Reverse DNS Lookup Fixing rndc error in WHM/cPanel CentOS

After looking around everywhere to try and find out how to get the reverse dns lookup working on our cPanel CentOS servers we compiled a list of what’s involved.
We were having issues with some cPanel servers and we could not get the reverse DNS test to work on them even though we had them setup the same exact way as the servers that were working. The one issue we found had to do with rndc key not working correct. As you may already know Reverse DNS problems are many but the most common is not being able to send email to hotmail, yahoo etc. so it is very important that when you are setting up configure reverse dns you do it right then do a reverse DNS lookup test.

We are going to take the reverse DNS setup step by step here. But before you continue clear your mind, do some yoga, drink a beer or smoke something, whatever floats your boat, just pay attention to what you are doing because even something as small as a dot can give you a real headache and piss u off.
Ready?
Sure?
Ok fine, here we go. Do this at your own risk we are not responsible for your server going haywire, this is what worked for our servers. Here is what you need to get and confirm that your reverse DNS is working.
For those who have no patience, here are all command lines used on this How To Reverse DNS. Use your favorite editor, in this case we use pico.
NOTE: pico does not come with CentOS, you can check “How to install pico on WHM/cPanel CentOS”
# dig +trace for 444.333.222.111.in-addr.arpa # rndc-confgen # locate rndc-confgen # /usr/sbin/rndc-confgen # pico /etc/rndc.conf # pico /etc/rndc.key # pico /etc/named.conf # /scripts/fixndc # service named restart
1) Get organized.
Write down your IP allocation so you don’t have to use up your memory. (haha funny)

We are going to work with this assumptions
Network: 111.222.333.442
Broadcast: 111.222.333.440
Netmask: 255.255.255.240
Gateway: 111.222.333.443
Server: 111.222.333.444 host.yourserver.com
Name Server: 111.222.333.445 ns1.yourserver.com
Name Server: 111.222.333.446 ns2.yourserver.com

2) Contact your DC:
You need to contact your DC (data center) and request to delegate reverse Dns for
>
> host.yourserver.com 111.222.333.444
> ns1. yourserver.com 111.222.333.445
> ns2. yourserver.com 111.222.333.446

3) Check after your DC has confirmed your reverse DNS deligation:
Login as root on the server using putty or whatever you like.
First let’s check and see if you DC has setup reverse Dns to your nameservers.
Run this command
# dig +trace for 444.333.222.111.in-addr.arpa
===========================================
; < <>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 < <>> +trace for 444.333.222.111.in-addr.arpa
;; global options: printcmd
——-Bunch of traces here ——–

444.333.222.111.in-addr.arpa. 86400 IN CNAME 444.subnet442.333.222.111.in-addr.arpa.
subnet444.333.222.111.in-addr.arpa. 86400 IN NS ns1.yourserver.com.
subnet444.333.222.111.in-addr.arpa. 86400 IN NS host. yourserver.com.
subnet444.333.222.111.in-addr.arpa. 86400 IN NS ns2. yourserver.com.
;; Received 140 bytes from 216.218.130.2#53(ns1.he.net) in 1 ms
==============================================
In the results you should see a bunch of tracerouts and somewhere in the results, usually near the end you should see your nameservers. The important thing is that you see your nameservers. If not contact your DC and yell; WASSUP
Ok now that we have confirmed that your DC has actually done something with their time we move on.
I mean you can see your nameservers in the results right?

4) Generate a new rndc key:
Ok this sucker was our problem for most of our servers, hopefully it’ll fix yours.
Generate a new rndc key by running the command below
# rndc-confgen
Not working for you? We are on the same boat here We have CentOS cPanel servers running the exact versions but for some reason a couple of the servers did not like that command but instead try:
# /usr/sbin/rndc-confgen
Worked? Don’t ask why, that’s another article and need to free up some memory first.
Didn’t work ether? Ohh man you got issues. Ok try this and find where the hell is your command
# locate rndc-confgen
Sorry that’s as far as I go on this one.
Ok where were we? Ohh yeah, if you got it to work you are going to see something like this:
# Start of rndc.conf key "rndckey" { algorithm hmac-md5; secret "long-secret-key-here"; };

options { default-key "rndckey"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed: # key "rndckey" { # algorithm hmac-md5; # secret "long- secret-key-here "; # }; # # controls { # inet 127.0.0.1 port 953 # allow { 127.0.0.1; } keys { "rndckey"; }; # }; # End of named.conf

Copy the output to /etc/rndc.conf file. Your
/etc/rndc.conf
file should look exactly as the output,
also make sure you copy the long secret key into the
/etc/rndc.key
file.

5) Fixing rndc error in WHM/cPanel
Now need to check the following files (even if you already been there before) and replace all instances of “rndc-key” with “rndckey”
/etc/rndc.conf
/etc/rndc.key
/etc/named.conf
Then after you have checked one more time run
/scripts/fixndc
Then again, just to make sure
/scripts/fixndc
Then restart bind
# service named restart

6) Check reverse DNS fix.
Now check reverse dns to see if that did the trick, assuming you had all the other files setup correctly.
# dig -x 111.222.333.444
The output should look something like this;
; < <>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 < <>> -x 111.222.333.444 ;; global options: printcmd ;; Got answer: ;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 64984 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION: ;444.333.222.111.in-addr.arpa. IN PTR

;; ANSWER SECTION: 444.333.222.111.in-addr.arpa. 86400 IN CNAME 444.subnet441.333.222.111.in-addr.arpa. 444.subnet442.333.222.111.in-addr.arpa. 14400 IN PTR host.yourserver.com.

;; Query time: 18 msec ;; SERVER: 208.67.220.220#53(208.67.220.220) ;; WHEN: Sat May 28 16:31:50 2011 ;; MSG SIZE rcvd: 104
What you need to pay attention to in the reverse dns check is where it says status: NOERROR, if it’s not setup correct it will say status: SERVFAIL,
So the header is going to look like this:
;; ->>HEADER< <- opcode: QUERY, status: SERVFAIL, id: 64984
In this case you need to check all the following files that should look like this:
/etc/named.conf ============================================================= include "/etc/rndc.key";

controls { inet 127.0.0.1 allow { localhost; } keys { "rndckey"; }; };

zone "subnet444.333.222.111.in-addr.arpa" { type master; file "/var/named/111.222.333.444.db"; };
/etc/rndc.conf =============================================================

# Start of rndc.conf key "rndckey" { algorithm hmac-md5; secret "long-secret-key-here"; };

options { default-key "rndckey"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf

key "rndckey" { algorithm hmac-md5; secret " long-secret-key-here "; };
/var/named/111.222.333.444.db ============================================================= ; Modified by Web Host Manager ; Zone File for 111.222.333.444 $TTL 14400 @ 86400 IN SOA ns1. yourserver.com. root.host. yourserver.com. ( 2007072809 86400 7200 3600000 86400 )

@ 14400 IN NS ns1. yourserver.com. @ 14400 IN NS ns2. yourserver.com.

host. yourserver.com 14400 IN A 111.222.333.444 444 14400 IN PTR host. yourserver.com. 445 14400 IN PTR ns1.yourserver.com. 446 14400 IN PTR ns2.yourserver.com.
Be patient and take your time, double-check everything and after you are done making changes remember to restart bind then run
# dig -x 111.222.333.444
Again.
Everything to get the reverse DNS lookup going on your server is right here.

Category: CentOS cPanel

HowToGuides24/7

Here To Guide You Everyday

Reverse DNS Lookup Fixing rndc error in WHM/cPanel CentOS

Leave a Comment or Cancel reply