Issue DNSSEC timed out or failed

[Lexz]

Good afternoon,

Last week we tested the implementation of DNSSEC on our Plesk servers.
Almost everything seems to work fine, including our slave DNS (this is not a Plesk Server).

But when we run a DNS test on Zonemaster, DNSViz | A DNS visualization tool or DNSSEC Analyzer
We keep getting an error on our Plesk DNS. (see the screenshot). It seems that the DNS is not responding on the DNSKEY.
Someone can help us with this problem? I can send the testdomain in a private message if needed

 

[IgorG]

Are there any other firewall/router that can block such traffic?
Looks like that something blocks UDP packets by size outside the server.
As a workaround, you may use the max-udp-size option set to 512 in the Bind's configuration file /var/named/chroot/etc/named.conf. It will limit the max UDP packets size sent by the server and force them over TCP. It is possible that some Global DNS themself do not even try to use TCP when UDP packets are blocked.
However, I recommend you search for a permanent fix of the issue by finding what blocks such packets outside the server (datacenter, internet provider, etc.) because such changes in the configuration file are just a workaround.

 

[Lexz]

Hello IgorG.

Thank you very much for your answer!
I was thinking about the same options.

I'm going to ask my datacenter about the router configuration.
If I found the solution/problem, I will post it.


If there are other tips, let me know.

 

[Hans | Pixel Creation]

Almost everything seems to work fine, including our slave DNS (this is not a Plesk Server).

I'm trying to get a similar setup running. Could you explain to me how you got DNSSEC working in combination with the Slave DNS Manager plugin?