Prefer/Precedence IPv4 over IPv6 for DNS lookups

We had an issue with DNS lookup/Querying the whois servers(Example: whois.crsnic.net) while Domain Search/Registration for any TLDs through WHMCS, Domain Manager etc. The tool/system used to timeout whenever the users searched a domain for availability.

We found the following via CLI when telnet’ing to the whois server directly.

[root@host ~]# telnet whois.crsnic.net 43
Trying 2620:74:20::30...
telnet: connect to address 2620:74:20::30: Connection refused
Trying 2620:74:21::30...
telnet: connect to address 2620:74:21::30: Connection refused
Trying 192.34.234.30...
Connected to whois.crsnic.net.
Escape character is '^]'.

The above indicates it attempts IPv6 DNS lookup first but the whois server doesn’t support or provide it, later our server tries IPv4 DNS lookup and it worked.

The system by default uses AAAA(IPv6) DNS lookups before IPv4 according to the default precedence blocks in /etc/gai.conf (gai stands for getaddrinfo, the standard system call for resolving host names).

As many prefer to disable IPv6 completely and it is not a good solution on the servers which require IPv6 for other purposes, we can try an alternative solution by giving precedence to IPv4 over IPv6 without disabling IPv6.

This is done by changing “precedence ::ffff:0:0/96 10" toprecedence ::ffff:0:0/96 100" in the config file /etc/gai.conf. Check whole /etc/gai.conf to read and understand.

[root@host ~]# grep "::ffff:0:0/96" /etc/gai.conf
#label ::ffff:0:0/96 4
#precedence ::ffff:0:0/96  10
precedence ::ffff:0:0/96  100

If you do not have a /etc/gai.conf(which controls the getaddrinfo() call), you should have an example somewhere within /usr/share/doc (on Centos/RHEL, it is at /usr/share/doc/glibc-common-X.XX.XX/gai.conf) which you can copy over to /etc/gai.conf.

Mine was at:

[root@host ~]# rpm -qa glibc*
glibc-common-2.17-260.el7_6.6.x86_64
glibc-2.17-260.el7_6.6.x86_64
glibc-headers-2.17-260.el7_6.6.x86_64
glibc-devel-2.17-260.el7_6.6.x86_64

[root@host ~]# ll /usr/share/doc/glibc-common-2.17/gai.conf
-rw-r--r--. 1 root root 2584 Jul  3 15:25 /usr/share/doc/glibc-common-2.17/gai.conf

[root@host ~]# cp -pv /usr/share/doc/glibc-common-2.17/gai.conf /etc/
โ€˜/usr/share/doc/glibc-common-2.17/gai.confโ€™ -> โ€˜/etc/gai.confโ€™

Then it started working fine by giving preference to IPv4 over IPv6.

[root@host ~]# telnet whois.crsnic.net 43
Trying 192.34.234.30...
Connected to whois.crsnic.net.
Escape character is '^]'.
Connection closed by foreign host.

cloudlinux: PHP selector NOT working or BROKEN

It was truly devastating and I was dismayed when I noticed the PHP selector in server got broken or stopped working since the last easy-apache. Tones of tickets were popped in when clients lost their custom php versions and its custom settings

I tried to select the php version 5.4 for the domain and set post_max_size and upload_max_filesize to 32MB each

php_settings1

 

 

 

 

 

And I checked by putting a phpinfo page in the domain, sadly the changes I made in php selector settings had no effect

 
phpini1

 

 

phpini2

 

 

 

 
Following is the solution that I could finally find out to fix it … tadaa ๐Ÿ™‚

PHP configured as suphp in server
———–
# /usr/local/cpanel/bin/rebuild_phpconf –current
Available handlers: suphp dso fcgi cgi none
DEFAULT PHP: 5
PHP4 SAPI: none
PHP5 SAPI: suphp
SUEXEC: enabled
RUID2: not installed
———–

We must check if liblve.so.0 is present in /opt/suphp/sbin/suphp since it is suphp compiled with lve. In this case Cagefs and PHPSelector can’t work properly. You can check this by searching file /opt/suphp/sbin/suphp . Use strings command to read it since it is a binary file.

# strings /opt/suphp/sbin/suphp | grep lve

Output should be as…

# strings /opt/suphp/sbin/suphp |grep lve
Could not resolve path “
liblve.so.0
lve_jail_uid

If it is not present, then you need to run:

# /usr/sbin/cpanel-compile-suphp.sh

Then force update cagefsctl to update alt_php.ini of all individual users in server.

# cagefsctl –force-update

Now see my changes ๐Ÿ™‚

phpini3

 

 

 
phpini4

 

 

 

 

This should solve your issue