Applicable to:
- Plesk Onyx for Linux
Symptoms
- When Domains > example.com > DNS Settings is changed, changes are not applied to BIND.
-
CLI utility fails with the following error:
# /opt/psa/admin/sbin/dnsmng --update example.com
dnsmng: Error: unable to reload BIND service
dnsmng: Error: unable to reload BIND service -
BIND cannot be reloaded manually:
# service bind9 reload
[....] Reloading domain name service...: bind9rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid.
failed!
Cause
Incorrect key specified in /etc/named.conf or localhost has no control privileges for BIND.
Resolution
-
Log in to the server via SSH .
-
Ensure that file
/etc/bind/rndc.keyexists and that it has the following line:# cat /etc/bind/rndc.key
...
key rndc-key { algorithm hmac-md5; secret "somesecret"; };
...Also the following section should be present in
/etc/named.conf:# cat /etc/named.conf
...
key rndc-key {
algorithm hmac-md5;
secret "somesecret";
};
controls {
inet * port someport allow { 127.0.0.1;} keys {rndc-key;};
};
...
Comments
4 comments
Hi!
Same problem here, but no errors when doing "/opt/psa/admin/sbin/dnsmng --update example.com"
rndc works with no error (rndc reload example.com"
But bind does not read records files, and keep answering requests with old DNS info.
Any suggestion please?
Thanks,
Jorge.
Hello @Jorge,
There might be many causes due to which Bind does not load zones.
So to get the exact error it is required to perform following steps:
1. Reload Bind service.
If Debian/Ubuntu-based distributions are used, please use the following command:
If CentOS/RHEL-based distributions are used, please use the following one:
2. Check which records appear in /var/log/messages or /var/log/syslog files after the service reloading.
Once the exact error is gotten from the log file, I recommend you to search around our Knowledge base: Plesk Help Center
In case if nothing useful is found, please create a request to Plesk Technical Support: How to submit a request to Plesk support?
Hi @Daria!
After a good time of researching, I realized that the problem was with the signing and the serial.
The way I found to fix the problem was:
# rndc sync -clear <domain>
# rm -f /var/named/chroot/var/<domain>.* (except the zone file, keep it safe!)
# systemctl restart named-chroot
I hope this can help others.
By the way, I'm sorry I posted this issue twice :-)
Hello @Jorge,
Thank you for sharing the information!
Glad to hear that the issue was figured out :)
Please sign in to leave a comment.