• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved DNS zones not transfered with specific settings

slishy

New Pleskian
Server operating system version
CentOS 7.9
Plesk version and microupdate number
18.0.47#2
I am using Plesk's DNS service on my main (Plesk) server and have 2 child nameservers running bare Linux with named-chroot. This set up has been working fine for years until I changed the settings on my Plesk server to only listen to a specific IP address with the following parameters in DNS Settings > Settings for the whole server:
Code:
version "none";
auth-nxdomain no;
listen-on { IP4ADDRESS; 127.0.0.1; };
listen-on-v6 { IP6ADDRESS; ::1; };

Every once a week, I notice that on one of my child nameservers some zones are not being transferred. This only applies to domains that have been created a while ago (since version 12.5 and domains also created on the original Obsidian version). To fix this, I have to delete the above parameters from my settings, go to the affected nameserver and restart the named service. After that, I can apply the parameters back, save it and then restart the named service on the affected nameserver again.

What's strange is that this does not affect both child nameservers, only one of them. The error message on the affected nameserver is as follow:
Code:
zone domain.tld/IN: refresh: skipping zone transfer as master xx.xx.xx.xx#53 (source 0.0.0.0#0) is unreachable (cached)

The xx.xx.xx.xx IP address is the main IP of the Plesk server which I am no longer listening to, even though the domains that are affected are configured to listen to the IP address I do want them to listen to.

To be clear, I am using the option 'Only allow connections from localhost' but since I have multiple IP addresses configured on my Plesk server, I do not want to expose UDP 53 on the other addresses, even if I have them closed off on a firewall level. I've tried every possible solution there is and am out of options.

I need help with this since this requires me to do this every once a week and it's been like this for the past 6 months.
 
Did you check /etc/hosts and grep /etc for the wrong ip? If it happens only on one server it's probably hardcoded somewhere.
 
Full Transfer When you bring a new DNS server online and configure it to be a secondary server for an existing zone in your environment, it will perform a full transfer of all the zone information in order to replicate all the existing resource records for that zone.
 
Issue resolved. The .nzf file in the named directory is not replacing the old master IP's with the new ones. You will have to edit this file manually.
More an issue with named than with Plesk.
 
Back
Top