Old Nameserver in CSF Security Check error logs

zwankie

zwankie

Verified User
Joined
Apr 19, 2020
Messages
91
Hi,

I need some guidance please.
I installed DA on AlmaLinux 8 a few days ago and have been trying out various things.

One this was that I originally set up DA with ns3.xxx.net and ns4.yyy.net details which I later changed to different names.
When I run the CSF option to Check Server Security if displays a warning message stating:
"Unable to resolve nameserver [ns4.yyy.net] within 5 seconds"

The thing is this nameserver ns4 does not exist any more and is nowhere to be found in the NS settings or resolv.conf for DA but somehow CSF still tries to check it.
What could be causing this and how do I fix it?

Thanks
 
CSF does not register nameservers itself. When you use the Check Server Security, it's checks the security via the configuration.
So it must have found that nameserver somewhere on your system, maybe in your /etc/resolv.conf or /etc/hosts file?
 
Thanks Richard,

I also looked at that, nothing relating to ns4 in either /etc/resolv.conf or /etc/hosts.
It's just strange that it wasn't replaced fully by the new nameservers directly through DA
 
Yes that's odd indeed. But if CSF shows it, then it must be present somewhere in some file. Only thing I can guess is some /var/named/yyy.net domain file, a seperate file in there or somewhere else. Maybe hostname.domain.com in /var/named?

Maybe you can check the reseller account -> nameservers if something is to be seen there.
Normally when nameservers are replaced, DA changes everything managed by DA.

Files like /etc/hosts and resolv.conf are not, however you checked those. Could also be a bug and maybe something is not changed.
Only other idea I have is to use the find function on the string.

Or maybe somebody else has an idea.
 
Some feedback.

I ran the search 'grep -r 'ns4.yyy.net' /' found references to it in many places.
The ones in /var/log/ should not be the issue as these are inside log files but I found the reference to the nameserver (which I also setup as a domain before) in the following files:

/var/named/data/named.run - many references to it in here.
/etc/rspamd/users.d/admin.conf - this means DA does not fully remove a domain from this file once the domain is removed.
/var/local/directadmin/conf/directadmin.conf - this is clearly an issue that DA needs to fix.
Also found a few references to it in the letsencrypt folders but possibly not the main issue, however, still not removed or cleaned after domain deletion.

Clearly the main problem is this one. I could not find any reference to the old nameserver in the GUI but it's inside the directadmin.conf
/var/local/directadmin/conf/directadmin.conf - this is clearly an issue that DA needs to fix.

Once removed from here CFS all clear.
 
Last edited:
istartcloud said:
Some feedback.

I ran the search 'grep -r 'ns4.yyy.net' /' found references to it in many places.
The ones in /var/log/ should not be the issue as these are inside log files but I found the reference to the nameserver (which I also setup as a domain before) in the following files:

/var/named/data/named.run - many references to it in here.
/etc/rspamd/users.d/admin.conf - this means DA does not fully remove a domain from this file once the domain is removed.
/var/local/directadmin/conf/directadmin.conf - this is clearly an issue that DA needs to fix.
Also found a few references to it in the letsencrypt folders but possibly not the main issue, however, still not removed or cleaned after domain deletion.

Clearly the main problem is this one. I could not find any reference to the old nameserver in the GUI but it's inside the directadmin.conf
/var/local/directadmin/conf/directadmin.conf - this is clearly an issue that DA needs to fix.

Once removed from here CFS all clear.
Click to expand...
Yes some are .. i did a change in namer server under enhanced admin panel settings admin.
Still users , reseller get the old namerservers as default wen ad domain for example where i have the new default nameservers in directadmin .conf
 
You must log in or register to reply here.
Back
Top