cPanel WHOIS activity
Hello,
At my firewall I see that my CP server access the IPs of:
whois.ripe.net
whois.arin.net
At destination IP of TCP 43 (WHOIS).
Is it a CP activity?
If so - which process/feature use it and for what purpose?
Thank you.
-
Hey hey! cPanel makes frequent calls to various levels of DNS for licensing and AutoSSL services, so I would consider that normal activity. 0 -
Thank @cPRex but this is a WHOIS query, to find the details of the owner of a domain, AFAIK, how is it related to DNS and AutoSSL? 0 -
Oh, as in this is for a specific domain? Not a query for a nameserver of some sort? If that's the case, I have no idea and would need more specifics before I could advise you on what may be happening. 0 -
I don't know @cPRex, I see it on the firewall, I guess you know how CP works, so you will know the source process and reasoning for this activity 0 -
Well, I'd need more details as to *what* is making it happen. Seeing something in the firewall could be anything from us, or user traffic. But like I said, as far as cPanel is concerned, we do make whois queries for AutoSSL frequently, so that is one option as to why this would be showing up. If you run this command manually, do you see the same firewall entry appear? /usr/local/cpanel/3rdparty/bin/perl -MCpanel::DnsRoots -MData::Dumper -e 'print Dumper(Cpanel::DnsRoots->new()->get_nameservers_for_domain("google.com"));'
0 -
No, it doesn't. This command looks like a DNS query, not like a WHOIS query. 0 -
Got it, thank you. I just wanted to verify it is a traffic that comes from CP. Thank you. 0
Please sign in to leave a comment.
Comments
8 comments