• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Forwarded to devs [DNSSEC] After the zone is disabled / reenabled Plesk doesn't automatically resign the zone

burnley

Regular Pleskian
Username: burnley

TITLE

[DNSSEC] After the zone is disabled / reenabled Plesk doesn't automatically resign the zone

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

CentOS Linux 7.8.2003 (Core) Plesk Obsidian Version 18.0.30 Update #3

PROBLEM DESCRIPTION

Using Plesk's DNSSEC extension v. 1.2.3-93. We have a client who'd accidentally disabled their zone, then reenabled it shortly after. The zone was previously signed and, after reenabling it, it became unsigned. However, at the registry WHOIS lookup reports "DNSSEC: signedDelegation". In this case, if there are no RRSIG the zone is dead. The fix was to go into Plesk and resign the zone.
Ideally Plesk remembers the DNSSEC signed / unsigned status on a zone during a disabled / reenabled cycle, just like it remembers the DNS records.

STEPS TO REPRODUCE

Sign a zone, disable it then reenable it. The RRSIG records are going AWOL.

ACTUAL RESULT

No RRSIG records, domain is dead

EXPECTED RESULT

Plesk resigns the zone following a disabled/enabled cycle for a DNSSEC signed zone.

ANY ADDITIONAL INFORMATION



YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Even adding a warning message that the zone needs to be re-signed when enabled would solve the problem. Its the lack of visibility rather than the functions themselves that is the problem.
 
Thank you for the report.
Bugreport was confirmed and submitted as EXTDNSSEC-69
 
Back
Top