Tag Archives: cpanel

[solved] – Error reloading bind on ns1: rndc: ‘reload’ failed: failure on cpanel dns only setup

Gosh. The last few days when I update a dns record or my cpanel system adds a dns record to my dns cluster I get the following errors:


Bind reloading on maggie using rndc zone: [somedomainname.com]
Bind reloading on ns1 using rndc zone: [somedomainname.com]
Bind reloading on ns1 using rndc
Error reloading bind on ns1: rndc: 'reload' failed: failure

Bind reloading on ns3 using rndc zone: [somedomainname.com]
Bind reloading on ns3 using rndc
Error reloading bind on ns3: rndc: 'reload' failed: failure

Bind reloading on ns4 using rndc zone: [somedomainname.com]
Bind reloading on ns4 using rndc
Error reloading bind on ns4: rndc: 'reload' failed: failure

Bind reloading on ns2 using rndc zone: [somedomainname.com]
Bind reloading on ns2 using rndc: rndc: 'reload' failed: failure
Error reloading bind on ns2: rndc: 'reload' failed: failure

To cut a long story short I will tell you the direct cause of the issue and the quick steps to resolve it as I looked everywhere for a solution and spent days asking around if anyone else had the same issue.

CAUSE
My dns cluster consists of 4 x Cpanel DNS ONLY servers so I logged into ns1 and ran this command: /etc/init.d/named restart. This gave me the following error in ssh:


Error in named configuration:
/etc/named.conf:10693: zone 'someotherdomainname.com': already exists previous definition: /etc/named.conf:8581
/etc/named.conf:23122: zone 'someotherdomainname.com': already exists previous definition: /etc/named.conf:21010
FAILED

AH HA! Looks like there was a duplicate record in the /etc/named.conf

SOLUTION
I opened up /etc/named.conf on ns1 and commented out the duplicate entry like so.

named-conf

Then I went back to the main cpanel server and tried to update a dns record and did not get any errors which was a good sign!

I then did the same with ns2 + ns3 + ns4 and everything was back to normal again.

I do not know what caused this duplication issue but the above solution worked for me and I hope it saves someone else hours of troubleshooting.

MySQL Logging – How to log all mysql queries, errors and slow queries on Cpanel Servers

Logging slow queries and mysql errors is important for ease of troubleshooting mysql issues but if you also need to log every single mysql query executed by the server for troubleshooting purposes then you need to add an extra line to your mysql configuration file.

First and foremost, for this you will need to have root ssh access to your server.

In addition to the regular mysql configurations, this is how I do my mysql logging.

1. Once logged into the server run the command below to edit the main mysql config file.
# pico /etc/my.cnf

2. Add the following lines to the [mysqld] section.
log_slow_queries = /var/log/mysql/mysql-slow.log
long_query_time = 1
log = /var/log/mysql/mysql-general.log

3. Add the following lines to the [mysqld_safe] section
log-error=/var/log/mysql/mysqld-errors.log

4. Now save the file and run the following commands one after the other.
touch /var/log/mysql/mysql-slow.log
touch /var/log/mysql/mysqld-errors.log
touch /var/log/mysql/mysql-general.log

chown mysql:mysql /var/log/mysql/mysql-slow.log
chown mysql:mysql /var/log/mysql/mysqld-errors.log
chown mysql:mysql /var/log/mysql/mysql-general.log

5. Restart Mysql
# service mysql restart

NICE! You will now have comprehensive logging of all your mysql activities giving you some extra tools in case there is issues with your mysql server.

To view the content of the general log (for eg) run this command
# cat /var/log/mysql/mysql-general.log

To view the queries as they are being executed run this command
# tail -f /var/log/mysql/mysql-general.log

NOTE: on a production server, the general log can get big fast, so only enable that during development or troubleshooting. You can always open my.cnf and comment out the general log line using #. Make sure you restart the mysql service after making changes to my.cnf file.

Restrict Access to WHM by IP

Hackers are getting smarter and sneakier and with the internet just getting more and more popular this means that the software that web hosts use are going to be more and more targeted.

So today, I have decided that prevention is better than cure, and proceeded to lock down the WHM login page on all my servers and surprisingly could not find accurate information on how to do it, however, after some extensive research I have found that it is very easy to do.

This procedure is useful if you run a small VPS or dedicated server and dont have any resellers accessing WHM. Mind you if you do have resellers, you can always just tell them that WHM access is limited by fixed IP and they have to like it or lump it. After all its in the name of security.

Just do the following to lock down your WHM login page.

  1. Login to WHM
  2. Go to Main >> Security Center >> Host Access Control
  3. In the Daemon column type:  whostmgrd (this is the WHM service)
  4. In the Access List column type: your ip address
  5. In the Action column type: allow (this will allow your ip)
  6. Go to the next row to create a deny entry
  7. In the Daemon column type:  whostmgrd
  8. In the Access List column type:  ALL
  9. In the Action column type: deny (this will perform the deny action)
  10. Dont forget to click the “save host access file button.

