer/81126#authentication for more\n421 4.7.0 information. v192-v6si9051726lfa.47 - gsmtp
- 2018-09-14 15:49:29 1g0u5a-0003O2-Bi == emailtesthd@gmail.com R=dkim_lookuphost T=dkim_remote_smtp defer (-46) H=alt4.gmail-smtp-in.l.google.com [64.233.162.26]: SMTP error from remote mail server after end of data: 421-4.7.0 This message does not have authentication information or fails to pass\n421-4.7.0 authentication checks. To best protect our users from spam, the\n421-4.7.0 message has been blocked. Please visit\n421-4.7.0 https://support.google.com/mail/answer/81126#authentication for more\n421 4.7.0 information. v192-v6si9051726lfa.47 - gsmtp
- ```
- - Looks like what the client did with "DNS security" is getting them blocked at google.
- - From what I was told it looks like this feature is related to DNSSEC a feature found in the DNS ZONE menue in an accouns cPAnel
- - I am going to back the account up and turn this on.
- ```
- /usr/local/cpanel/bin/cpuwatch $(grep -c \^processor /proc/cpuinfo) /scripts/pkgacct accountsand168 /home/.hd/ticket/0000/backup
- ```
- - Looks like the feature is enabled now without any errors.
- - If the client has any related questions we can address them in this ticket.
- Hello,
- Thanks for contacting us today, Durring our investigation we found that the DNS server was down due to a misconfiguration in the DNS servers main coniguration file. We have corrected the missconfiguration and it looks like the DNS server is now resolving names. We also belive that your isssue with DNS security was realted to the DNS server being down and can confirm that the server has DNS security capabilities now.
- If you have any questions or concerns please let us know and we will do our best to assist you.
- Best Regards,
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement