• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Forwarded to devs [DNSSEC] After the zone is disabled / reenabled Plesk doesn't automatically resign the zone

burnley

burnley

Regular Pleskian
Username: burnley

TITLE

[DNSSEC] After the zone is disabled / reenabled Plesk doesn't automatically resign the zone

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

CentOS Linux 7.8.2003 (Core) Plesk Obsidian Version 18.0.30 Update #3

PROBLEM DESCRIPTION

Using Plesk's DNSSEC extension v. 1.2.3-93. We have a client who'd accidentally disabled their zone, then reenabled it shortly after. The zone was previously signed and, after reenabling it, it became unsigned. However, at the registry WHOIS lookup reports "DNSSEC: signedDelegation". In this case, if there are no RRSIG the zone is dead. The fix was to go into Plesk and resign the zone.
Ideally Plesk remembers the DNSSEC signed / unsigned status on a zone during a disabled / reenabled cycle, just like it remembers the DNS records.

STEPS TO REPRODUCE

Sign a zone, disable it then reenable it. The RRSIG records are going AWOL.

ACTUAL RESULT

No RRSIG records, domain is dead

EXPECTED RESULT

Plesk resigns the zone following a disabled/enabled cycle for a DNSSEC signed zone.

ANY ADDITIONAL INFORMATION



YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Even adding a warning message that the zone needs to be re-signed when enabled would solve the problem. Its the lack of visibility rather than the functions themselves that is the problem.
 
Thank you for the report.
Bugreport was confirmed and submitted as EXTDNSSEC-69
 
You must log in or register to reply here.

Similar threads

Ehud
Issue DNSSEC creation leaves website Zones/DNS unsigned, and it's not clear what is needed to be done
Replies
6
Views
1K
Pacifer
P
burnley
Forwarded to devs Using Plesk DNS is impossible to configure G Suite
Replies
3
Views
1K
IgorG
IgorG
burnley
Forwarded to devs Obsidian 18.0.28 on CentOS 7: cookieSettings.loginFormEntrypointEnabled doesn't seem to work
Replies
1
Views
695
IgorG
IgorG
EmilioO
Forwarded to devs After upgrading to Plesk 18.0.30 apache stops randomly.
2
Replies
22
Views
5K
K8L
K8L
B
Issue Webpages are no longer reachable after update from 17.8 to 18.0
Replies
0
Views
2K
Brovning
B
Back
Top