Articles in this section

DNS bind service fails on a Plesk server after recent bind package update: loading from master file /var/named/chroot/var/0.13.203.in-addr.arpa.next failed: too many records

Samuel Figueredo
Updated
kb: bug Plesk for Linux

Symptoms

  • bind package was recently updated

  • There are more than 100 configured PTR records:

    CONFIG_TEXT: MariaDB [psa]> select count(*) from dns_recs where type like "%PTR%";
    +----------+
    | count(*) |
    +----------+
    | 304 |
    +----------+

  • The DNS bind service fails with one of below error messages:

    CONFIG_TEXT: dnsmng[21870]: Dns zone candidate file '/var/named/chroot/var/0.13.203.in-addr.arpa.next' is not valid (strictMode:1). Changes are reverted. Reason: dns_master_load: /var/named/chroot/var/0.13.203.in-addr.arpa.next:295:2.0.13.203.in-addr.arpa: too many records#012zone 0.13.203.in-addr.arpa/IN: loading from master file /var/named/chroot/var/0.13.203.in-addr.arpa.next failed: too many records#012zone 0.13.203.in-addr.arpa/IN: not loaded due to errors.

    CONFIG_TEXT: named-checkconf[120268]: zone 0.13.203.in-addr.arpa/IN: loading from master file 0.13.203.in-addr.arpa failed: file not found
    named-checkconf[120268]: zone 0.13.203.in-addr.arpa/IN: not loaded due to errors.
    named-checkconf[120268]: _default/0.13.203.in-addr.arpa/IN: file not found
    systemd[1]: named-chroot.service: Control process exited, code=exited status=1
    systemd[1]: named-chroot.service: Failed with result 'exit-code'.
    systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).

  • plesk repair dns utility returns errors like:

    CONFIG_TEXT: System error 11: Resource temporarily unavailable
    Error during example.com updateZone: dnsmng failed: dnsmng: Unable to update reverse lookup zone

  • On AlmaLinux 9/Debian 12/Ubuntu 20, 22, 24 bind service is running, but not all zones are loaded:

    CONFIG_TEXT: named[133040]: dns_master_load: 0.13.203.in-addr.arpa:131:2.0.13.203.in-addr.arpa: too many records
    named[133040]: zone 0.13.203.in-addr.arpa/IN: loading from master file 0.13.203.in-addr.arpa failed: too many records
    named[133040]: zone 0.13.203.in-addr.arpa/IN: not loaded due to errors.

Cause

The bind service has been updated recently and includes patch for CVE-2024-1737 limiting amount of reverse records that can be loaded to 100.

Resolution

Update Plesk Obsidian to the latest version.

In some cases, files of reverse DNS zones may be missing after updating, preventing bind from start. Rebuild the zone files using the following command:

# plesk repair dns

Check for "DNS_RDATASET_MAX_RECORDS=10000" in /etc/sysconfig/named:

# grep DNS_RDATASET_MAX_RECORDS /etc/sysconfig/named

For Debian 11 and CentOS 7, the fix is not yet implemented, and the workaround is to downgrade bind packages:

CentOS 7

  1. Connect to the server via SSH.

  2. Downgrade bind and its packages to the previous version:

    # yum downgrade bind*

  3. Exclude bind-related packages from update by editing file /etc/yum.conf, adding the following line:

    CONFIG_TEXT: exclude=bind*

  4. Rebuild DNS configuration:

    # plesk repair dns -y

Debian 11

  1. Connect to the server via SSH.

  2. Downgrade bind and its packages to the previous version:

    # apt-get install bind9=1:9.16.48-1 bind9-dnsutils=1:9.16.48-1 bind9-host=1:9.16.48-1 bind9-libs=1:9.16.48-1 bind9-utils=1:9.16.48-1 dnsutils=1:9.16.48-1

  3. Exclude bind-related packages from update:

    # apt-mark hold bind9* dnsutils

  4. Rebuild DNS configuration:

    # plesk repair dns -y

Was this article helpful?

Comments

1 comment
Date Votes
  • Avatar
    Websavers Inc

    This appears to be an issue when using bind-9.11.36-16.el8_10.2 on AlmaLinux 8 as well. Downgrading to bind-9.11.36-14.el8_10.x86_64 solves it.

    1

Please sign in to leave a comment.