Archives

How to flush the DNS cache

After you change the nameservers for your site, you will want to clear the DNS cache.

Notice that clearing the Windows OS/Chrome cache after you’ve changed the nameservers for your site, doesn’t guarantee that your site will load from the new server. You will need to wait for the new nameservers to propagate to the nodes near your location.

For Windows OS:

Search Windows for “cmd” (Command Prompt). In the Command Prompt window, type ipconfig /flushdns

Microsoft Windows [Version 10.0.15063]
(c) 2017 Microsoft Corporation. All rights reserved.

C:\Users\Max>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Max>
Windows Command Prompt
Windows Command Prompt

If you are using a recent version of Windows – like Windows 10 – you can also use the Windows PowerShell. Use the same command ipconfig /flusdns :

Windows PowerShell
Copyright (C) 2016 Microsoft Corporation. All rights reserved.

PS C:\Users\Max> ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
PS C:\Users\Max>
Windows PowerShell
Windows PowerShell

Some browsers keep a DNS cache which is independent from the one used by the OS. For example, in Google Chrome, navigate to chrome://net-internals/#dns and click the “Clear host cache” button.

Google Chrome Clear host cache
Google Chrome Clear host cache

You can also clear the DNS cache for your domain at the Google Flush Cache

Share this post:

Add a DMARC record to your domain in cPanel

What is DMARC?

According to dmarc.org :

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

DMARC is a policy with which the sender indicates the message is protected by DKIM and /or SPF. It also tells the receiver what to do with the message if DKIM/SPF authentication fails.

Please check the DMARC resources (from the end of this article) before creating a DMARC record. You can use an online tool to create a DMARC record. Check the DMARC Tools page.

To set a DMARC record for your domain:

  1. Log into cPanel
  2. Navigate to Zone Editor (DOMAINS section)
  3. On the row with the desired domain, click the Manage link
  4. Click the down arrow   from the right of the Add Record button.
  5. Select Add DMARC Record from the drop-down list
  6. Modify any DMARC settings (see below) and click the Add Record button
cPanel DMARC
cPanel DMARC

 

DMARC Settings

Policy Action
None No action is taken; you can use this setting to monitor DMARC
Quarantine Messages will be marked as spam
Reject Messages will be rejected

 

Parameter Settings
Subdomain Policy Action for subdomain policy. Same options as for the main domain policy.
DKIM Mode Relaxed – the system allows some messages from domains that it doesn’t recognize.
Strict – the system will reject all messages from domains that it doesn’t recognize.
SPF Mode Relaxed – the system allows some messages from senders that it doesn’t recognize.
Strict – the system will reject all messages from senders that it doesn’t recognize.
Percentage Default value is 100. It represents the percentage of the email messages you want the system to filter.
Generate Failure Reports When All Checks Fail – report will be send if all checks fail
Any Checks Fail – report will be send if any checks fail
Report Format AFRF – Authentication Failure Reporting Format
IODEF – Incident Object Description Exchange Format
Report Interval The time in seconds between each aggregate email message report. The default value is 86400 (24 hours).

The video tutorial for setting a DMARC record:

 

If you’ve added a valid email for the Send Aggregate Mail Reports To, you will receive a message from receivers that support DMARC, like in the example bellow:

From: noreply@dmarc.yahoo.com
To: admin@plothost.com
Subject: Report Domain: plothost.com Submitter: yahoo.com Report-ID: <1496110592.916792>
In the attachment you will see an XML file with the same name as the zip archive.

<?xml version="1.0"?>	
<feedback>	
  <report_metadata>	
    <org_name>Yahoo! Inc.</org_name>	
    <email>postmaster@dmarc.yahoo.com</email>	
    <report_id>1496110592.916792</report_id>	
    <date_range>	
      <begin>1496016000</begin>	
      <end>1496102399 </end>	
    </date_range>	
  </report_metadata>	
  <policy_published>	
    <domain>plothost.com</domain>	
    <adkim>r</adkim>	
    <aspf>r</aspf>	
    <p>none</p>	
    <pct>100</pct>	
  </policy_published>	
  <record>	
    <row>	
      <source_ip>d02.plothost.com</source_ip>	
      <count>1</count>	
      <policy_evaluated>	
        <disposition>none</disposition>	
        <dkim>fail</dkim>	
        <spf>fail</spf>	
      </policy_evaluated>	
    </row>	
    <identifiers>	
      <header_from>plothost.com</header_from>	
    </identifiers>	
    <auth_results>	
      <dkim>	
        <domain>web.plothost.com</domain>	
        <result>neutral</result>	
      </dkim>	
      <spf>	
        <domain>web.plothost.com</domain>	
        <result>none</result>	
      </spf>	
    </auth_results>	
  </record>	
</feedback>		

