Applicable to:
- Plesk for Linux
- Plesk for Windows
Symptoms
-
Websites hosted on a Plesk server display one of the following errors when opened in a browser:
CONFIG_TEXT: This site can’t be reached
ERR_NAME_NOT_RESOLVED
CONFIG_TEXT: DNS_PROBE_FINISHED_NXDOMAIN
-
A DNS Server is enabled in Tools & Settings > Services Management and no errors are provided on its restart.
Cause
The DNS query port 53 (TCP or UDP) is filtered by a firewall for incoming or outgoing (or both simutaneously) connections towards the Plesk server's IP address:
# nmap -p53 203.0.113.2
PORT STATE SERVICE
53/tcp filtered domain
# nmap -sU -p53 203.0.113.2
PORT STATE SERVICE
53/udp open|filtered domain
This prevents DNS resolution from being possible.
Resolution
Allow inbound and outbound connections on port 53 (TCP and UDP) in all firewalls (both local for the server and external on levels above it) that are related to your Plesk server.
-
Make sure that Plesk Firewall is installed. If required, enable it to open all ports needed by Plesk automatically.
-
If Plesk Firewall is installed and enabled, however, the rule Domain name server is missing, add a custom rule for opening port 53 as per the article.
-
Connect to the server via SSH.
-
Open port 53 (UDP and TCP) for incoming and outgoing connections in the local firewall:
- For
iptables
:
-
Open port 53 in
iptables
:# iptables -I INPUT -m tcp -p tcp --sport 53 -j ACCEPT
# iptables -I INPUT -m udp -p udp --sport 53 -j ACCEPT
# iptables -I INPUT -m udp -p udp --dport 53 -j ACCEPT
# iptables -I INPUT -m tcp -p tcp --dport 53 -j ACCEPT -
To apply changes execute the command below:
-
for RHEL-based operating systems:
# service iptables save
-
for Debian-based operating systems:
# iptables-save > /etc/iptables/rules.v4
-
-
For
firewalld
:# firewall-cmd --permanent --add-port=53/tcp
# firewall-cmd --permanent --add-port=53/udp
# firewall-cmd --reload
- For
-
Connect to the server via RDP.
-
Go to Start > Control Panel > Windows Defender Firewall > Advanced Settings.
-
Open the Inbound Rules and make sure that the following rules are enabled:
Add them manually if required.
Note: If after applying the above steps port 53 is still shown as filtered (closed) in an online port checker (for example, ping.eu), that means that port is being filtered on a hosting/Internet service provider side. Please, contact your hosting/Internet service provider and ask them to open these ports for you.
Comments
0 comments
Please sign in to leave a comment.