Now your WHM will only be accessible from your fixed ip.

if you see the image below, this is what your screen will look like (click on the image to see full version)

Simple Abuse Monitoring Script in PHP for Cpanel

One of the issues with Cpanel servers, especially if you offer shared hosting, is to monitor the load averages as well as processes and identify resource abuse.

After having little luck in finding any decent monitoring scripts, especially ones which are easy to install, I have written a script in php which can be installed on a cpanel server as the root user and then executed using a cron to run it every 60 seconds.

Installation is simple:

1. adjust the destination email address
2. upload script to root directory
3. chmod the file to 755
4. create a cron job as root user to run the script every minute

IMPORTANT: This script will send you appx 1440 emails a day (60 per hour) and if  you dont want to be reading all of them or having them fill up your inbox then you need to either set up a special mail account for it or adjust your own mail settings.

In my case I send the results of the script to my own main email address but I have created a folder inside my mail account called “server_checks” and created a mail rule to move these alert emails to the folder and to mark them as read.

So every day I just quickly scan to see if anything is out of the ordinary.

You could if you wanted to, adjust the script to drop the alert data into a remote database too if you did not want to receive emails!

Once installed, the script then sends an email every minute with a snapshot of the current mysql processes, load averages, current running processes giving you a rough idea what is happening on your server.

If you look at the image below, it shows the contents of a special mailbox I have set up which just gathers the abuse monitoring emails and you can see at a glance you can gauge the load averages for the server.

Below is the contents of the email and as you can see it contains various useful information about the server so in the case you notice at some point that there is some high load on the server, you can see the processes happening at that point in time.

Here is the script.

//#######################################################
// server load checker
// created by craigedmonds.com
// 1. upload this php script to /root
// 2. chmod the file to 755
// 3. in ssh type: crontab -u root -e
// 4. add this line: * * * * * /usr/bin/php /root/craigs-load-checker.php
// 5. restart cron service: /etc/init.d/crond restart
//#######################################################

//where we will send the emails
$email_to = “you@yourdomain.com”;
$email_from = “you@yourdomain.com”;

//#######################################################
//no need to edit below here
//#######################################################

$hostname = trim(shell_exec(‘hostname’));
$this_server_ip = gethostbyname(trim($hostname));
$mysql_processes = shell_exec(‘mysqladmin proc stat’);
$process_list = shell_exec(‘top -b -n 1’);
$uptime = shell_exec(‘uptime’);
$total_port80_connections= shell_exec(‘netstat -plan | grep :80 |wc -l’);

//get the load averages from the uptime
$explode_load_averages=explode(“load average:”,$uptime);
$explode_load_averages_again=explode(“,”,$explode_load_averages[1]);
$load_avg_current=trim($explode_load_averages_again[0]);
$load_avg_5mins=trim($explode_load_averages_again[1]);
$load_avg_15mins=trim($explode_load_averages_again[2]);

//send the email
$subject = $hostname . ” service CHECKER – ” . $uptime;
$address = $email_to;
$headers =
“From: ” . $email_from. “\r\n” .
“Reply-To: ” . $email_from. “\r\n” .
“X-Mailer: PHP/” . phpversion();
$body =”#SERVER_INFO\r\n”;
$body.=”Hostname: ” . $hostname . “\r\n”;
$body.=”IP: ” . $this_server_ip;
$body.=”\r\n\r\n”;
$body.=”#LOAD_AVERAGES\r\n”;
$body.=”Current Load Average: ” . $load_avg_current . “\r\n”;
$body.=”5 Minute Load Average: ” . $load_avg_5mins . “\r\n”;
$body.=”15 Minute Load Average: ” . $load_avg_15mins;
$body.=”\r\n\r\n”;
$body.=”#TOTAL_CONNECTIONS\r\n”;
$body.=”Port 80: ” . $total_port80_connections;
$body.=”\r\n\r\n”;
$body.=”#MYSQL_PROCESS_LIST\r\n”;
$body.= $mysql_processes;
$body.=”\r\n\r\n”;
$body.=”#PROCESS_LIST\r\n”;
$body.= $process_list;
$body.=”\r\n\r\n”;
$body.=”#end of notification”;
mail($address, $subject, $body, $headers);

exit;

Stop and Disable Mailman on Cpanel

One of our shared servers was showing several thousand bounce messages in the mail queue all generated via a mailman user. So we decided to kill mailman permanently.

However the recomended tweak of switching off Main >> Server Configuration >> Tweak Settings >> Mailman was not working. Still in the background there were mailman processes running, causing havoc.

So I needed to STOP mailman running as well as DISABLE it.

The solution I found was:

1. Run the following command in SSH which will stop the mailman process from running.

2. Create an .htaccess for mailman – Create a file at in the following location on your server.

3. Put the following code into the file, this will give a permission denied error on the mailman system.

4. Finally, add the .htaccess to the exclude file so cPanel won’t remove / change it. Run the following in SSH.

Bang! There you go. No more issues with mailman. Load dropped like a stone. Sweet!