Articles in this section

See more

Plesk Email Security: DNS caching is disabled! Please use a local DNS server to improve SPAM recognition via blocklists (for instance systemd-resolved)

Avatar
Danil Dmitrienko
Updated
Follow

Applicable to:

  • Plesk Obsidian for Linux

Symptoms

  • Plesk Email Security shows the warning below after some time of a correct work:

    PLESK_WARN: DNS caching is disabled! Please use a local DNS server to improve SPAM recognition via blocklists (for instance systemd-resolved).

  • The following records might be found in /var/log/plesk/panel.log with enabled debug logging:

    CONFIG_TEXT: DEBUG [extension/email-security] [5e3e3f7a584fa] Starting: '/opt/psa/admin/bin/filemng' 'root' 'exec' '/' 'bash' '-c' 'host -tTXT 2.0.0.127.multi.uribl.com' '--allow-root', stdin:
    DEBUG [extension/email-security] [5e3e3f7a584fa] Finished in 0.11335s, Error code: 0, stdout: 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 230.0.113.2]" \

  • The manual check returns the same message:

    # host -tTXT 2.0.0.127.multi.uribl.com
    2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 230.0.113.2]"

Cause

Local DNS server (for caching) is not configured on the server.

When a server has many incoming/outgoing emails that come through spam check by block lists, for example, URIBL it might abuse DNS public lookup provided by such services and get a block after certain amount of successful checks. After that, a corresponding warning appears in Plesk Email Security extension.

Resolution

Workaround:

  1. Log into Plesk.

  2. Go to Extensions > My extensions> Plesk Email Security > Server Settings tab > Advanced > DNSBL

  3. Switch off the URIBL block list.

Resolution:

Warning: Configuration of the local DNS server to cache requests is the tasks that has to be configured by a server administrator.

Configure local DNS server to decrease the load on public DNS servers and avoid blocks from URIBL side. For example, systemd-resolved can be configured as described here: https://geekflare.com/linux-server-local-dns-caching/

Example steps for BIND DNS server shipped with Plesk:

  1. Install the BIND DNS server component if it's not yet:

    Log into Plesk > Tools & Settings > Updates > Add and Remove Product Components > BIND DNS server > Install

  2. Connect to the server via SSH.

  3. Run a check against the test point:

    # host -tTXT 2.0.0.127.multi.uribl.com

    Usually, if caching is not enabled the response is:

    CONFIG_TEXT: 2.0.0.127.multi.uribl.com descriptive text "127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml for more information [Your DNS IP: 203.0.113.2]"

  4. Run named-checkconf to check for syntax error in the configuration files:

    # named-checkconf

  5. Add the local nameserver to the /etc/resolv.conf file:

    # vi /etc/resolv.conf

    add to the top of the file:

    CONFIG_TEXT: nameserver 127.0.0.1

  6. Restart BIND service (named-chroot for CentOS, bind9 is Ubuntu/Debian):

    # service named-chroot restart

  7. Check that the service is running:

    # service named-chroot status

  8. Wait a few minutes and then run the check against the endpoint again:

    # host -tTXT 2.0.0.127.multi.uribl.com

    This time the response should be:

    CONFIG_TEXT: 2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles