Applicable to:
- Plesk Obsidian for Linux
Symptoms
-
Plesk Email Security shows the warning below after some time of a correct work:
PLESK_WARN: DNS caching is disabled! Please use a local DNS server to improve SPAM recognition via blocklists (for instance systemd-resolved).
-
The following records might be found in
/var/log/plesk/panel.logwith enabled debug logging:CONFIG_TEXT: DEBUG [extension/email-security] [5e3e3f7a584fa] Starting: '/opt/psa/admin/bin/filemng' 'root' 'exec' '/' 'bash' '-c' 'host -tTXT 2.0.0.127.multi.uribl.com' '--allow-root', stdin:
DEBUG [extension/email-security] [5e3e3f7a584fa] Finished in 0.11335s, Error code: 0, stdout: 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 230.0.113.2]" \ -
The manual check returns the same message:
# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 230.0.113.2]"
Cause
Local DNS server (for caching) is not configured on the server.
When a server has many incoming/outgoing emails that come through spam check by block lists, for example, URIBL it might abuse DNS public lookup provided by such services and get a block after certain amount of successful checks. After that, a corresponding warning appears in Plesk Email Security extension.
Resolution
Warning: Configuration of the local DNS server to cache requests is the tasks that has to be configured by a server administrator.
Configure local DNS server to decrease the load on public DNS servers and avoid blocks from URIBL side.
For example, systemd-resolved can be configured as described here: https://geekflare.com/linux-server-local-dns-caching/
-
Install the BIND DNS server component if it's not yet:
Log into Plesk > Tools & Settings > Updates > Add and Remove Product Components > BIND DNS server > Install
-
Connect to the server via SSH.
-
Run a check against the test point:
# host -tTXT 2.0.0.127.multi.uribl.com
Usually, if caching is not enabled the response is:
CONFIG_TEXT: 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 203.0.113.2]"
-
Run
named-checkconfto check for syntax error in the configuration files:# named-checkconf
-
Add the local nameserver to the
/etc/resolv.conffile:# vi /etc/resolv.conf
add to the top of the file:
CONFIG_TEXT: nameserver 127.0.0.1
-
Restart BIND service (
named-chrootfor CentOS,bind9is Ubuntu/Debian):# service named-chroot restart
-
Check that the service is running:
# service named-chroot status
-
Wait a few minutes and then run the check against the endpoint again:
# host -tTXT 2.0.0.127.multi.uribl.com
This time the response should be:
CONFIG_TEXT: 2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"
Note: If URIBL is not needed it might be simply disabled:
- Log into Plesk
- Go to Extensions > My extensions> Plesk Email Security > Server Settings tab > Advanced > DNSBL
- Switch off the URIBL block list
Comments
3 comments
Hi,
Can this be updated for Plesk Obsidian, Ubuntu 18?
service named-chroot restart
Failed to restart named-chroot.service: Unit named-chroot.service not found.
service named-chroot status
Unit named-chroot.service could not be found.
Andrei L
Please check step 6:
Restart BIND service (
named-chrootfor CentOS,bind9is Ubuntu/Debian):So for Ubuntu it should be # service bind9 restart
I don't think the instructions are entirely correct. Manual changes in the /etc/resolv.conf file are overwritten with each restart of the server or the systemd-resolve service.
Please sign in to leave a comment.