Articles in this section

Why was AWStats deprecated, what tool replaces it, and what happens to existing servers and domains that still use AWStats?
AWStats traffic significantly differs from Plesk traffic stats in a domain
How to enable the local DNS zone for a Plesk domain?
DNS bind service fails on a Plesk server after recent bind package update: loading from master file /var/named/chroot/var/0.13.203.in-addr.arpa.next failed: too many records
How to track which file is being most downloaded on a website on a Plesk server?
Why is it not possible to add a DS record to a root domain in Plesk?
Unable to start BIND DNS server service on a server with Plesk for Debian/Ubuntu: option 'dnssec-enable' no longer exists
How to disable the automatic "notify-to-soa yes" in named.conf for domains in a Plesk server?
Installing extension Slave DNS Manager on Plesk for Windows fails: BIND DNS Server is not installed. To install Slave DNS Manager in Plesk for Windows, copy the "rndc.exe" file to the "C:\Program Files (x86)\Plesk\dns\bin\rndc.exe" folder
Plesk warning: "Domain is not resolvable" on domains that resolve to Cloudflare
See more

Unable to reload DNS service on Plesk server: invalid command from 127.0.0.1#41838: bad auth

Denis Pankov

Updated January 13, 2026 19:05

Plesk for Linux

Applicable to:

Plesk for Linux

Symptoms

Some DNS records are not propagated automatically. Manual DNS service restart resolves this issue.
Unable to reload the DNS service:

# service bind9 reload

Job for bind9.service failed because the control process exited with error code. See "systemctl status bind9.service" and "journalctl -xe" for details.
The next rows appear in the /var/log/syslog or /var/log/messages files in an attempt to reload the DNS service:

CONFIG_TEXT: systemd[1]: Reloading BIND Domain Name Server.
named[24013]: invalid command from 127.0.0.1#41838: bad auth
rndc[24290]: rndc: connection to remote host closed
rndc[24290]: This may indicate that
rndc[24290]: * the remote server is using an older version of the command protocol,
rndc[24290]: * this host is not authorized to connect,
rndc[24290]: * the clocks are not synchronized,
rndc[24290]: * the key signing algorithm is incorrect, or
rndc[24290]: * the key is invalid.
systemd[1]: bind9.service: Control process exited, code=exited status=1
systemd[1]: Reload failed for BIND Domain Name Server.
There are two different keys specified in the /etc/named.conf and /etc/bind/rndc.key (or /etc/rndc.key) files:

# /etc/named.conf

key "rndc-key" {
algorithm hmac-md5;
secret "CeMgS**********yv0x40Q==";
};

# cat /etc/bind/rndc.key

key "rndc-key" {
algorithm hmac-md5;
secret "aff2YA**********FRkj/g==";
};

Cause

Two different keys are in conflict with each other.

Resolution

Use the same key in both files:

Connect to the server via SSH.
Get the key from the /etc/bind/rndc.key (or /etc/rndc.key) file and copy it.

# cat /etc/bind/rndc.key

key "rndc-key" {
algorithm hmac-md5;
secret "aff2YA**********FRkj/g==";
};
Open the /etc/named.conf and/or /etc/bind/rndc.conf file via any text editor and modify change the key to the correct one received from the previous step:

CONFIG_TEXT: [BEFORE]

key "rndc-key" {
algorithm hmac-md5;
secret "CeMgS**********yv0x40Q==";
};

CONFIG_TEXT: [AFTER]

key "rndc-key" {
algorithm hmac-md5;
secret "aff2YA**********FRkj/g==";
};
Restart the DNS service:

# service bind9 restart

OR

# service named-chroot restart

Comments

1 comment

Jan Heil
November 21, 2025 20:40

OMG! It held like 20 DNS Records on my installation, sometimes DNS changes took months…
Why is there no error response in the frontend?

0

Please sign in to leave a comment.