Applicable to:
- Plesk Obsidian for Linux
Symptoms
-
Plesk Email Security shows the warning below after some time of a correct work:
PLESK_WARN: DNS caching is disabled! Please use a local DNS server to improve SPAM recognition via blocklists (for instance systemd-resolved).
-
The following records might be found in
/var/log/plesk/panel.log
with enabled debug logging:CONFIG_TEXT: DEBUG [extension/email-security] [5e3e3f7a584fa] Starting: '/opt/psa/admin/bin/filemng' 'root' 'exec' '/' 'bash' '-c' 'host -tTXT 2.0.0.127.multi.uribl.com' '--allow-root', stdin:
DEBUG [extension/email-security] [5e3e3f7a584fa] Finished in 0.11335s, Error code: 0, stdout: 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 230.0.113.2]" \ -
The manual check returns the same message:
# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 230.0.113.2]"
Cause
Local DNS server (for caching) is not configured on the server.
When a server has many incoming/outgoing emails that come through spam check by block lists, for example, URIBL it might abuse DNS public lookup provided by such services and get a block after certain amount of successful checks. After that, a corresponding warning appears in Plesk Email Security extension.
Resolution
Warning: Configuration of the local DNS server to cache requests is the tasks that has to be configured by a server administrator.
Configure local DNS server to decrease the load on public DNS servers and avoid blocks from URIBL side.
For example, systemd-resolved can be configured as described here: https://geekflare.com/linux-server-local-dns-caching/
-
Install the BIND DNS server component if it's not yet:
Log into Plesk > Tools & Settings > Updates > Add and Remove Product Components > BIND DNS server > Install
-
Connect to the server via SSH.
-
Run a check against the test point:
# host -tTXT 2.0.0.127.multi.uribl.com
Usually, if caching is not enabled the response is:
CONFIG_TEXT: 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 203.0.113.2]"
-
Run
named-checkconf
to check for syntax error in the configuration files:# named-checkconf
-
Add the local nameserver to the
/etc/resolv.conf
file:# vi /etc/resolv.conf
add to the top of the file:
CONFIG_TEXT: nameserver 127.0.0.1
-
Restart BIND service (
named-chroot
for CentOS,bind9
for Ubuntu/Debian):# service named-chroot restart || service bind9 restart
-
Check that the service is running:
# service named-chroot status || service bind9 restart
-
Wait a few minutes and then run the check against the endpoint again:
# host -tTXT 2.0.0.127.multi.uribl.com
This time the response should be:
CONFIG_TEXT: 2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"
If the error persists, stop and disable systemd-resolved service and replace 127.0.0.53 with 127.0.0.1 in /etc/resolv.conf
Note: If URIBL is not needed it might be simply disabled:
- Log into Plesk
- Go to Extensions > My extensions> Plesk Email Security > Server Settings tab > Advanced > DNSBL
- Switch off the URIBL block list
Comments
3 comments
doesn't work, changes keep being reset to defaults
The change within /etc/resolv.conf works only until the next server restart
@Vincent Lauton
there is a small mistake in point.7: service named-chroot status || service bind9 restart, please correct
Please sign in to leave a comment.