Symptoms
PowerDNS fails to start with the following error when using the provided script (/scripts/restartsrv_pdns):
Startup Log
Feb 04 09:04:15 host.name.tld systemd[1]: pdns.service: main process exited, code=exited, status=218/CAPABILITIES
Feb 04 09:04:15 host.name.tld systemd[1]: Failed to start PowerDNS Authoritative Server.
Feb 04 09:04:15 host.name.tld systemd[1]: Unit pdns.service entered failed state.
Feb 04 09:04:15 host.name.tld systemd[1]: pdns.service failed.
Description
With cPanel & WHM version 94, we ship a new RPM for PowerDNS which includes a few additions to the Systemd unit-file. It appears that these changes are incompatible with older kernels which prevent PowerDNS from starting.
We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-35848. Follow this article to receive an email notification when a solution is published in the product.
Workaround
The issue has thus far only been observed with servers using extremely old kernels (+3 years old), thus the recommended workaround is to update your system's kernel to the latest available version.
yum update kernel
As an alternative and/or temporary measure to bring DNS online, you may consider trying to change from pdns to named.
# /scripts/setupnameserver bind
WARNING: If you switch your nameserver away from PowerDNS, your DNS server will no longer serve DNSSEC records.
You must ensure that the domains do not have DS records configured at their domain registrar.
Failure to do so will cause DNS resolution issues.
Are you sure you want to switch to "bind" [y/n]?
Should you require PDNS for your operational environment, then there is another temporary solution for use until the kernel can be updated(i.e. for VPS which requires hardware node level administrative action). It is imperative to understand this does decrease the inherent security of the PowerDNS installation, and we must strongly recommend the updating of the kernel as the best practice for resolution.
First, make an override.conf file for pdns, with the contents shown below:
# mkdir /etc/systemd/system/pdns.service.d/
# vi /etc/systemd/system/pdns.service.d/override.conf
# cat /etc/systemd/system/pdns.service.d/override.conf
[Service]
User=root
Group=root
AmbientCapabilities=
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
Then reload the systemctl daemon, and restart pdns.service:
# systemctl daemon-reload
# systemctl restart pdns.service
# systemctl status pdns.service
● pdns.service - PowerDNS Authoritative Server
Loaded: loaded (/usr/lib/systemd/system/pdns.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/pdns.service.d
└─override.conf
Active: active (running) since Wed 2021-03-03 11:54:24 EST; 6s ago
Docs: man:pdns_server(1)
man:pdns_control(1)
https://doc.powerdns.com
Main PID: 19871 (pdns_server)
CGroup: /system.slice/pdns.service
└─19871 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
Should you run into any issues with this, please reach out to us here in support for further assistance.
Comments
1 comment
Update: We would like to thank you for your interest in this article/case and encourage your submissions as they are valuable to the ever-expanding development of cPanel & WHM. At this time, this particular issue has not been selected for action from our Development Team, as it may require more development resources than we can allot, or alters the direction cPanel envisions for the product. Submissions persist in our Issue Tracking System in the event the impact of the related issue grows or product direction changes. If you feel that this defect requires direct action, we strongly encourage you to submit a Feature Request to allow the cPanel Community to vote and support your cause.
Thank you again for helping us make cPanel & WHM the hosting platform of choice.
Article is closed for comments.