API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 14th, 2018
1,174
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.52 KB | None | 0 0
raw download clone embed print report
  1. - The client is reporting email issues on his server.
  2. - They stated that they tried to change regarding DNS security. This may or may not be related.
  3. - The error they are reporting is this:
  4. ```
  5. Sep 13 14:20:03 Error parsing bind configuration: Error in bind configuration '/etc/named.conf' on line 50: syntax error.
  6.  
  7. Sep 13 14:20:03 Caught an exception instantiating a backend: Error in bind configuration '/etc/named.conf' on line 50: syntax error.
  8.  
  9. Sep 13 14:20:03 Cleaning up. Error: Error in bind configuration '/etc/named.conf' on line 50: syntax error.
  10. ```
  11. <hr/>
  12. - I am going to start by getting some basic server info.
  13. ```
  14. =========== Server Info ===========
  15. server.sand168.dizbox.us
  16. 184.171.253.168
  17. 16 CPUs
  18. 4 GB
  19. 0 Reseller Accounts
  20. 3 cPanel Accounts
  21. 4 Unique domains
  22. =========== Versions ===========
  23. cPanel 11.74.0.4
  24. CentOS Linux release 7.5.1804 (Core)
  25. mysql 5.7.23
  26. PHP 5.6.37 (cli) (built: Jul 24 2018 20:45:30)
  27. Python 2.7.5
  28. Perl 5.16.3
  29. Apache 2.4.34
  30. EasyApache 3
  31. Server running EA4 with Multi-PHP. Installed versions:
  32. ea-php56
  33. ea-php70
  34. ea-php71
  35. Dovecot 2.2.36
  36. ```
  37. - I am going to run a inital server check to look into the status of services on the server.
  38. ```
  39. ================================== Server Info ==================================
  40. Hostname | IP | Distro | Time
  41. --------------------------|-----------------|----------------|-------------------
  42. server.sand168.dizbox.us | 184.171.253.168 | CentOS Linux 7 | 15:21 EDT (-0400)
  43.  
  44. ================================= System Info ==================================
  45. CPUs | RAM | Load | Users | Uptime
  46. ---------------|---------------|----------------|---------------|---------------
  47. 16 | 4G | 0.02 0.23 0.20 | 1 | 7 min
  48.  
  49. Fatal error: Unable to connect to remote '/var/run/pdns.controlsocket': Connection refused
  50. ================================ Services Check ================================
  51. Service | Version | Daemon | Running
  52. --------------------|-------------------|-------------------|-------------------
  53. cPanel | 11.74.0.4 | cpsrvd | UP
  54. PowerDNS | | pdns_server | DOWN
  55. Apache | 2.4.34 | httpd | UP
  56. MySQL | 5.7.23 | mysqld | UP
  57. Exim | 4.91 | exim | UP
  58. Dovecot | 2.2.36 | dovecot | UP
  59. Pure-FTPd | 1.0.47 | pure-ftpd | UP
  60.  
  61. ================================= cPanel Info ==================================
  62. Version | Accounts | Domains | Resellers | Python | Perl
  63. -------------|-------------|-------------|------------|------------|------------
  64. 11.74.0.4 | 3 | 4 | 0 | 2.7.5 | 5.16.3
  65.  
  66. ================================= EasyApache 4 =================================
  67. Option | 5.6 | 7.0 | 7.1 | Native (5.6)
  68. ---------------------|--------------|--------------|-------------|--------------
  69. Handler | cgi | cgi | cgi | cgi
  70. memory_limit | 64M | 64M | 64M | 128M
  71. max_input_time | 60 | 60 | 60 | 60
  72. post_max_size | 8M | 8M | 8M | 8M
  73. upload_max_filesize | 2M | 2M | 2M | 2M
  74. allow_url_fopen | Off | Off | Off | On
  75.  
  76. /proc/self/fd/0: line 79: csf: command not found
  77. awk: fatal: cannot open file `/etc/csf/csf.conf' for reading (No such file or directory)
  78. awk: fatal: cannot open file `/etc/csf/csf.conf' for reading (No such file or directory)
  79. ================================ Firewall Check ================================
  80. Incoming Ports:
  81. Outgoing Ports:
  82. ```
  83. - Two things jump out at me from the get go.