Resources:
DMARC Website at https://dmarc.org/overview/
DMARC Tools – record creation, lookup, check etc
Google recommendations for DMARC here
cPanel Zone Editor Documentation

Share this post:

What you can do with the cPanel Track DNS tools

cPanel Track DNS option consists in two tools: Domain Lookup and Trace Route.

Domain lookup will tell you the IP of the domain and more information about the DNS of the domain. To use the cPanel Domain Lookup:

  1. We assume you’ve already logged in to cPanel
  2. In the ADVANCED section you will see the Track DNS link. Click on it.
  3. Enter the domain you want to look up and click the Look Up button
  4. You will see the IP(s) of the domain and the DNS information.

For example, for the yahoo.net domain, we get:

yahoo.net has address 206.190.42.177
yahoo.net has address 72.30.203.4
yahoo.net has address 217.12.15.37
yahoo.net has address 98.138.79.55

Zone Information

; <<>> DiG 9.9.4-RedHat-9.9.4-38.el7_3.3 <<>> yahoo.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21642
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;yahoo.net. IN A

;; ANSWER SECTION:
yahoo.net. 1799 IN A 217.12.15.37
yahoo.net. 1799 IN A 72.30.203.4
yahoo.net. 1799 IN A 98.138.79.55
yahoo.net. 1799 IN A 206.190.42.177

;; Query time: 50 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri May 05 10:43:42 PDT 2017
;; MSG SIZE rcvd: 102

 

cPanel Track DNS cPanel Track DNS

 

The trace route function allows you to see the route from your computer to the server. To use the cPanel Trace Route function:

  1. We assume you’ve already logged in to cPanel
  2. In the ADVANCED section you will see the Track DNS link. Click on it.
  3. Click the Trace button
  4. You will see the hops between you and the server.

The video on how to use the cPanel Domain Lookup tool:

Share this post:

How to check if a domain is on the server

You have a lot of domains and you want to quickly check if a domain exists on the server. Just run the shell command: grep yourdomain /etc/userdomains

root@web [~]# grep demo.plothost.com /etc/userdomains
demo.plothost.com: plothost
root@web [~]#

In this case, the domain “demo.plothost.com” exists and it belongs to user “plothost”.

You may also want to know if the domain resolves to your server/IP. Use:

root@web [~]# dig demo.plothost.com

; <<>> DiG 9.9.0-RedHat-9.9.0-38.el7_3.2 <<>> demo.plothost.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30116
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;demo.plothost.com.             IN      A

;; ANSWER SECTION:
demo.plothost.com.      5388    IN      A       162.255.100.100

;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Mar 20 04:11:52 PDT 2017
;; MSG SIZE  rcvd: 62

root@web [~]#

If the domain has an cPanel account you can search for it in WHM -> Account Information -> List Accounts.

WHM Search Account
WHM Search Account

On all our reseller plans you can host an unlimited number of domains. Check the offer here.

Share this post:

Partial DNS resolver failure – how to fix

You came here probably because you are receiving email messages from cPanel with a subject : “[yourhostcom] ⚠ Partial DNS resolver failure”.  Such emails look like:

This indicates an issue with the DNS resolvers from the file /etc/resolv.conf. So we need to remove it.

We recommend the use of the Google DNS servers – 8.8.8.8 and 8.8.4.4. More info at https://developers.google.com/speed/public-dns/. You should also talk with your web host.

To edit the file etc/resolv.conf you need to login to your server as “root”. The file contains now:

nameserver 127.0.0.1
nameserver 8.8.8.8

After removing the first line and adding the second Google server, it will be:

nameserver 8.8.8.8
nameserver 8.8.4.4
It’s very probable that you will receive such messages again after the server restart. These messages are due to the fact you are on a virtual environment and you are using a DNS system (like PowerDNS) which does not provide a caching nameserver.
Share this post: