Symptoms
PowerDNS fails to start with the following error when using the /scripts/restartsrv_pdns
script:
Startup Log
Feb 04 09:04:15 host.name.tld systemd[1]: pdns.service: main process exited, code=exited, status=218/CAPABILITIES
Feb 04 09:04:15 host.name.tld systemd[1]: Failed to start PowerDNS Authoritative Server.
Feb 04 09:04:15 host.name.tld systemd[1]: Unit pdns.service entered failed state.
Feb 04 09:04:15 host.name.tld systemd[1]: pdns.service failed.
Description
In cPanel & WHM version 94, we ship a new RPM for PowerDNS that includes a few additions to the systemd unit file. It appears that these changes are incompatible with older kernels and therefore prevent PowerDNS from starting.
We have opened an internal case for our development team to investigate this further; for reference, the case number is CPANEL-35848. Follow this article to receive an email notification when a solution is published in the product.
Workaround
The issue has thus far only been observed with servers using extremely old kernels (+3 years old), thus the recommended workaround is to update your system's kernel to the latest available version:
yum update kernel
As an alternative and/or temporary measure to bring DNS online, you may consider trying to change from PowerDNS to BIND:
/scripts/setupnameserver bind
WARNING: If you switch your nameserver away from PowerDNS, your DNS server will no longer serve DNSSEC records.
You must ensure that the domains do not have DS records configured at their domain registrar.
Failure to do so will cause DNS resolution issues.
Are you sure you want to switch to "bind" [y/n]? y
Should you require PowerDNS for your operational environment, there is another temporary solution for use until the kernel can be updated (e.g., on VPSes that require hardware-node-level administrative action). It is imperative to understand that this decreases the inherent security of the PowerDNS installation, and we therefore strongly recommend updating the kernel as the best practice for resolution.
First, make an override.conf
file for PowerDNS as shown below:
- 1.
mkdir /etc/systemd/system/pdns.service.d/
2.vi /etc/systemd/system/pdns.service.d/override.conf
3.cat /etc/systemd/system/pdns.service.d/override.conf
-
[Service]
User=root
Group=root
AmbientCapabilities=
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
Then reload the systemctl
daemon, and restart the PowerDNS service:
- 1.
systemctl daemon-reload
2.systemctl restart pdns.service
3.systemctl status pdns.service
-
● pdns.service - PowerDNS Authoritative Server
Loaded: loaded (/usr/lib/systemd/system/pdns.service; enabled; vendor preset: disabled
Drop-In: /etc/systemd/system/pdns.service.d
└─override.conf
Active: active (running) since Wed 2021-03-03 11:54:24 EST; 6s ago
Docs: man:pdns_server(1)
man:pdns_control(1)
https://doc.powerdns.com
Main PID: 19871 (pdns_server)
CGroup: /system.slice/pdns.service
└─19871 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
Should you run into any issues with this process, please open a ticket for further assistance.
Comments
1 comment
Update: We would like to thank you for your interest in this article/case and encourage your submissions as they are valuable to the ever-expanding development of cPanel & WHM. At this time, this particular issue has not been selected for action from our Development Team, as it may require more development resources than we can allot, or alters the direction cPanel envisions for the product. Submissions persist in our Issue Tracking System in the event the impact of the related issue grows or product direction changes. If you feel that this defect requires direct action, we strongly encourage you to submit a Feature Request to allow the cPanel Community to vote and support your cause.
Thank you again for helping us make cPanel & WHM the hosting platform of choice.
Article is closed for comments.