Starting on October 19, 2021, we will enable single-sign-on for our Plesk Support Center to provide a seamless login/account experience. This implies that you’ll be able to use a single account across any of our web-facing properties.
To be prepared for this change and to avoid the need to register during your next ticket submission after the change, we encourage you to create an account here before October 19 using the same email address as your current Zendesk login (support account). It’s essential that you use the same email address on our support center to ensure that your tickets stay attached to the same account. You will continue to use ZenDesk authentication until we switch over to single-sign-on on October 19th.

Articles in this section

See more

Plesk Email Security: DNS caching is disabled! Please use a local DNS server to improve SPAM recognition via blocklists (for instance systemd-resolved)

Avatar
Mikhail Shport
Updated
Follow
kb: technical ext: pes ABT: Group B Plesk Obsidian for Linux

Applicable to:

  • Plesk Obsidian for Linux

Symptoms

  • Plesk Email Security shows the warning below after some time of a correct work:

    PLESK_WARN: DNS caching is disabled! Please use a local DNS server to improve SPAM recognition via blocklists (for instance systemd-resolved).

  • The following records might be found in /var/log/plesk/panel.log with enabled debug logging:

    CONFIG_TEXT: DEBUG [extension/email-security] [5e3e3f7a584fa] Starting: '/opt/psa/admin/bin/filemng' 'root' 'exec' '/' 'bash' '-c' 'host -tTXT 2.0.0.127.multi.uribl.com' '--allow-root', stdin:
    DEBUG [extension/email-security] [5e3e3f7a584fa] Finished in 0.11335s, Error code: 0, stdout: 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 230.0.113.2]" \

  • The manual check returns the same message:

    # host -tTXT 2.0.0.127.multi.uribl.com
    2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 230.0.113.2]"

Cause

Local DNS server (for caching) is not configured on the server.

When a server has many incoming/outgoing emails that come through spam check by block lists, for example, URIBL it might abuse DNS public lookup provided by such services and get a block after certain amount of successful checks. After that, a corresponding warning appears in Plesk Email Security extension.

Resolution

Warning: Configuration of the local DNS server to cache requests is the tasks that has to be configured by a server administrator.

Configure local DNS server to decrease the load on public DNS servers and avoid blocks from URIBL side.
For example, systemd-resolved can be configured as described here: https://geekflare.com/linux-server-local-dns-caching/

Example steps for BIND DNS server shipped with Plesk:

  1. Install the BIND DNS server component if it's not yet:

    Log into Plesk > Tools & Settings > Updates > Add and Remove Product Components > BIND DNS server > Install

  2. Connect to the server via SSH.

  3. Run a check against the test point:

    # host -tTXT 2.0.0.127.multi.uribl.com

    Usually, if caching is not enabled the response is:

    CONFIG_TEXT: 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 203.0.113.2]"

  4. Run named-checkconf to check for syntax error in the configuration files:

    # named-checkconf

  5. Add the local nameserver to the /etc/resolv.conf file:

    # vi /etc/resolv.conf

    add to the top of the file:

    CONFIG_TEXT: nameserver 127.0.0.1

  6. Restart BIND service (named-chroot for CentOS, bind9 is Ubuntu/Debian):

    # service named-chroot restart

  7. Check that the service is running:

    # service named-chroot status

  8. Wait a few minutes and then run the check against the endpoint again:

    # host -tTXT 2.0.0.127.multi.uribl.com

    This time the response should be:

    CONFIG_TEXT: 2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"

Note: If URIBL is not needed it might be simply disabled:

  1. Log into Plesk
  2. Go to Extensions > My extensions> Plesk Email Security > Server Settings tab > Advanced > DNSBL
  3. Switch off the URIBL block list

Comments

2 comments

Sort by Date Votes
  • Avatar
    Andrei L

    Hi,

     

    Can this be updated for Plesk Obsidian, Ubuntu 18?

    service named-chroot restart
    Failed to restart named-chroot.service: Unit named-chroot.service not found.

    service named-chroot status
    Unit named-chroot.service could not be found.

    0
    Comment actions Permalink
  • Avatar
    julian bonpland mignaquy

    Andrei L 
    Please check step 6:

    Restart BIND service (named-chroot for CentOS, bind9 is Ubuntu/Debian):

    So for Ubuntu it should be # service bind9 restart

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles