rndc status failed, connect failed: 127.0.0.1#953: timed out
Hello,
i found this in cpanel error log:
[2016-04-04 08:39:03 +0000] warn [restartsrv_base] /usr/sbin/rndc status failed: WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)rndc: connect failed: 127.0.0.1#953: timed out at /usr/local/cpanel/Cpanel/DNSLib.pm line 263.
Cpanel::DNSLib::checkrndc(Cpanel::DNSLib=HASH(0x2134380)) called at /usr/local/cpanel/Cpanel/ServiceManager/Services/Named.pm line 84
Cpanel::ServiceManager::Services::Named::check(Cpanel::ServiceManager::Services::Named=HASH(0x1afc4f8)) called at /usr/local/cpanel/Cpanel/ServiceManager/Base.pm line 552
Cpanel::ServiceManager::Base::run_from_argv(Cpanel::ServiceManager::Services::Named=HASH(0x1afc4f8), "--verbose", "named", "--check", "--notconfigured-ok") called at bin/restartsrv_base.pl line 81
main::__ANON__() called at /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80
eval {...} called at /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71
Try::Tiny::try(CODE(0x1ef3ee8), Try::Tiny::Catch=REF(0x15fa418)) called at bin/restartsrv_base.pl line 110
[2016-04-04 08:39:03 +0000] warn [restartsrv_base] named: call to rndc failed
at /usr/local/cpanel/Cpanel/ServiceManager/Services/Named.pm line 85.
Cpanel::ServiceManager::Services::Named::check(Cpanel::ServiceManager::Services::Named=HASH(0x1afc4f8)) called at /usr/local/cpanel/Cpanel/ServiceManager/Base.pm line 552
Cpanel::ServiceManager::Base::run_from_argv(Cpanel::ServiceManager::Services::Named=HASH(0x1afc4f8), "--verbose", "named", "--check", "--notconfigured-ok") called at bin/restartsrv_base.pl line 81
main::__ANON__() called at /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80
eval {...} called at /usr/local/cpanel/3rdparty/perl/514/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71
Try::Tiny::try(CODE(0x1ef3ee8), Try::Tiny::Catch=REF(0x15fa418)) called at bin/restartsrv_base.pl line 110
[2016-04-04 08:39:15 +0000] info [restartsrv_base] Domming remaining dovecot processes
[2016-04-04 08:39:16 +0000] info [tailwatchd] chkservd::Notify Notification => support@XYXYXYXY***** via EMAIL [eventimportance => High (1)]
[2016-04-04 08:39:28 +0000] info [tailwatchd] chkservd::Notify Notification => support@XYXYXYXY***** via EMAIL [eventimportance => High (1)]
[2016-04-04 08:39:39 +0000] info [tailwatchd] chkservd::Notify Notification => support@XYXYXYXY***** via EMAIL [eventimportance => High (1)]
[2016-04-04 08:39:48 +0000] info [cpsrvd] Restarting cpsrvd daemon process 1820 via /usr/local/cpanel/cpsrvd
==> cpsrvd 11.54.0.21 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up native SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
[2016-04-04 08:39:50 +0000] info [tailwatchd] chkservd::Notify Notification => support@XYXYXYXY***** via EMAIL [eventimportance => High (1)]
Please which commands / steps to do to discover cause and fix it? Thank You
Please which commands / steps to do to discover cause and fix it? Thank You
-
Hello :) Check to see if local connections to port 953 are possible from your server's command line. EX: telnet 127.0.0.1 953
You may need to review any firewall rules you have enabled if the connection is blocked. Thank you.0 -
thx, no, Yours mentioned command returns this: :( telnet: connect to address 127.0.0.1: Connection timed out
# netstat -penta|grep named tcp 0 0 SERVERIPHERE:53 0.0.0.0:* LISTEN 25 1558635645 7805/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 1558635643 7805/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 1558635648 7805/named
# cat /etc/rndc.conf|grep port default-port 953; # inet 127.0.0.1 port 953
csf -p|grep named 53/tcp 4/- - (7805/named) /usr/sbin/named -u named /usr/sbin/named 53/udp 4/- - (7805/named) /usr/sbin/named -u named /usr/sbin/named
(port 53 is within allowed ports in CSFirewall and 953 is not there) When i pause CSF (firewall) and do # service named status WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) version: 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 (Not disclosed) CPUs found: 9 worker threads: 9 number of zones: * debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 1/100 server is up and running named (pid 7805) is running...
What/why went wrong please? Seems that after CSFirewall was enabled again, timeout no longer appears but newly created cPanels DNS fails to work. I do command "host newcpaneldomain.tld" and result is "Host newcpaneldomain.tld not found: 2(SERVFAIL)" but after i manually reload DNS zone, i see it start working/resolving and WHM says this upon reloading: "Bind reloading on hostname using rndc: WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) server reload successful"0 -
It looks to be csf firewall was blocking there connection on port 53. After restarting it that has been sorted out. 0 -
but newly created cPanels DNS fails to work. I do command "host newcpaneldomain.tld" and result is "Host newcpaneldomain.tld not found: 2(SERVFAIL)" but after i manually reload DNS zone, i see it start working/resolving and WHM says this upon reloading: "Bind reloading on hostname using rndc: WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) server reload successful"
Does DNS fail externally as well, or is it just the local server that returns the "not found" error when using the "host" command? Thank you.0 -
I can"t confirm if DNS fails externally, i already reloaded that DNS Zone manually. I followed cpanel support suggestion (Add 127.0.0.0/8 to /etc/csf/csf.allow and also to /etc/csf/csf.ignore.) and restarted CSF (firewall). But i still see timeout when telnet localhost and port 953 or 80 (example: telnet 127.0.0.1 953) service named status and rndc reload is timeouting too 0 -
it seems solved, appears like CSF (firewall) misconfiguration so far.
I am happy to see the issue is now addressed. Thank you for updating us with the outcome.0 -
yes, it seemd like that, but reallity is different, i updated my post as it is not solved. 0 -
I followed cpanel support suggestion (Add 127.0.0.0/8 to /etc/csf/csf.allow and also to /etc/csf/csf.ignore.) and restarted CSF (firewall). But i still see timeout when telnet localhost and port 953 or 80 (example: telnet 127.0.0.1 953) service named status and rndc reload is timeouting too
To update, it looks like the issue was isolated to your firewall rules, per the support ticket. I suggest updating your custom firewall rules, or going through each custom rule one by one to narrow down the culprit. Thank you.0
Please sign in to leave a comment.
Comments
8 comments