Page 1 of 1

CSF Blocking Google DNS + dig Command

Posted: 06 Sep 2018, 05:18
by mydreamsite
Hi guys,

First time posting. Hope someone can help.

I have WHM + CSF installed on a CentOS server, and it's come to my attention we've had issues with some limited mail flow, and a few visitors trying to visit their websites.

Long story short, we came to the conclusion that Google DNS is having trouble resolving any domains on my server. One example is

When I run a dig command using any other DNS server such as open DNS, I get this result:

Code: Select all

>dig @208.67.222.222 indigo-co.com.au

; <<>> DiG 9.12.2 <<>> @208.67.222.222 indigo-co.com.au
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34338
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;indigo-co.com.au.              IN      A

;; ANSWER SECTION:
indigo-co.com.au.       14400   IN      A       66.187.76.207

;; Query time: 579 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Thu Sep 06 14:14:57 AUS Eastern Standard Time 2018
;; MSG SIZE  rcvd: 61
As you can see, in the Answer section, the IP 66.187.76.207 is retreived. Which is the IP for the server ms1.serverpoint.com.au.

However, when I use either 8.8.8.8 or 8.8.4.4, this is the result:

Code: Select all

>dig @8.8.8.8 indigo-co.com.au

; <<>> DiG 9.12.2 <<>> @8.8.8.8 indigo-co.com.au
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 60005
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;indigo-co.com.au.              IN      A

;; Query time: 15 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Sep 06 14:13:10 AUS Eastern Standard Time 2018
;; MSG SIZE  rcvd: 45
Now, the reason I think CSF has something to do with it, is because as soon as I disable csf, the Google command instantly works and no more issues. Then when I re-enable csf, the issue re-occurs.

The command I use to diable csf is just csf -x.

Port 53 is open on TCP and UDP - both incoming and outgoing - both IP4 and IP6.

Other than that, I dont know how to figure this out and it's becoming urgent.

Any help would be very much appreciated. Thank you.

Regards,

Hays

Re: CSF Blocking Google DNS + dig Command

Posted: 07 Sep 2018, 05:32
by mydreamsite
I found the issue!

Just in case anyone has a similar problem.

So it turned out even though Google IPs were allowed through CSF and DNS ports were opened and vaified, Google DNS was being blocked. I know it wasn't a DNS issue specific to my server because every other DNS server was working. The dig and nslookup commands worked with my ISP servers, openDNS, and so on...just not with Google 8.8.8.8 and 8.8.4.4. I knew this meant the block was specific to Google but I couldn't find any Google IPs being blocked in the csf.deny file or anything like that.

The other odd thing was the dig and nslookup commands only failed within Australia. When I RDPd in to an overseas computer and ran the commands using Google DNS, it worked fine. This is what lead us to the resolution.

FINALLY, As per the suggestion from the awesome support team at cPanel, when I emptied my CC_DENY configuration in CSF and Voila! Everything works and Google can find me again!

Due to the large number of spam and brute force attempts from certain countries, I had the following list in my CC_DENY input: CN,RU,IN,TW,PK,LA,PE

So it turns out Google routes its Australian DNS servers through one of the above countries....I'll let you know which one soon...

Re: CSF Blocking Google DNS + dig Command

Posted: 07 Sep 2018, 05:40
by mydreamsite
Pakistan...It was Pakistan.

I've removed PK from the countries that csf blocks and Google DNS Australia can now see me :)

Re: CSF Blocking Google DNS + dig Command

Posted: 07 Sep 2018, 05:56
by mydreamsite
It was also Taiwan...Had to remove TW as well. All good now.