Forwarded to devs [DNSSEC] After the zone is disabled / reenabled Plesk doesn't automatically resign the zone

[burnley]

Username: burnley

TITLE

[DNSSEC] After the zone is disabled / reenabled Plesk doesn't automatically resign the zone

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

CentOS Linux 7.8.2003 (Core) Plesk Obsidian Version 18.0.30 Update #3

PROBLEM DESCRIPTION

Using Plesk's DNSSEC extension v. 1.2.3-93. We have a client who'd accidentally disabled their zone, then reenabled it shortly after. The zone was previously signed and, after reenabling it, it became unsigned. However, at the registry WHOIS lookup reports "DNSSEC: signedDelegation". In this case, if there are no RRSIG the zone is dead. The fix was to go into Plesk and resign the zone.
Ideally Plesk remembers the DNSSEC signed / unsigned status on a zone during a disabled / reenabled cycle, just like it remembers the DNS records.

STEPS TO REPRODUCE

Sign a zone, disable it then reenable it. The RRSIG records are going AWOL.

ACTUAL RESULT

No RRSIG records, domain is dead

EXPECTED RESULT

Plesk resigns the zone following a disabled/enabled cycle for a DNSSEC signed zone.

ANY ADDITIONAL INFORMATION



YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug

 

[burnley]

Even adding a warning message that the zone needs to be re-signed when enabled would solve the problem. Its the lack of visibility rather than the functions themselves that is the problem.

 

[IgorG]

Thank you for the report.
Bugreport was confirmed and submitted as EXTDNSSEC-69