SELinux on DNSonly losing connection

Ray Hayes

• January 22, 2019 14:23

About 2 days ago our DNSonly server (NS2) was hit with the SELinux bug (if no SELinux was enabled or a config file did not exist, an update would add it...and it was enabled). The DNS went completely down until SELinux was disabled. I am now able to access the dns server in the cluster...BUT, at random times now it drops... Could not connect to and not the hostname, which would be ns2.dnsonly.com...as an example, which seems odd...) All IP's have been added to CPHulk and whitelisted. All firewall rules (APF) allow access to the IP...just now, randomly, it breaks. Thoughts

• 

  Ray Hayes

  • January 23, 2019 15:06

  I feel this may be a hijack, but I am gaining zero traction on this issue. I was hit with the SELinux bug. It has since been repaired. But, now this has created a new issue. This was a DNSOnly server that was hit (NS2). It is part of a cluster. Since this bug, the first node (NS1) keeps disconnecting from the DNSonly node. Could not connect to

  0
• 

  cPanelLauren

  • January 23, 2019 19:54

  Hi @Ray Hayes I'm unsure what would cause this behavior but it might be best if we were able to investigate on the box itself. Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved. Thanks!

  0
• 

  Ray Hayes

  • January 24, 2019 03:53

  cPanel dnsonly ID# 11268763 - Underway. Hope to hear what weirdness this may be.

  0
• 

  cPanelLauren

  • January 24, 2019 14:25

  Hi @Ray Hayes Thanks for that I'm watching that ticket and I can see we've already begun troubleshooting. I'll update here with the resolution as soon as it's available. Thanks!

  0
• 

  Ray Hayes

  • January 25, 2019 05:57

  At this point, there is no solution. Something blocks the master unit of the cluster from writing to the DNSOnly machine. I even bailed and went ahead and completely reinstalled from scratch. EXACT same error after all was said and done. The only concern I have is the constant SSL errors. As I reviewed the SSL's on the DNSOnly unit, I do not see the one I installed. Only self-signed. I then saw this... I quote "Note this issue only affects the visibility of the certificate in "WHM >> Manage Service SSL Certificates", as the certificate itself is installed successfully". Is it? If so, why am I seeing so many "Could not connect to

  0
• 

  Ray Hayes

  • January 25, 2019 07:36

  Fighting a losing battle...but, I have verified one thing. It has boiled down to one specific server. I currently have all of the other nodes reconnected to the DNSOnly node. Any changes in Zone Editor are written immediately to that DNS. But, on the main node with problems...the following error keeps popping up in DNSAdmin logs. substr outside of string at /usr/local/cpanel/Cpanel/Gzip/ungzip.pm line 74. Use of uninitialized value in unpack at /usr/local/cpanel/Cpanel/Gzip/ungzip.pm line 74. Use of uninitialized value in numeric eq (==) at /usr/local/cpanel/Cpanel/Gzip/ungzip.pm line 74. Is this dnsadmin? But, I know support updated dnsadmin to the latest. What could that be?

  0
• 

  Ray Hayes

  • January 25, 2019 21:04

  Issue solved! Decided to use an alternate vps/droplet provider than Vultr (where the original broken NS node existed.)...Digital Ocean. The new ns server is humming along, and with zero issues. And considerably faster. So...moral? Be wary if using certain hosting providers and Vultr...who knows...they may be blocking Vultr....and yet, we will really never know what happened.

  0
• 

  cPanelLauren

  • January 28, 2019 12:44

  Hi @Ray Hayes Interesting, vultr uses their own templates when provisioning their VPS's it may have been some misconfiguration within the template. I'm really glad to hear you got it all resolved! Thanks!

  0

Please sign in to leave a comment.