PowerDNS fails to start with the following error when using the provided script (
Feb 04 09:04:15 host.name.tld systemd: pdns.service: main process exited, code=exited, status=218/CAPABILITIES
Feb 04 09:04:15 host.name.tld systemd: Failed to start PowerDNS Authoritative Server.
Feb 04 09:04:15 host.name.tld systemd: Unit pdns.service entered failed state.
Feb 04 09:04:15 host.name.tld systemd: pdns.service failed.
With cPanel & WHM version 94, we ship a new RPM for PowerDNS which includes a few additions to the Systemd unit-file. It appears that these changes are incompatible with older kernels which prevent PowerDNS from starting.
We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-35848. Follow this article to receive an email notification when a solution is published in the product.
The issue has thus far only been observed with servers using extremely old kernels (+3 years old), thus the recommended workaround is to update your system's kernel to the latest available version.
yum update kernel
As an alternative and/or temporary measure to bring DNS online, you may consider trying to change from pdns to named.
# /scripts/setupnameserver bind
WARNING: If you switch your nameserver away from PowerDNS, your DNS server will no longer serve DNSSEC records.
You must ensure that the domains do not have DS records configured at their domain registrar.
Failure to do so will cause DNS resolution issues.
Are you sure you want to switch to "bind" [y/n]?
Should you require PDNS for your operational environment, then there is another temporary solution for use until the kernel can be updated(i.e. for VPS which requires hardware node level administrative action). It is imperative to understand this does decrease the inherent security of the PowerDNS installation, and we must strongly recommend the updating of the kernel as the best practice for resolution.
First, make an override.conf file for pdns, with the contents shown below:
# mkdir /etc/systemd/system/pdns.service.d/
# vi /etc/systemd/system/pdns.service.d/override.conf
# cat /etc/systemd/system/pdns.service.d/override.conf
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
Then reload the systemctl daemon, and restart pdns.service:
# systemctl daemon-reload
# systemctl restart pdns.service
# systemctl status pdns.service
● pdns.service - PowerDNS Authoritative Server
Loaded: loaded (/usr/lib/systemd/system/pdns.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2021-03-03 11:54:24 EST; 6s ago
Main PID: 19871 (pdns_server)
└─19871 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
Should you run into any issues with this, please reach out to us here in support for further assistance.