• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Completely disable BIND?

C

cmadams

Guest
Is there a way to completely turn off BIND in Plesk (10.4.4 on RHEL 6)? I don't want it running at all. I'm not using Plesk to manage DNS for my domains (we have dedicated DNS servers and a version control system for zone management). I don't want an unused service (especially BIND, given its security history) listening on network ports. I'd also like to set up Unbound as a local caching resolver (I trust it a lot more than BIND), just listening on localhost, but BIND grabs port 53 (on all IPs).

Doing a "chkconfig named off" doesn't help, as the "psa" service manually starts BIND.

There are several "hacks" I could use to short-circuit Plesk's attempts to start BIND, but I'd prefer to see an "official" way to configure Plesk (rather than hack around behind its back).
 
That doesn't actually stop the BIND service though. It stops Plesk from configuring zones for hosted domains (although Plesk still creates a bogus reverse zone for the server's install IP, which is part of why I don't want to use the Plesk-configured BIND for recursive DNS), but the Plesk startup script (/etc/init.d/psa) always starts BIND (service named).
 
Not sure that you can completely disable BIND for Plesk because DIND is tightly integrated to Plesk as important part of Plesk behaviour.
You can just firewall BIND port for security reason as you want.
 
Firewalling it means a bloated service with a poor security history is always running, and that I can't start a different local resolver (because port 53 is already taken). There's nothing in Plesk that requires BIND to be running (it is relatively easy to hack around Plesk's forced starting of BIND and run without it). I can't use the Plesk-configured BIND as a local resolver because Plesk configures a bogus reverse zone for the initial install IP that I don't see any way to configure.
 
Hi cmadams,

I realise this isn't what you wanted, but I thought I'd tell you what we do :)

On our VPS's where we don't want to run bind we switch it off in chkconfig / watchdog (which I don't trust to keep it off tbh) and we edit the /etc/init.d/psa file apparently with this command :

sed -i 's/named_service="named"/named_service=""/' /etc/init.d/psa

Though of course if Plesk overwrites the file it needs doing again etc etc

We've been doing this for several months, but thinking on it I haven't checked to see whether bind is staying off or not :( . I'll add that to my todo list...

Paul.
 
Well, to share my work-around (should work on RHEL/Fedora/similar systems):

- The psa init script checks for /var/lock/subsys/named (the standard init-script "I'm running" flag file), so I created the following init script as /etc/init.d/fake-named (mode 0755):

#!/bin/sh
# chkconfig: - 12 88
# description: Fake starting BIND (to keep Plesk from running it)
touch /var/lock/subsys/named
exit 0
Click to expand...

Then do "chkconfig --add fake-named" and "chkconfig fake-named on". The psa init script will now always think BIND is running and not attempt to start it.

- As a safety-check beyond that, the named init script always sources /etc/sysconfig/named to get additional config, so I added an "exit 0" to the end (so the init script always exits before doing anything).
 
You must log in or register to reply here.

Similar threads

S
Question Problem with Backup/Restore during Linux-update
Replies
8
Views
1K
SiegbertG
S
B
Question Can I make Mailcow Dockerized the main Mailserver on Plesk Obsidian + Debian 12 platform
Replies
1
Views
654
bosse1
B
B
Question Can Mailcow Dockerized be made the main Mailserver on Plesk Obsidian + Debian 12 platform
Replies
0
Views
632
bosse1
B
webdig
Question Multiple servers in same nameserver
Replies
4
Views
1K
Tobias Sorensson
T
TorbHo
Question Transfer of DKIM Key to DNS
Replies
2
Views
795
TorbHo
TorbHo
Back
Top