Failed to start PowerDNS authoritative server error resolved by our team.

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team recently helped a customer when they failed to start PowerDNS authoritative server.

What is the “failed to start PowerDNS authoritative server” error?

Is your PowerDNS failing to start? Moreover, do you get the following error while using the /scripts/restartsrv_pdns script?

Startup Log
 Feb 04 09:04:15 host.name.tld systemd[1]: pdns.service: main process exited, code=exited, status=218/CAPABILITIES
 Feb 04 09:04:15 host.name.tld systemd[1]: Failed to start PowerDNS Authoritative Server.
 Feb 04 09:04:15 host.name.tld systemd[1]: Unit pdns.service entered failed state.
 Feb 04 09:04:15 host.name.tld systemd[1]: pdns.service failed.

cPanel & WHM version 94 is shipped with a brand new RPM for PowerDNS. It includes a couple of new additions to the systemd unit file. Unfortunately, these changes are incompatible with older kernels. In other words, PowerDNS is unable to start.

However, our Support Team has come up with a workaround solution for this specific scenario.

How to resolve the “failed to start PowerDNS authoritative server” error?

Interestingly, this particular error has been observed only in servers that use extremely old kernels. We can still resolve this issue by updating the kernel to the latest version with this command:

yum update kernel

Another solution is to bring DNS online. We can consider changing from PowerDNS to BIND:

/scripts/setupnameserver bind

This results in the following output:

WARNING: If you switch your nameserver away from PowerDNS, your DNS server will no longer serve DNSSEC records.
You must ensure that the domains do not have DS records configured at their domain registrar.
Failure to do so will cause DNS resolution issues.

Are you sure you want to switch to "bind" [y/n]?

Replying ‘y’ to this message will cause the switch from PowerDNS to BIND to take place.

However, if you would rather keep PowerDNS as your operational environment until the kernel is updated, our Support Techs have a solution for that as well. Furthermore, our Support Team would like to point out that this workaround will decrease the security of PowerDNS installation.

Hence we recommend updating the kernel as soon as possible.

In order for the workaround to work, we have to first make an override.conf file for PowerDNS as seen below:

mkdir /etc/systemd/system/pdns.service.d/
vi /etc/systemd/system/pdns.service.d/override.conf
cat /etc/systemd/system/pdns.service.d/override.conf

[Service]
User=root
Group=root
AmbientCapabilities=
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT CAP_DAC_READ_SEARCH

After that, we have to reload the systemctl daemon, and then restart the PowerDNS service as seen below:

systemctl daemon-reload
systemctl restart pdns.service
systemctl status pdns.service

This results in:

pdns.service - PowerDNS Authoritative Server
   Loaded: loaded (/usr/lib/systemd/system/pdns.service; enabled; vendor preset: disabled
  Drop-In: /etc/systemd/system/pdns.service.d
           └─override.conf
   Active: active (running) since Wed 2021-03-03 11:54:24 EST; 6s ago
     Docs: man:pdns_server(1)
           man:pdns_control(1)
           https://doc.powerdns.com
 Main PID: 19871 (pdns_server)
   CGroup: /system.slice/pdns.service
           └─19871 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no –write-pid=no

[Need further help? We are available 24/7.]

Conclusion

To sum up, the skilled Support Engineers at Bobcares demonstrated how to deal with failed to start PowerDNS error.