• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Can not add DS-records, domain is required field since update

J

Johndenkis

New Pleskian
We are trying to add DS-records to a DNS-zone to activate DNSSEC but since one of the last Plesk updates, the domain field became required. This means you are only allowed to add DS-records in a sub-domain case. This used to me allowed even if the domain field is empty and it has always worked like it should. We can't even update existing DS-records in which the domain field is empty now for it is required.

Steps to reproduce:
In Plesk, go to Websites & Domains -> example.com -> DNS settings, try to add a new DS-record and don't fill in the (sub)domain field.

Suggested solution:
Remove the GUI required field check on the domain field when someone adds a new DS-record, or edits an existing one.

Plesk Obsidian Web Host Edition 18.0.64 Update #1

Scherm­afbeelding 2024-10-29 om 11.22.34.png
 
The reason for us to be doing this, is because we follow these steps in order to activate DNSSEC:
  1. Under Plesk -> Websites & Domains -> Example.com -> DNSSEC-settings we start the signing and choose the desired settings.
  2. We copy over the dnskey-records and place these into our panel over at sidn.nl (top level domain .nl, we are a registrar)
  3. We (used to) copy over the provided DS-records and put these into the DNS-zone of the desired domain under Plesk -> Websites & Domains -> Example.com -> DNS, as this zone is the primairy DNS-zone, as pointed by the nameservers of the domain name.
The example above is how it always worked and the domains tested positive for having DNSSEC enabled.

The following is explained on the Configuring DNSSEC for a Domain page:

To update DS records in the parent zone:

For a domain in Plesk, whose parent zone is outside Plesk, update DSrecords at the domain’s registrar.
For a subdomain of a domain hosted in Plesk and having the DNS zone inPlesk:
  1. Go to DNS settings of the parent domain (Websites & Domains > goto the parent domain > DNS Settings).
  2. Add new records of the DS type (Add Record) and paste thevalues that Plesk displays in the DS resource records box in theDNSSEC settings of the subdomain.
Click to expand...

But in our situation, the domain is in Plesk, but the parent zone is also inside Plesk and is also NOT a subdomain.
Am I seeing something wrong? Is a so called parent zone not the same as a Primairy DNS? We directly host our DNS-zones within the Plesk Subscription.
 
Johndenkis said:
The reason for us to be doing this, is because we follow these steps in order to activate DNSSEC:
  1. Under Plesk -> Websites & Domains -> Example.com -> DNSSEC-settings we start the signing and choose the desired settings.
  2. We copy over the dnskey-records and place these into our panel over at sidn.nl (top level domain .nl, we are a registrar)
  3. We (used to) copy over the provided DS-records and put these into the DNS-zone of the desired domain under Plesk -> Websites & Domains -> Example.com -> DNS, as this zone is the primairy DNS-zone, as pointed by the nameservers of the domain name.
Click to expand...
The 3rd step is only necessary if you want to sign/secure a sub domain. The frist two steps should suffice when securing a second level domain name (e.g example.com).
 
Kaspar said:
The 3rd step is only necessary if you want to sign/secure a sub domain. The frist two steps should suffice when securing a second level domain name (e.g example.com).
Click to expand...
We've tested this and the 3rd step was indeed not needed, the DNSSEC was resolved without it. That makes this case solved.
I wont bother you with numbers but it's unbelievable how many times in the past we've made these DS-records by hand, 2 sometimes 4 records per domain, all for nothing. Thank you for the great support!
 
You must log in or register to reply here.

Similar threads

Stordia
Resolved Cannot add DS records on domain DNS
Replies
5
Views
541
AYamshanov
AYamshanov
Hangover2
Question Update specific nameserver for all domains
Replies
1
Views
339
Kaspar@Plesk
Kaspar@Plesk
Ehud
Issue DNSSEC creation leaves website Zones/DNS unsigned, and it's not clear what is needed to be done
Replies
6
Views
2K
Pacifer
P
K
Resolved Environment variable for DNS related update events always passes new domain back
Replies
3
Views
830
Kaspar@Plesk
Kaspar@Plesk
weareimpulse
Resolved DNS issue since update - new domains do not resolve
Replies
10
Views
857
weareimpulse
weareimpulse
Back
Top