  84. - The server is not running csf.
  85. - The server is using power DNS as its named server.
  86. - I ran systemctl to see running damons on the server and found a few things that where down.
  87. ```
  88. ● cpanel_php_fpm.service loaded failed failed FPM service for cPanel Daemons
  89. ● cpgreylistd.service loaded failed failed cPanel Greylisting Daemon
  90. ● cphulkd.service loaded failed failed cPanel brute force detector services
  91. ● mailman.service loaded failed failed mailman services
  92. ● pdns.service loaded failed failed PowerDNS Authoritative Server
  93. ```
  94. - I also found that the user is using CentOS default firewall
  95. ```
  96. firewalld.service loaded active running firewalld - dynamic firewall daemon
  97. ```
  98. - So somthing is happening to the DNS server. I tired to dig the domain name and got a response but when I dig at the server I get nothing.
  99. ```
  100. # dig account.sand168.dizinc.com
  101. account.sand168.dizinc.com. 14400 IN A 184.171.253.168
  102.  
  103. # dig account.sand168.dizinc.com @184.171.253.168
  104. ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> account.sand168.dizinc.com @184.171.253.168
  105. ;; global options: +cmd
  106. ;; connection timed out; no servers could be reached
  107. ```
  108. - I am going to start with the named server and then look into the mailman service.
  109. - When I try to restart PowerDNS I get an error. The error tells me to look in the journalctl maybe I'll get lucky this time.
  110. ```
  111. # /scripts/restartsrv_pdns --restart
  112. Waiting for “pdns” to start ………Waiting for named,mydns,nsd,pdns_server to shutdown ... not running.
  113. info [restartsrv_pdns] systemd failed to start the service “pdns” (The “/usr/bin/systemctl restart pdns.service --no-ask-password” command (process 9790) reported error number 1 when it ended.): Job for pdns.service failed because start of the service was attempted too often. See "systemctl status pdns.service" and "journalctl -xe" for details.
  114. To force a start use "systemctl reset-failed pdns.service" followed by "systemctl start pdns.service" again.
  115.  
  116. …failed.
  117.  
  118. Cpanel::Exception::Services::StartError
  119. Service Status
  120.  
  121. Service Error
  122. (XID qshgve) The “pdns” service failed to start.
  123.  
  124. Startup Log
  125. Sep 14 15:35:01 server.sand168.dizbox.us systemd[1]: Starting PowerDNS Authoritative Server...
  126. Sep 14 15:35:01 server.sand168.dizbox.us systemd[1]: start request repeated too quickly for pdns.service
  127. Sep 14 15:35:01 server.sand168.dizbox.us systemd[1]: Failed to start PowerDNS Authoritative Server.
  128. Sep 14 15:35:01 server.sand168.dizbox.us systemd[1]: Unit pdns.service entered failed state.
  129. Sep 14 15:35:01 server.sand168.dizbox.us systemd[1]: pdns.service failed.
  130.  
  131. pdns has failed. Contact your system administrator if the service does not automagically recover.
  132. ```
  133. - This is what I found in the journalctl logs
  134. ```
  135. Sep 14 15:38:32 server.sand168.dizbox.us pdns[10113]: Creating backend connection for TCP
  136. Sep 14 15:38:32 server.sand168.dizbox.us pdns[10113]: Error parsing bind configuration: Error in bind configuration '/etc/named.conf' on line 50: syntax error
  137. Sep 14 15:38:32 server.sand168.dizbox.us pdns[10113]: Caught an exception instantiating a backend: Error in bind configuration '/etc/named.conf' on line 50: syntax error
  138. Sep 14 15:38:32 server.sand168.dizbox.us pdns[10113]: Cleaning up
  139. ```
  140. - Lets see what is going on at line 50 of the `/etc/named.conf` but first a backup.
  141. ```
  142. # cp /etc/named.conf /etc/named.conf.bak
  143. ```
  144. - It looks like the `66` string on line `43` in the config file was causing the `/etc/named.conf` file to error out
  145. - I restarted PDNS and it is running now.
