Whois on my server's ip address not working

Post Reply
SamSpade
Junior Member
Posts: 6
Joined: 29 Jul 2016, 10:42

Whois on my server's ip address not working

Post by SamSpade »

I am running latest CSF on Centos 7.3 with latest CPanel release 66. CSF is configured as per profile protection_high.

The following instructions were done on my server's CLI.

whois my-hostname ---> works perfect
whois my-server-ip ----> time out error

but

whois 8.8.8.8 ---> works perfect :-?

After verifying that my provider did not block anything related to port 43 or whois, I deactivated CSF and LSF temporarily (csf -x) et voilà whois on my ip address even works perfect. Switching CSF on again (csf -e) whois on my server address again results in time out error.

The question is where to look in the CSF configuration? :-/

Do you have any ideas?

PS IPv6 ist blacklisted and disabled. Port 43 is already whitelisted in TCP_OUT.

Edit: Switching to protection_medium --> same problem, switching to default profile ---> works
SamSpade
Junior Member
Posts: 6
Joined: 29 Jul 2016, 10:42

Re: Whois on my server's ip address not working

Post by SamSpade »

Did a clean install of Centos 7.3 and CSF 10.22 in Virtualbox. With CSF deactivated or CSF activated with profile reset_to_defaults the whois command operates as expected. After applying profile protection_high, medium or low the whois server is unreachable.

That applies only for querying IP addresses. Queries of domain names work fine.

Any ideas on how to solve that?

Edit: The first log entries regarding whois time outs showed up on July 12, 2017.
Last edited by SamSpade on 29 Aug 2017, 07:13, edited 2 times in total.
sawbuck
Junior Member
Posts: 366
Joined: 10 Dec 2006, 16:20

Re: Whois on my server's ip address not working

Post by sawbuck »

Probably where I'd start is a file compare with the reset_to_defaults.conf and protection_low.conf files in /usr/local/csf/profiles
SamSpade
Junior Member
Posts: 6
Joined: 29 Jul 2016, 10:42

Re: Whois on my server's ip address not working

Post by SamSpade »

Problem solved: The ip adress of whois.ripe.net belongs to The Netherlands and unfortunately NL was listed as a TLD in the CC_DENY field. Removed that and everything works as a charme again ;-) I always thought ripe.net would be located in the US ;-/
Post Reply