Articles in this section

See more

Plesk does not update BIND zones

Avatar
Denis Bykov
Updated
Follow

Applicable to:

  • Plesk Onyx for Linux

Symptoms

Plesk does not update BIND zones.

When DNS is changed via Plesk, changes are not applied to BIND.

CLI utility fails with the following error:

Cannot update zone using Plesk utility:

# /opt/psa/admin/sbin/dnsmng --update example.com
dnsmng: Error: unable to reload BIND service
dnsmng: Error: unable to reload BIND service

BIND cannot be reloaded manually:

# service bind9 reload
[....] Reloading domain name service...: bind9rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid.
failed!

Cause

Incorrect key specified in /etc/named.conf

OR:

Localhost has no control privileges for BIND.

Resolution

1. Log in to the server via SSH .

2. Ensure that file /etc/bind/rndc.key exists and have:

# vi /etc/bind/rndc.key
...
     key rndc-key {
         algorithm hmac-md5;
         secret "somesecret";
     };
...

And also there is a proper section in /etc/named.conf :

# vi /etc/named.conf
...
     key rndc-key {
         algorithm hmac-md5;
         secret "somesecret";
     };

         controls {
         inet * port someport allow { 127.0.0.1;} keys {rndc-key;};
         };
...

Comments

4 comments

Sort by Date Votes
  • Avatar
    Jorge

    Hi!

    Same problem here, but no errors when doing "/opt/psa/admin/sbin/dnsmng --update example.com"

    rndc works with no error (rndc reload example.com"

    But bind does not read records files, and keep answering requests with old DNS info.

    Any suggestion please?

    Thanks,

    Jorge.

     

    0
    Comment actions Permalink
  • Avatar
    Daria Gavrilova

    Hello @Jorge,

    There might be many causes due to which Bind does not load zones.

    So to get the exact error it is required to perform following steps:
    1. Reload Bind service.
    If Debian/Ubuntu-based distributions are used, please use the following command:

    service bind9 reload

    If CentOS/RHEL-based distributions are used, please use the following one:

    service named-chroot reload

    2. Check which records appear in /var/log/messages or /var/log/syslog files after the service reloading.

    Once the exact error is gotten from the log file, I recommend you to search around our Knowledge base: Plesk Help Center

    In case if nothing useful is found, please create a request to Plesk Technical Support: How to submit a request to Plesk support?

    0
    Comment actions Permalink
  • Avatar
    Jorge (Edited )

    Hi @Daria!

    After a good time of researching, I realized that the problem was with the signing and the serial.

    The way I found to fix the problem was:

    # rndc sync -clear <domain>

    # rm -f /var/named/chroot/var/<domain>.*  (except the zone file, keep it safe!)

    # systemctl restart named-chroot

     

    I hope this can help others.

    By the way, I'm sorry I posted this issue twice :-)


    0
    Comment actions Permalink
  • Avatar
    Daria Gavrilova

    Hello @Jorge,

    Thank you for sharing the information!

    Glad to hear that the issue was figured out :)

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles