• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

dnssec-enable + filter-aaaa-on-v4 yes; used in /etc/bind/named.conf.options while a new string should be used: dnssec-validation yes;

Ehud

Ehud

Basic Pleskian
Username:

TITLE

dnssec-enable + filter-aaaa-on-v4 yes; used in /etc/bind/named.conf.options while a new string should be used: dnssec-validation yes;

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk Obsidian 18.0.52.3
OS version: Ubuntu 22.04 x86_64
Build date: 2023/05/16 12:00
apache2 -v
Server version: Apache/2.4.57 (Ubuntu)
Server built: 2023-04-08T12:56:02

nginx version: nginx/1.22.1

BIND 9.18.12-0ubuntu0.22.04.1-Ubuntu (Extended Support Version) <id:>
(failing...)

PROBLEM DESCRIPTION

The /etc/bind/named.conf.options file, seems to contain a phrase not used any more in BIND causing named not to start.


dnssec-enable

should most liely be:
dnssec-validation yes;


filter-aaaa-on-v4 yes;
kb.isc.org

Filter AAAA option in BIND 9

When acting as a resolver, BIND 9 has an option to filter AAAA (IPv6 address) records returned to the client, based on the transport used for the query (IPv4 or IPv6) and other filtering conditions. This filtering does not affect the recursive queries made by the server (if any) as a result of...
kb.isc.org kb.isc.org
options { minimal-responses yes; edns-udp-size 512; };



the include was for a missing file
include "/etc/named-user-options.conf";


I have generated it, and placed in it:

options {
minimal-responses yes;
edns-udp-size 512;
};


How come I had all of this OLD configuration?

STEPS TO REPRODUCE

failed to start the service
failed to gain access to DNS port 53

ACTUAL RESULT

working to fix in progress

EXPECTED RESULT

a fix

ANY ADDITIONAL INFORMATION

please let me know of your opinion.

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Help with sorting out
 
The bind service status was failed.

I had the data provided in the Plesk server, coming from Plesk. Those values were causing the BIND service not to start.

My Plesk server was installed on 2018. Possibly BIND was never activated... And remained for some reason on an old version.

As you could see from the above report, the configuration files, contained various configuration, which caused the server not to start. Among them:

1) An Include file which was not there...

2) I have added the content to the include file:
options {
minimal-responses yes;
edns-udp-size 512;
};

3) dnssec-enable was on server, although it's (no longer?) not supported

4) filter-aaaa-on-v4 yes; was on server, although it's (no longer?) not supported
 
The file missing was:

/etc/named-user-options.conf

That file is called as "include" in the service main configuration file. I have seen it's a "known" error, as there is a Plesk KB article for it. This was not considered a BUG although it should.
 
I don't know how your original deployment is like but in my test ubuntu 22 instance this is the configuration for /etc/bind/named.conf.option

Bash: 
$ cat /etc/bind/named.conf.options
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        listen-on-v6 { any; };
};

Contents of /etc/named.conf

Bash: 
$ cat /etc/named.conf
// $Id: named.conf,v 1.1.1.1 2001/10/15 07:44:36 kap Exp $

// -- THE FOLLOWING LINES WERE GENERATED BY PLESK. IF YOU MODIFY THEM, THEY WILL BE OVERWRITTEN WHEN THESE SETTINGS ARE MANAGED IN PLESK UI. --
options {
        allow-recursion {
                localnets;
        };
        include "/etc/named-user-options.conf";
        directory "/var";
        pid-file "/var/run/named/named.pid";
};

key "rndc-key" {
        algorithm hmac-md5;
        secret "doesntMatterButYankedAnywaysSecret=";
};

controls {
        inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};

zone "." {
        type hint;
        file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
        type master;
        file "localhost.rev";
};
// -- END OF LINES GENERATED BY PLESK. --


// -- PLEASE ADD YOUR CUSTOM DIRECTIVES BELOW THIS LINE. --
// ...
// -- END OF YOUR CUSTOM DIRECTIVES. --


// -- ALL LINES BELOW WERE GENERATED BY PLESK. IF YOU MODIFY THEM, THEY WILL BE OVERWRITTEN WHEN THESE SETTINGS ARE MANAGED IN PLESK UI. --

zone "blah.test" {
        type master;
        file "blah.test";
        allow-transfer {
                doesntMatterButYankedAnywaysIP;
                common-allow-transfer;
        };
};
acl common-allow-transfer {
        none;
};

I do not have /etc/named-user-options.conf on both my test and production server but it doesn't matter anyways since it's only to include it if there's anything added, if there's nothing to add then it doesn't matter and would be skipped.

Also, if you've upgraded your Ubuntu instance, chances are your config files wouldn't be touched and your DNS configs wouldn't be touched either if you've never modified anything.

Also, have you tried doing a repair on the DNS? The steps to do so can be found athttps://support.plesk.com/hc/en-us/articles/12377867916439-How-to-rebuild-reconfigure-DNS-configuration-file-and-zone-files-of-domains
 
Solution was to set the parameters as described in the beginning of this thread. Otherwise, service wont' work.
 
You must log in or register to reply here.
Back
Top