Applicable to:
- Plesk Obsidian for Linux
Symptoms
-
Plesk Email Security shows the warning below after some time of a correct work:
PLESK_WARN: DNS caching is disabled! Please use a local DNS server to improve SPAM recognition via blocklists (for instance systemd-resolved).
-
The following records might be found in
/var/log/plesk/panel.logwith enabled debug logging:CONFIG_TEXT: DEBUG [extension/email-security] [5e3e3f7a584fa] Starting: '/opt/psa/admin/bin/filemng' 'root' 'exec' '/' 'bash' '-c' 'host -tTXT 2.0.0.127.multi.uribl.com' '--allow-root', stdin:
DEBUG [extension/email-security] [5e3e3f7a584fa] Finished in 0.11335s, Error code: 0, stdout: 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 230.0.113.2]" \ -
The manual check returns the same message:
# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 230.0.113.2]"
Cause
Local DNS server (for caching) is not configured on the server.
When a server has many incoming/outgoing emails that come through spam check by block lists, for example, URIBL it might abuse DNS public lookup provided by such services and get a block after certain amount of successful checks. After that, a corresponding warning appears in Plesk Email Security extension.
Resolution
Warning: Configuration of the local DNS server to cache requests is the tasks that has to be configured by a server administrator.
Configure local DNS server to decrease the load on public DNS servers and avoid blocks from URIBL side.
For example, systemd-resolved can be configured as described here: https://geekflare.com/linux-server-local-dns-caching/
-
Install the BIND DNS server component if it's not yet:
Log into Plesk > Tools & Settings > Updates > Add and Remove Product Components > BIND DNS server > Install
-
Connect to the server via SSH.
-
Run a check against the test point:
# host -tTXT 2.0.0.127.multi.uribl.com
Usually, if caching is not enabled the response is:
CONFIG_TEXT: 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 203.0.113.2]"
-
Run
named-checkconfto check for syntax error in the configuration files:# named-checkconf
-
Add the local nameserver to the
/etc/resolv.conffile:# vi /etc/resolv.conf
add to the top of the file:
CONFIG_TEXT: nameserver 127.0.0.1
-
Restart BIND service (
named-chrootfor CentOS,bind9for Ubuntu/Debian):# service named-chroot restart || service bind9 restart
-
Check that the service is running:
# service named-chroot status || service bind9 restart
-
Wait a few minutes and then run the check against the endpoint again:
# host -tTXT 2.0.0.127.multi.uribl.com
This time the response should be:
CONFIG_TEXT: 2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"
If the error persists, stop and disable systemd-resolved service and replace 127.0.0.53 with 127.0.0.1 in /etc/resolv.conf
Note: If URIBL is not needed it might be simply disabled:
- Log into Plesk
- Go to Extensions > My extensions> Plesk Email Security > Server Settings tab > Advanced > DNSBL
- Switch off the URIBL block list
Comments
4 comments
doesn't work, changes keep being reset to defaults
The change within /etc/resolv.conf works only until the next server restart
@Vincent Lauton
there is a small mistake in point.7: service named-chroot status || service bind9 restart, please correct
None of this actually works. There is conflicting advice on various forums. My server is set to 127.0.0.1 as required in the BIND DNS tutorial, but the error message constantly appears.
Please sign in to leave a comment.