Applicable to:
- Plesk for Linux
Symptoms
-
Plesk is running on a Debian/Ubuntu-based distribution.
-
When updating the DNS zone of a domain or clicking Apply DNS Template at Domains > example.com > Hosting & DNS > DNS, the page redirects to Home/Domains and shows the message:
PLESK_WARN: Permission denied.
-
The following error message is logged in
/var/log/plesk/panel.log
:CONFIG_TEXT: ERR [panel] Error during example.com updateZone: dnsmng failed: :
0: /opt/psa/admin/plib/Service/Dns/Connector/Plesk.php:14
Service_Dns_Connector_Plesk->commitChanges()
1: /opt/psa/admin/plib/Service/Dns/Connector/Proxy.php:207
Service_Dns_Connector_Proxy->commitChanges()
2: : -
The following messages are logged in
/var/log/syslog
:CONFIG_TEXT: dnsmng[3324250]: Dns zone candidate file '/var/named/run-root/var/example.com.next' is not valid (strictMode:1). Changes are reverted. Reason:
dnsmng[3324250]: > /var/named/run-root/var/example.com.next:43: DS record at top of zone (example.com)
dnsmng[3324250]: > /var/named/run-root/var/example.com.next:44: DS record at top of zone (example.com)
Cause
Domain's DNS zone (example.com in this example) is not properly set up: it had DS records (generated by DNSSEC) that point to itself:
By design, the DS records must be added to the parent DNS zone. For example, for the subdomain sub.example.com it will be the zone of example.com (managed by Plesk DNS). For example.com it will be .com (managed by DNS of domain registrar).
Resolution
-
Go to Domains > example.com > Hosting & DNS > DNS and remove all DS records that point to itself.
-
Update the DNS zone.
-
Add DS records that hold the parent zone of example.com on the domain registrar side.
Note: To get all domains with DS records, run this command in SSH console:
# plesk db -Ne "select host from dns_recs where type='DS'"
Comments
1 comment
I am transferring DNS from my registrar to Plesk, how can add the DS record by registrar?
Please sign in to leave a comment.