  146. ```
  147. # /scripts/restartsrv_pdns --restart
  148. Waiting for “pdns” to start ……waiting for “pdns” to initialize ………finished.
  149.  
  150. Service Status
  151. pdns (/usr/sbin/pdns_server --daemon) is running as named with PID 12148 (systemd+/proc check method).
  152.  
  153. Startup Log
  154. Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: PowerDNS Authoritative Server 3.4.11 (jenkins@autotest.powerdns.com) (C) 2001-2016 PowerDNS.COM BV
  155. Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: Using 64-bits mode. Built on 20171130121240 by root@rpmbuild-64-centos-7.dev.cpanel.net, gcc 4.8.2 20140120 (Red Hat 4.8.2-16).
  156. Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
  157. Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: Creating backend connection for TCP
  158. Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: [bindbackend] Parsing 15 domain(s), will report when done
  159. Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: [bindbackend] Warning! Skipping 'hint' zone ''
  160. Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: [bindbackend] Warning! Skipping 'hint' zone ''
  161. Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: [bindbackend] Warning! Skipping 'hint' zone ''
  162. Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: [bindbackend] Done parsing domains, 0 rejected, 9 new, 0 removed
  163. Sep 14 15:44:27 server.sand168.dizbox.us pdns[12148]: Only asked for 1 backend thread - operating unthreaded
  164.  
  165. Log Messages
  166. Sep 14 15:44:27 server pdns[12148]: Only asked for 1 backend thread - operating unthreaded
  167. Sep 14 15:44:27 server pdns[12148]: [bindbackend] Done parsing domains, 0 rejected, 9 new, 0 removed
  168. Sep 14 15:44:27 server pdns[12148]: [bindbackend] Warning! Skipping 'hint' zone ''
  169. Sep 14 15:44:27 server pdns[12148]: [bindbackend] Warning! Skipping 'hint' zone ''
  170. Sep 14 15:44:27 server pdns[12148]: [bindbackend] Warning! Skipping 'hint' zone ''
  171.  
  172. pdns started successfully.
  173. ```
  174. - digging at the server also works.
  175. ```
  176. # dig account.sand168.dizinc.com @184.171.253.168
  177. ;; global options: +cmd
  178. ;; Got answer:
  179. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49328
  180. ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
  181. ;; WARNING: recursion requested but not available
  182.  
  183. ;; OPT PSEUDOSECTION:
  184. ; EDNS: version: 0, flags:; udp: 1680
  185. ;; QUESTION SECTION:
  186. ;account.sand168.dizinc.com. IN A
  187.  
  188. ;; ANSWER SECTION:
  189. account.sand168.dizinc.com. 14400 IN A 184.171.253.168
  190.  
  191. ;; Query time: 0 msec
  192. ;; SERVER: 184.171.253.168#53(184.171.253.168)
  193. ;; WHEN: Fri Sep 14 15:44:50 EDT 2018
  194. ;; MSG SIZE rcvd: 71
  195. ```
  196. - When I try to send an email out from `john@account.sand168.dizinc.com` I fail some security checks at google.
