Issue DNSSEC on Ububtu 22.04 LTS

[Thomas Wilhelmi]

Server operating system version

Ubuntu 22.04.2 LTS

Plesk version and microupdate number

Version 18.0.52

Hello,

I configured DNS with Plesk and it worked like a charme. But than I tried to configure DNSSEC. I followed the intructions in this link:

DNSSEC configuration

After restart of the DNS-Service the DNSSEC-Zone is not loading. In the Server-Log I find this messages:

May 1 22:47:32 xxxxxxxx named[1640185]: domain.tld:32: DS record at top of zone (domain.tld)
May 1 22:47:32 xxxxxxxx named[1640185]: zone domain.tld/IN (unsigned): loading from master file domain.tld failed: at top of zone
May 1 22:47:32 xxxxxxxx named[1640185]: zone domain.tld/IN (unsigned): not loaded due to errors.

But nothing said that the domain is loaded.

Anything in the mentioned link wich should be there and that I have to do?

Oh, All Extensions and software are up to date.

Best ragrds

 

[MarkM]

Have you tried repairing DNS?

# plesk repair dns -y

 

[Thomas Wilhelmi]

Yes, more than once because my issue with "invalid IP address" is also back. But it is also back if I disable DNSSEC. But if it is diasbaled the zone is loaded successfully.

 

[Thomas Wilhelmi]

I made a little more research and found out that DNSSEC is working right after signing and insert the DS-records. I get the following messages in the log:

May 2 22:20:24 xxxxxxxx named[481440]: domain.tld:32: DS record at top of zone (domain.tld)
May 2 22:20:24 xxxxxxxx named[481440]: zone domain.tld/IN (unsigned): loading from master file domain.tld failed: at top of zone
May 2 22:20:24 xxxxxxxx named[481440]: zone domain.tld/IN (unsigned): not loaded due to errors.
May 2 22:20:24 xxxxxxxx named[481440]: zone domain.tld/IN (signed): reconfiguring zone keys
May 2 22:20:24 xxxxxxxx named[481440]: zone domain.tld/IN (signed): next key event: 02-May-2023 23:20:24.075

As said: it's working. I cann't find the trabsfer-message to the secondary but probably no issue.

Than I restart the named-service and only get the following messages:

May 2 22:25:59 xxxxxxxx named[499385]: domain.tld:32: DS record at top of zone (domain.tld)
May 2 22:25:59 xxxxxxxx named[499385]: zone domain.tld/IN (unsigned): loading from master file domain.tld failed: at top of zone
May 2 22:25:59 xxxxxxxx named[499385]: zone domain.tld/IN (unsigned): not loaded due to errors.

and the zone is not loaded.

Any help would be appriciated

 

[H.W.B]

Hello,
I got the same problems.
I had a server with Centos 7. No problems. DNSSEC works fine.
Changed to UBUNTU 22.04 LTS.
Installed DNSSEC App.
All kinds of problems with the nameserver of plesk not giving any records (with DIG command).
After UNSIGNING the domains, and updating the Registar and secondaire DNS server) it works again.
When i then removed the DNSSEC app, everything was NOT resolvable!!!
So no DNSSEC was not used on any domain, but when removing the DNSSEC app that did something that nothing was working on the primary DNS (Plesk).
When reinstalling the DNSSEC app (but not using it) everythng works fine again.
So i think that there is a problem with the DNSSEC app and UBUNTU.

Henk

 

[learning_curve]

~~~
So i think that there is a problem with the DNSSEC app and UBUNTU.
Henk

Having read through what's been posted in this thread so far... you might be right with that ^ assumption.

FWIW There's nothing wrong with Plesk / Ubuntu 22.04.* LTS / DNSSEC - IF - the DNS and therefore, the DNSSEC / DANE etc etc is all external to Plesk and is 100% managed externally to Plesk too. I say that, because that's the setup we have on all Cloud servers and there's zero issues with any / all of these items.