• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Help with Slave DNS Manager

T

Tyson_Moore

Basic Pleskian
Server operating system version
CloudLinux 8.6
Plesk version and microupdate number
Plesk Obsidian Version 18.0.48
To me this is not a Plesk/Slave DNS Manager issue, but hoping someone has tried the same setup.

pfSense - Plesk
- Almalinux 8.7 with cPanel DNS Only
- cPanel

Azure - cPanel DNS Only

- Setup behind pfSense is 1:1 NAT.
- Plesk and cPanel are in same external range. Almalinux box on different range. All on same internal range.
- cPanel and Plesk can talk to Azure box, but can't talk to Almalinux box.
- cPanel DNS Cluster configuration check reports back the information from the Almalinux box (The Trust Relationship has been established. The remote server, x.x.x.x is running WHM version: 10.0.0. The new role for x.x.x.x is write-only.).
- Firewall disabled on Almalinux.
- pfSense firewall rules are in place for necessary ports.
- Port scans (multiple sites) show the ports are open.
- cPanel shows the error: "Could not communicate with remote API server.".
- Plesk shows the error: "rndc: recv failed: connection reset.".
- SELinux has been disabled.

Nothing is coming up in pfSense saying that traffic is blocked between Plesk/cPanel and the Almalinux box. Telnet to the ports go through.

The only other thing I can think of is reading somewhere that they can't be on the same internal IP range if you're doing NAT of any sort.

Any help with sorting this would be greatly appreciated!
 
OK, just setup the DNS Clustering on the Azure box to the Almalinux box and that worked. So it's either a failure of the API key or the internal IP range issue.
 
OK, so I am revisiting this issue.

I have setup a new Almalinux box with a Public IP Address (DNS server), rather than NAT behind a firewall.

The cPanel DNS Cluster works, but Plesk with DNS Slave Manager doesn't, despite getting the green tick.

Attached are some of the logs from pfSense Packet Capture.

I haven't really touched packet captures. I can see that it is going from the LAN IP Address and MAC Address of the hosting server and then to the MAC Address of the Firewall and Public IP Address of the DNS server.

Hopefully someone can decipher the logs better than I can and tell me where things are going wrong.
 

Attachments

  • dns-slave-manager_LAN.txt.zip
    3.4 KB · Views: 2
  • dns-slave-manager_WAN.txt.zip
    3.4 KB · Views: 1
Hi, quick seeing into txt files have not helped me to figure out what is going wrong. The 'green tick' means it works on the network level as expected, at least for the 'status' command. I suggest checking log files for DNS services on the slave (and master) servers.
 
AYamshanov said:
Hi, quick seeing into txt files have not helped me to figure out what is going wrong. The 'green tick' means it works on the network level as expected, at least for the 'status' command. I suggest checking log files for DNS services on the slave (and master) servers.
Click to expand...

OK, about the only logs were from the hosting server. It looks like the issue is it gets to the Firewall and doesn't get past that. For some reason it isn't passing the information through to the Public IP of the DNS server, despite the packet capture showing that it's trying to send it to the correct IP Address. Checked netstat and there didn't appear to be a connection from the hosting server to the DNS server, so, that again says to me that it's not leaving the Firewall.

I may have to go back to digging a bit into pfSense. I may see if I can use the second DNS server to install Plesk and Slave DNS Manager and see if it will send the information successfully from one Public IP to another. That will then determine once and for all if pfSense is at fault.

Your thoughts on all this (after checking the log file) would be greatly appreciated.
 

Attachments

  • dns-logs.txt.zip
    2.8 KB · Views: 3
netstat is showing a connection (most of the time) to the DNS server from Plesk. But there is still no transfer of the zone files/information. Any other ideas? If the connection is established, you would expect the extension to actually be working.
 
May have found the issue... it appears traffic to port 953 may not fully be working. The port isn't showing as open on port scans, even though it's in the list of ports that should be open (port alias in pfSense). Everything else appears as open. Netstat shows that it is listening on port 953. I have tried an old fashioned port redirect too, and that didn't work. Tried a telnet connection from the cPanel hosting server to the Plesk server using the LAN Address and that failed. A telnet to localhost on each machine connected. A connection to the DNS goes through from the Plesk server and my PC.

