Articles in this section

See more

Plesk does not update BIND zones

Avatar
Julian Bonpland Mignaquy
Updated
Follow
Plesk Onyx for Linux kb: technical ABT: Group B

Applicable to:

  • Plesk Onyx for Linux

Symptoms

  • When Domains > example.com > DNS Settings is changed, changes are not applied to BIND.

  • CLI utility fails with the following error:

    # /opt/psa/admin/sbin/dnsmng --update example.com
    dnsmng: Error: unable to reload BIND service
    dnsmng: Error: unable to reload BIND service

  • BIND cannot be reloaded manually:

    # service bind9 reload
    [....] Reloading domain name service...: bind9rndc: connection to remote host closed
    This may indicate that
    * the remote server is using an older version of the command protocol,
    * this host is not authorized to connect,
    * the clocks are not synchronized, or
    * the key is invalid.
    failed!

Cause

Incorrect key specified in /etc/named.conf or localhost has no control privileges for BIND.

Resolution

  1. Log in to the server via SSH .

  2. Ensure that file /etc/bind/rndc.key exists and that it has the following line:

    # cat /etc/bind/rndc.key
    ...
    key rndc-key { algorithm hmac-md5; secret "somesecret"; };
    ...

    Also the following section should be present in /etc/named.conf:

    # cat /etc/named.conf
    ...
    key rndc-key {
    algorithm hmac-md5;
    secret "somesecret";
    };
    controls {
    inet * port someport allow { 127.0.0.1;} keys {rndc-key;};
    };
    ...

Comments

4 comments

Sort by Date Votes
  • Avatar
    Jorge

    Hi!

    Same problem here, but no errors when doing "/opt/psa/admin/sbin/dnsmng --update example.com"

    rndc works with no error (rndc reload example.com"

    But bind does not read records files, and keep answering requests with old DNS info.

    Any suggestion please?

    Thanks,

    Jorge.

     

    0
    Comment actions Permalink
  • Avatar
    Daria Gavrilova

    Hello @Jorge,

    There might be many causes due to which Bind does not load zones.

    So to get the exact error it is required to perform following steps:
    1. Reload Bind service.
    If Debian/Ubuntu-based distributions are used, please use the following command:

    service bind9 reload

    If CentOS/RHEL-based distributions are used, please use the following one:

    service named-chroot reload

    2. Check which records appear in /var/log/messages or /var/log/syslog files after the service reloading.

    Once the exact error is gotten from the log file, I recommend you to search around our Knowledge base: Plesk Help Center

    In case if nothing useful is found, please create a request to Plesk Technical Support: How to submit a request to Plesk support?

    0
    Comment actions Permalink
  • Avatar
    Jorge (Edited )

    Hi @Daria!

    After a good time of researching, I realized that the problem was with the signing and the serial.

    The way I found to fix the problem was:

    # rndc sync -clear <domain>

    # rm -f /var/named/chroot/var/<domain>.*  (except the zone file, keep it safe!)

    # systemctl restart named-chroot

     

    I hope this can help others.

    By the way, I'm sorry I posted this issue twice :-)


    1
    Comment actions Permalink
  • Avatar
    Daria Gavrilova

    Hello @Jorge,

    Thank you for sharing the information!

    Glad to hear that the issue was figured out :)

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles