[solved] LiteSpeed + Cloudlinux : DNS resolution failed

Discussion in 'Install/Configuration' started by benoit.georgelin, Jan 24, 2014.

  1. Hi guy,

    Is there any specific configuration about DNS resolution ?

    It only append with LiteSpeed.
    Using PHP Suexec with external LSAPI
    DNS resolution does't work all the time :(

    Sometime it is working normally and the every two refresh the resolution doesn't work.

    Thanks
    Last edited by a moderator: Jan 29, 2014
  2. NiteWave

    NiteWave Administrator

  3. Thanks for the link.

    When you are running Cloudlinux OS with Cagefs , what I'm supposed to configure for chroot option ?

    ExtApp Chroot Mode = Virtual Host Root

    Is it the best option ?

    Thanks
  4. mistwang

    mistwang LiteSpeed Staff

    No, you should turn off ExtApp chroot mode, just use CageFS.
  5. NiteWave

    NiteWave Administrator

    when running Cloudlinux OS with Cagefs, I think no need chroot.
    so this option under virtual host->ExtApp Chroot Mode will be ignored.
  6. There is no options about "chroot" into "ExtApp"
    The only one place I have seen is "VirtualHost => ExtApp =>Chroot Mode"

    And there is only 3 options :

    Same as Server: External application processes will be run in the same jail as the server.
    Virtual Host Root: Set chroot jail to the root directory of the virtual host. The external application script will only be able to access files inside the virtual host root.
    Customized Chroot Path: Specify the chroot path "ExtApp Chroot Path" below.

    Virtual Host Root looks to work good, but I'm not sure about what to do.

    Thanks
  7. This is still the main issue for me :/

    I really don't understand how that can work and then not work.
    I'm doing my test with this file :


    <?php
    $ip = gethostbyname('www.google.com');
    echo "Resolution pour www.google.com: $ip";
    echo "<br>";
    $ip = gethostbyname('mysql1.web4all.fr');
    echo "Resolution pour mysql1.web4all.fr: $ip";
    ?>

    Thanks for you help on this.
  8. mistwang

    mistwang LiteSpeed Staff

    use "Same as Server".
  9. I tried all the chroot option, there is no difference

    As you can see here :

    ** removed **

    Currently the option is "Same As server"

    When I try with the user account using SSH , mysql -h server.com it's working good, the DNS resolution is working


    Thanks
    Last edited: Jan 27, 2014
  10. mistwang

    mistwang LiteSpeed Staff

    Looks like it works to me.
  11. As I said, its working then it stop working for 2 times, then it
    I don't know why and this is really embarassing .

    How can we debug more ?

    Thanks
  12. Hi guys,

    Here another exemple :

    Code:
    Resolution pour www.google.com: www.google.com
    Resolution pour mysql1.web4all.fr: mysql1.web4all.fr
    I'm looking to switch from Apache2 to LiteSpeed for our entire infrastructure (about 20 HTTP servers) but first I need to try it in production system with a DNS resolution working because it's the only one thing that doesn't work properly.

    Do you think you can help me on that or shoud I stop to test your solution ?

    I think that should not append only to our environement .
    As it's only when I run LiteSpeed Web Server , if you cannot help me, just let me know.

    Thanks
    Last edited: Jan 29, 2014
  13. NiteWave

    NiteWave Administrator

    http://piwik.domain.net/resolv.php
    Code:
    Resolution pour www.google.com: 173.194.40.148
    Resolution pour mysql1.web4all.fr: 10.101.100.241
    
    of course, we'd like to know the reason, to help you, other customers and us :)

    the question is to how we can diagnose it. it'll be ideal if we can reproduce the issue in our lab. can you give us some hints most likely we can reproduce it by mimic your environment ?

    are these domains fixed number or too many or just random ?
    if only a few fixed number of these domains need to be resolved, can put domain-name IP
    in /etc/hosts (not /etc/resolv.conf)
    as a simple workaround until root cause discovered.

    when it always working under apache, it's also under cloudlinux ?
    Last edited: Jan 29, 2014
  14. For now I noticed this issue on several domains.
    More than 10 over the 30 I'm currently testing .

    The problem not all the time as you can see but if you try to refresh the page more than 10 times it should append for sure.
    Once it happen, you can refresh the page several times and got a good DN resolution . Then 10 times after you loose again the DNS resolution

    Currently I'm having the issue :

    Resolution pour www.google.com: www.google.com
    Resolution pour mysql1.web4all.fr: mysql1.web4all.fr

    To reproduce that on this website (links provided) :

    1- First refresh the page : http://piwik.domain.com/
    I'm pretty sure you will have directly an error about mysql and DNS resolution
    Code:
    SQLSTATE[HY000] [2005] Unknown MySQL server host 'mysql1.web4all.fr' (2)
    In that case, you will never get back to a DNS resolution until you try the file resolv.php

    IF YOU WAIT 30s (MaxIdleTimeout)

    2- Refresh the page http://piwik.domain.com/resolv.php
    You will have the DNS resolution working on that page :)

    Don't wait 30s an refresh the page http://piwik.domain.com/ it's gonna work :)

    IF YOU DON'T WAIT 30s (MaxIdleTimeout)

    2- Refresh the page http://piwik.domain.com/resolv.php
    You will have the DNS resolution error


    If you try many time the url : http://piwik.domain.com/resolv.php
    Or this one : http://piwik.domain.com/resolv-2.php
    Even without waiting 30s , you will reach a DNS resolution error too

    Our /etc/host only contain the local DNS server : 127.0.0.1

    It look like the litespeed process used by the external apps only care about /etc/hosts and don't do any others DNS request and sometimes it does .

    As you can see in the file attachment:

    1-Only /etc/hosts is checked
    Code:
    socket(PF_NETLINK, SOCK_RAW, 0)         = 4
    bind(4, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
    getsockname(4, {sa_family=AF_NETLINK, pid=32629, groups=00000000}, [12]) = 0
    sendto(4, "\24\0\0\0\26\0\1\3\315=\347R\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
    recvmsg(4, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\315=\347Ru\177\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 288
    recvmsg(4, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\315=\347Ru\177\0\0\0\0\0\0\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
    close(4)                                = 0
    open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 4
    fstat(4, {st_mode=S_IFREG|0644, st_size=175, ...}) = 0
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7650fa4000
    read(4, "127.0.0.1   localhost localhost."..., 4096) = 175
    read(4, "", 4096)                       = 0
    close(4)                                = 0
    munmap(0x7f7650fa4000, 4096)            = 0

    2-/etc/hosts checked and DNS query made
    Code:
    open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 4
    fstat(4, {st_mode=S_IFREG|0644, st_size=175, ...}) = 0
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa4404cc000
    read(4, "127.0.0.1   localhost localhost."..., 4096) = 175
    read(4, "", 4096)                       = 0
    close(4)                                = 0
    munmap(0x7fa4404cc000, 4096)            = 0
    socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4
    connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
    poll([{fd=4, events=POLLOUT}], 1, 0)    = 1 ([{fd=4, revents=POLLOUT}])
    sendto(4, "c<\1\0\0\1\0\0\0\0\0\0\6mysql1\7web4all\2fr\0\0"..., 35, MSG_NOSIGNAL, NULL, 0) = 35
    poll([{fd=4, events=POLLIN|POLLOUT}], 1, 5000) = 1 ([{fd=4, revents=POLLOUT}])
    sendto(4, "\234\367\1\0\0\1\0\0\0\0\0\0\6mysql1\7web4all\2fr\0\0"..., 35, MSG_NOSIGNAL, NULL, 0) = 35
    poll([{fd=4, events=POLLIN}], 1, 4999)  = 1 ([{fd=4, revents=POLLIN}])
    
    I'm not able to explain why :)

    With Apache2 , the OS is Cloudlinux, exactly the same . I just installed Litespeed on the server and shutdown Apache2


    Thanks

    Attached Files:

    Last edited: Jan 29, 2014
  15. NiteWave

    NiteWave Administrator

    you're right. what I see
    for
    is this also a lsphp process ?
  16. Yes it is, exactly the same.
  17. mistwang

    mistwang LiteSpeed Staff

    I wonder if CloudLinux LVE limit causes interim DNS lookup failure. Increase LVE limit see if the problem goes away.

    It is better to avoid the DNS lookup if the DB has a fixed domain name, set it in the /etc/hosts .
  18. It's not about Cloudlinux limit, it is working well with Apache2 and the user used doesn't use much the system resources .

    The question is not about having de Mysql Domain Name resolution, but having the DNS resolution working.
    It doesn't work for any resolution name. Did you had a look on the trace file mistwang ??
  19. mistwang

    mistwang LiteSpeed Staff

    I read those strace logs, I think it might be that /etc/resolv.conf sometimes for some reason is not available when lsphp process was started, all requests served by that lsphp process will not query DNS server, only check against /etc/hosts .

    If lsphp process can read /etc/resolv.conf when process starts, DNS query will be performed for all requests served.

    Need to strace lsphp5 process from very beginning to find out what happened.

    Maybe you can change the lsphp5 external app command to use "strace -o <logfile> lsphp5 ...." to start lsphp5 for that account.
  20. Here is the very beginning of the main process :


    Code:
    open("/etc/host.conf", O_RDONLY)        = -1 ENOENT (No such file or directory)
    futex(0x7fbc91d213a4, FUTEX_WAKE_PRIVATE, 2147483647) = 0
    open("/etc/resolv.conf", O_RDONLY)      = 3
    fstat(3, {st_mode=S_IFREG|0644, st_size=21, ...}) = 0
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc94838000
    read(3, "nameserver 127.0.0.1\n", 4096) = 21
    read(3, "", 4096)                       = 0
    close(3)                                = 0
    munmap(0x7fbc94838000, 4096)            = 0
    uname({sys="Linux", node="http1-apache-01a", ...}) = 0
    open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 3
    fstat(3, {st_mode=S_IFREG|0644, st_size=175, ...}) = 0
    mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbc94838000
    read(3, "127.0.0.1   localhost localhost."..., 4096) = 175
    close(3)                                = 0
    
    
    It looks ok about the file resolv.conf

    Thanks for you help

Share This Page