Surely it shouldn't be Firewall related, as the ports are open, but it seems to be the only thing that makes sense now.
 
I can get it to connect on port 953 by doing the below:
controls {
inet * port 953 allow { 127.0.0.1; } keys { "rndc-key-hosting-IP"; };
};

The problem is that Plesk will reset this and if you set it in the custom section it doesn't appear to override the default configuration.
 
Tyson_Moore said:
it appears traffic to port 953 may not fully be working.
Click to expand...
In this case, you will not see "green tick" because the extension requests the 'status' via "rndc" tool that is used the 953/tcp port.

Tyson_Moore said:
The problem is that Plesk will reset this and if you set it in the custom section it doesn't appear to override the default configuration.
Click to expand...
hm... if you have added a slave server via Slave DNS Manager, you don't need to manage config on the master server, only on the slave DNS.
1673427253940.png


Is it possible to get logs from slave DNS server (not from the Plesk server)?
 
AYamshanov said:
In this case, you will not see "green tick" because the extension requests the 'status' via "rndc" tool that is used the 953/tcp port.


hm... if you have added a slave server via Slave DNS Manager, you don't need to manage config on the master server, only on the slave DNS.
View attachment 22331


Is it possible to get logs from slave DNS server (not from the Plesk server)?
Click to expand...
Everything looks like it should work. I have the green tick. Netstat shows connections coming through to the slave server. But there is no transfer of the zones.

I will run the tests I was doing again tomorrow morning (my time) and reply with a run down of all the things that are working and what isn't.

Will check if the logs show anything on the slave server, but I don't think there was anything.
 
When the slave DNS receives the command to get zone (via rndc tool) from the master DNS, it connects to master DNS to get zone. It is different network connection in another direction. If slave DNS get commands, it should log the error. If slave DNS has issues with connection to master DNS, it should log the error.
 
OK, I have attached the relevant logs.

Now, I also moved onto the second DNS box. I installed bind on it, ran the setup for Slave DNS Manager, did the configuration for bind, of course restarted the service, ran the resync in Slave DNS Manager to make sure, and it copied the zones across. I am able to query the domains copied.

So, it looks like the conclusion is that there is something in cPanel DNS Only that is preventing the information from being copied over. Odd, because it's just meant to use bind...
 

Attachments

  • bind-log-dns.txt.zip
    272 bytes · Views: 3
  • bind-log-plesk.txt.zip
    26.4 KB · Views: 1
  • netstat-log-plesk.txt.zip
    25.5 KB · Views: 1
I just found this to try:
armagankaratosun.github.io

DNS Clustering with Plesk Windows & cPanel DNSONLY | Adventures of a System Admin: A Brief History

How to use Plesk Slave DNS Manager with cPanel DNSONLY Plesk and cPanel are the main tools for hosting platforms nowadays. While both of them are very good and solid in Linux, Plesk is the only option when it comes to Windows, so one may have to use both tools to manage his/her hosting servers...
armagankaratosun.github.io armagankaratosun.github.io

I hope this works, as my friend and I have a small hosting company. The governing body changed some things late last year, and our upstream domain provider changed their API package to comply with the changes. We are now unable to use 2 Name Server records with the same IP Address (ns1 and ns2 for cPanel. ns3 and ns4 for Plesk), so can no longer have them server their own DNS properly. It will work for currently set Name Server records, but they can't be set for new domains.
 
Excellent! Got 2 servers working now. Both Plesk (with Slave DNS Manager) and cPanel appear to sync records across to the 2 cPanel DNS Only.
 
You must log in or register to reply here.

Similar threads

N
Question Two Plesk Obsidian Linux Servers Master and Slave DNS
Replies
2
Views
555
Geisti
G
J
Question Plesk and cluster DNS
Replies
3
Views
20K
Peter Debik
P
A
Question Assistance Needed: Setting Up Reverse Proxy for Joplin Server on Plesk VPS
Replies
0
Views
923
alborworld
A
B
Question Reverse Proxy Setup: VPS + Mikrotik DDNS – Feeling Lost
Replies
0
Views
440
BTTech
B
F
Question Plesk Slave DNS & DNS Security
Replies
1
Views
1K
Peter Debik
P
Back
Top