Articles in this section

Websites on Plesk cannot be resolved to the server with enabled DNS

Daniel Yordanov
Updated
Plesk for Windows Plesk for Linux kb: technical

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • Websites hosted on a Plesk server display one of the following errors when opened in a browser:

    CONFIG_TEXT: This site can’t be reached
    ERR_NAME_NOT_RESOLVED

    CONFIG_TEXT: DNS_PROBE_FINISHED_NXDOMAIN

  • A DNS Server is enabled in Tools & Settings > Services Management and no errors are provided on its restart.

Cause

The DNS query port 53 (TCP or UDP) is filtered by a firewall for incoming or outgoing (or both simutaneously) connections towards the Plesk server's IP address:

# nmap -p53 203.0.113.2
PORT STATE SERVICE
53/tcp filtered domain

# nmap -sU -p53 203.0.113.2
PORT STATE SERVICE
53/udp open|filtered domain

This prevents DNS resolution from being possible.

Resolution

Allow inbound and outbound connections on port 53 (TCP and UDP) in all firewalls (both local for the server and external on levels above it) that are related to your Plesk server.

Configuring firewall rules in case Plesk Firewall is used

  1. Log into Plesk.

  2. Make sure that Plesk Firewall is installed. If required, enable it to open all ports needed by Plesk automatically.

  3. If Plesk Firewall is installed and enabled, however, the rule Domain name server is missing, add a custom rule for opening port 53 in accordance with the article.

Configuring firewall rules via SSH (for Plesk on Linux)

  1. Connect to the server via SSH.

  2. Open port 53 (UDP and TCP) for incoming and outgoing connections in the local firewall:

    • For iptables:

    1. Open port 53 in iptables:

      # iptables -I INPUT -m tcp -p tcp --sport 53 -j ACCEPT
      # iptables -I INPUT -m udp -p udp --sport 53 -j ACCEPT
      # iptables -I INPUT -m udp -p udp --dport 53 -j ACCEPT
      # iptables -I INPUT -m tcp -p tcp --dport 53 -j ACCEPT

    2. To apply changes execute the command below:

      • for RHEL-based operating systems:

        # service iptables save

      • for Debian-based operating systems:

        # iptables-save > /etc/iptables/rules.v4

    • For firewalld:

      # firewall-cmd --permanent --add-port=53/tcp
      # firewall-cmd --permanent --add-port=53/udp
      # firewall-cmd --reload

Configuring firewall rules in Windows Firewall (for Plesk on Windows)

  1. Connect to the server via RDP.

  2. Go to Start > Control Panel > Windows Defender Firewall > Advanced Settings.

  3. Open the Inbound Rules and make sure that the following rules are enabled:
    wf.png

    Add them manually if required.

Note: If after applying the above steps port 53 is still shown as filtered (closed) in an online port checker (for example, ping.eu), that means that port is being filtered on a hosting/Internet service provider side. Please, contact your hosting/Internet service provider and ask them to open these ports for you.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.