  197. ```
  198. +++ 1g0u5a-0003O2-Bi has not completed +++
  199. 2018-09-14 15:49:14 1g0u5a-0003O2-Bi <= john@account.sand168.dizinc.com H=(server.sand168.dizbox.us) [::1]:51406 P=esmtpa A=dovecot_login:john@account.sand168.dizinc.com S=632 id=0a838fe8d274cad9d126bd33ee1a317a@account.sand168.dizinc.com T="Test" for emailtesthd@gmail.com
  200. 2018-09-14 15:49:14 1g0u5a-0003O2-Bi Sender identification U=accountsand168 D=account.sand168.dizinc.com S=john@account.sand168.dizinc.com
  201. 2018-09-14 15:49:14 1g0u5a-0003O2-Bi SMTP connection outbound 1536954554 1g0u5a-0003O2-Bi account.sand168.dizinc.com emailtesthd@gmail.com
  202. 2018-09-14 15:49:15 1g0u5a-0003O2-Bi H=gmail-smtp-in.l.google.com [64.233.170.26]: SMTP error from remote mail server after end of data: 421-4.7.0 This message does not have authentication information or fails to pass\n421-4.7.0 authentication checks. To best protect our users from spam, the\n421-4.7.0 message has been blocked. Please visit\n421-4.7.0 https://support.google.com/mail/answer/81126#authentication for more\n421 4.7.0 information. d140-v6si5651334vka.27 - gsmtp
  203. 2018-09-14 15:49:20 1g0u5a-0003O2-Bi H=alt1.gmail-smtp-in.l.google.com [74.125.193.27]: SMTP error from remote mail server after end of data: 421-4.7.0 This message does not have authentication information or fails to pass\n421-4.7.0 authentication checks. To best protect our users from spam, the\n421-4.7.0 message has been blocked. Please visit\n421-4.7.0 https://support.google.com/mail/answer/81126#authentication for more\n421 4.7.0 information. p43-v6si4324073eda.158 - gsmtp
  204. 2018-09-14 15:49:26 1g0u5a-0003O2-Bi H=alt2.gmail-smtp-in.l.google.com [108.177.15.26]: SMTP error from remote mail server after end of data: 421-4.7.0 This message does not have authentication information or fails to pass\n421-4.7.0 authentication checks. To best protect our users from spam, the\n421-4.7.0 message has been blocked. Please visit\n421-4.7.0 https://support.google.com/mail/answer/81126#authentication for more\n421 4.7.0 information. d12-v6si3269745wrn.105 - gsmtp
  205. 2018-09-14 15:49:27 1g0u5a-0003O2-Bi H=alt3.gmail-smtp-in.l.google.com [74.125.128.26]: SMTP error from remote mail server after end of data: 421-4.7.0 This message does not have authentication information or fails to pass\n421-4.7.0 authentication checks. To best protect our users from spam, the\n421-4.7.0 message has been blocked. Please visit\n421-4.7.0 https://support.google.com/mail/answer/81126#authentication for more\n421 4.7.0 information. g3-v6si4745642ede.139 - gsmtp
  206. 2018-09-14 15:49:29 1g0u5a-0003O2-Bi H=alt4.gmail-smtp-in.l.google.com [64.233.162.26]: SMTP error from remote mail server after end of data: 421-4.7.0 This message does not have authentication information or fails to pass\n421-4.7.0 authentication checks. To best protect our users from spam, the\n421-4.7.0 message has been blocked. Please visit\n421-4.7.0 https://support.google.com/mail/answer/81126#authentication for more\n421 4.7.0 information. v192-v6si9051726lfa.47 - gsmtp
  207. 2018-09-14 15:49:29 1g0u5a-0003O2-Bi == emailtesthd@gmail.com R=dkim_lookuphost T=dkim_remote_smtp defer (-46) H=alt4.gmail-smtp-in.l.google.com [64.233.162.26]: SMTP error from remote mail server after end of data: 421-4.7.0 This message does not have authentication information or fails to pass\n421-4.7.0 authentication checks. To best protect our users from spam, the\n421-4.7.0 message has been blocked. Please visit\n421-4.7.0 https://support.google.com/mail/answer/81126#authentication for more\n421 4.7.0 information. v192-v6si9051726lfa.47 - gsmtp
  208. ```
  209. - Looks like what the client did with "DNS security" is getting them blocked at google.
  210. - From what I was told it looks like this feature is related to DNSSEC a feature found in the DNS ZONE menue in an accouns cPAnel
  211. - I am going to back the account up and turn this on.
  212. ```
  213. /usr/local/cpanel/bin/cpuwatch $(grep -c \^processor /proc/cpuinfo) /scripts/pkgacct accountsand168 /home/.hd/ticket/0000/backup
  214. ```
  215. - Looks like the feature is enabled now without any errors.
  216. - If the client has any related questions we can address them in this ticket.
  217.  
  218.  
  219.  
  220. Hello,
  221.  
  222. Thanks for contacting us today, Durring our investigation we found that the DNS server was down due to a misconfiguration in the DNS servers main coniguration file. We have corrected the missconfiguration and it looks like the DNS server is now resolving names. We also belive that your isssue with DNS security was realted to the DNS server being down and can confirm that the server has DNS security capabilities now.
  223. If you have any questions or concerns please let us know and we will do our best to assist you.
  224.  
  225. Best Regards,
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!