FreeBSD Domain Resolution on cPanel

[Miraenda]

I had this issue happen the other day where my domain was digging locally on my FreeBSD box, but it was not working off the machine for digs (so the domain wasn't resolving). I wanted to relay how I fixed it for those who might run into the same issue.

First of all, your domain won't be working and digs locally will work, but non-local digs fail:

Code:

server# dig @localhost cpfreebsd.com +short
209.200.236.74

Code:

server# dig cpfreebsd.com +short
server#

Next, you try port 53 on your frontend IP and the connection is refused:

Code:

server# telnet 209.200.236.74 53
Trying 209.200.236.74...
telnet: connect to address 209.200.236.74: Connection refused
telnet: Unable to connect to remote host

In the above, my IP is 209.200.236.74 on my machine.

Next, you would check network activity for the port for what is listening on it:

Code:

server# lsof -i :53
COMMAND  PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
named   3895 bind   20u  IPv4 0xc470f768      0t0  TCP localhost:domain (LISTEN)
named   3895 bind  512u  IPv4 0xc4636280      0t0  UDP localhost:domain
named   3895 bind   20u  IPv4 0xc470f768      0t0  TCP localhost:domain (LISTEN)
named   3895 bind  512u  IPv4 0xc4636280      0t0  UDP localhost:domain
named   3895 bind   20u  IPv4 0xc470f768      0t0  TCP localhost:domain (LISTEN)
named   3895 bind  512u  IPv4 0xc4636280      0t0  UDP localhost:domain
named   3895 bind   20u  IPv4 0xc470f768      0t0  TCP localhost:domain (LISTEN)
named   3895 bind  512u  IPv4 0xc4636280      0t0  UDP localhost:domain

You can also use the FreeBSD utility sockstat for a similar check:

Code:

server# sockstat -l | grep :53
bind     named      2702  20 tcp4   127.0.0.1:53          *:*
bind     named      2702  512 udp4  127.0.0.1:53          *:*

All of these show only localhost (127.0.0.1) is listening not the frontend IP. This is confirmed if I telnet to port 53 on localhost, which does work:

Code:

server# telnet localhost 53
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

Now, check /etc/namedb/named.conf to see if it has the following line:

Code:

listen-on       { 127.0.0.1; };

It needs to have the frontend IP listed, so change it to the following instead (replacing my IP with your frontend IP):

Code:

listen-on       { 209.200.236.74; 127.0.0.1; };

At that point, restart named on the server:

Code:

/scripts/restartsrv_named

On a non-cPanel machine, you would use /etc/rc.d/named stop and /etc/rc.d/named start or /etc/init.d/named stop and /etc/init.d/named start depending on where you put the stop and start scripts for named.

Now, you should be able to dig your domain, telnet on port 53 to the IP, and see the IP listening on the server's network on port 53:

Code:

server# dig @localhost cpfreebsd.com +short
209.200.236.74

Code:

server# dig cpfreebsd.com +short
209.200.236.74

Code:

server# telnet 209.200.236.74 53
Trying 209.200.236.74...
Connected to server.cpfreebsd.com.
Escape character is '^]'.

Code:

server# sockstat -l | grep :53
bind     named      3970  20 tcp4   209.200.236.74:53     *:*
bind     named      3970  21 tcp4   127.0.0.1:53          *:*
bind     named      3970  512 udp4  209.200.236.74:53     *:*
bind     named      3970  513 udp4  127.0.0.1:53          *:*

Each of the above show that now the frontend IP is working on port 53 to provide successful DNS zone dig resolution.

I hope this helps people.