Skip to main content

cPanel WHOIS activity

Comments

8 comments

  • cPRex Jurassic Moderator
    Hey hey! cPanel makes frequent calls to various levels of DNS for licensing and AutoSSL services, so I would consider that normal activity.
    0
  • eitanc
    Thank @cPRex but this is a WHOIS query, to find the details of the owner of a domain, AFAIK, how is it related to DNS and AutoSSL?
    0
  • cPRex Jurassic Moderator
    Oh, as in this is for a specific domain? Not a query for a nameserver of some sort? If that's the case, I have no idea and would need more specifics before I could advise you on what may be happening.
    0
  • eitanc
    I don't know @cPRex, I see it on the firewall, I guess you know how CP works, so you will know the source process and reasoning for this activity
    0
  • cPRex Jurassic Moderator
    Well, I'd need more details as to *what* is making it happen. Seeing something in the firewall could be anything from us, or user traffic. But like I said, as far as cPanel is concerned, we do make whois queries for AutoSSL frequently, so that is one option as to why this would be showing up. If you run this command manually, do you see the same firewall entry appear? /usr/local/cpanel/3rdparty/bin/perl -MCpanel::DnsRoots -MData::Dumper -e 'print Dumper(Cpanel::DnsRoots->new()->get_nameservers_for_domain("google.com"));'
    0
  • eitanc
    No, it doesn't. This command looks like a DNS query, not like a WHOIS query.
    0
  • cPRex Jurassic Moderator
    There are other tools that would be making this query as well. We do require that port to be opened in your firewall:
    0
  • eitanc
    Got it, thank you. I just wanted to verify it is a traffic that comes from CP. Thank you.
    0

Please sign in to leave a comment.