Starting on October 19, 2021, we will enable single-sign-on for our Plesk Support Center to provide a seamless login/account experience. This implies that you’ll be able to use a single account across any of our web-facing properties.
To be prepared for this change and to avoid the need to register during your next ticket submission after the change, we encourage you to create an account here before October 19 using the same email address as your current Zendesk login (support account). It’s essential that you use the same email address on our support center to ensure that your tickets stay attached to the same account. You will continue to use ZenDesk authentication until we switch over to single-sign-on on October 19th.

Articles in this section

See more

Plesk does not update BIND zones

Avatar
julian bonpland mignaquy
Updated
Follow
Plesk Onyx for Linux kb: technical ABT: Group B

Applicable to:

  • Plesk Onyx for Linux

Symptoms

  • When Domains > example.com > DNS Settings is changed, changes are not applied to BIND.

  • CLI utility fails with the following error:

    # /opt/psa/admin/sbin/dnsmng --update example.com
    dnsmng: Error: unable to reload BIND service
    dnsmng: Error: unable to reload BIND service

  • BIND cannot be reloaded manually:

    # service bind9 reload
    [....] Reloading domain name service...: bind9rndc: connection to remote host closed
    This may indicate that
    * the remote server is using an older version of the command protocol,
    * this host is not authorized to connect,
    * the clocks are not synchronized, or
    * the key is invalid.
    failed!

Cause

Incorrect key specified in /etc/named.conf or localhost has no control privileges for BIND.

Resolution

  1. Log in to the server via SSH .

  2. Ensure that file /etc/bind/rndc.key exists and that it has the following line:

    # cat /etc/bind/rndc.key
    ...
    key rndc-key { algorithm hmac-md5; secret "somesecret"; };
    ...

    Also the following section should be present in /etc/named.conf:

    # cat /etc/named.conf
    ...
    key rndc-key {
    algorithm hmac-md5;
    secret "somesecret";
    };
    controls {
    inet * port someport allow { 127.0.0.1;} keys {rndc-key;};
    };
    ...

Comments

4 comments

Sort by Date Votes
  • Avatar
    Jorge

    Hi!

    Same problem here, but no errors when doing "/opt/psa/admin/sbin/dnsmng --update example.com"

    rndc works with no error (rndc reload example.com"

    But bind does not read records files, and keep answering requests with old DNS info.

    Any suggestion please?

    Thanks,

    Jorge.

     

    0
    Comment actions Permalink
  • Avatar
    Daria Gavrilova

    Hello @Jorge,

    There might be many causes due to which Bind does not load zones.

    So to get the exact error it is required to perform following steps:
    1. Reload Bind service.
    If Debian/Ubuntu-based distributions are used, please use the following command:

    service bind9 reload

    If CentOS/RHEL-based distributions are used, please use the following one:

    service named-chroot reload

    2. Check which records appear in /var/log/messages or /var/log/syslog files after the service reloading.

    Once the exact error is gotten from the log file, I recommend you to search around our Knowledge base: Plesk Help Center

    In case if nothing useful is found, please create a request to Plesk Technical Support: How to submit a request to Plesk support?

    0
    Comment actions Permalink
  • Avatar
    Jorge (Edited )

    Hi @Daria!

    After a good time of researching, I realized that the problem was with the signing and the serial.

    The way I found to fix the problem was:

    # rndc sync -clear <domain>

    # rm -f /var/named/chroot/var/<domain>.*  (except the zone file, keep it safe!)

    # systemctl restart named-chroot

     

    I hope this can help others.

    By the way, I'm sorry I posted this issue twice :-)


    1
    Comment actions Permalink
  • Avatar
    Daria Gavrilova

    Hello @Jorge,

    Thank you for sharing the information!

    Glad to hear that the issue was figured out :)

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles