Question How is possible to allow dns updates(dyndns) on Plesk

[Toni Ruotsalainen]

I wanna do dyndns updates to Plesk, so I allowed updates from slave into /etc/named.conf. I managed to do dyndns update somehow, I can see updates by dig commands on Plesk but UI is showing still an old record and reboots didn't help either.

options {
allow-recursion {
localhost;
};
listen-on-v6 { any; };
version "none";
directory "/var";
auth-nxdomain no;
pid-file "/var/run/named/named.pid";
notify yes;
also-notify { 10.75.6.135 port 8054; };
allow-update {
10.75.6.135;
};
};

dig @10.75.6.249 dyndns.10plesk.tes A

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.8 <<>> @10.75.6.249 dyndns.10plesk.tes A
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41858
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;dyndns.10plesk.tes. IN A

;; ANSWER SECTION:
dyndns.10plesk.tes. 86400 IN A 30.30.30.100

But UI is showing old record..
dyndns.10plesk.tes. A 30.30.30.10

Any advise for this? How this can be done on Plesk?
thx a lot,
-Toni

 

[UFHH01]

Hi Toni Ruotsalainen,

you are missing the psa-database updates, which could be achieved with a cronjob and the command:

/usr/local/psa/admin/bin/dnsmng --update example.com​

For further possible commands for the "dnsmng - utility", pls. use:

/usr/local/psa/admin/bin/dnsmng --help​

 

[Toni Ruotsalainen]

Thanks, I did a testing a bit more and this is strange..
When I'm adding allow-update option, then Plesk UI is basically broken, Plesk is not accepting any changes and giving out old data. UI shows updated data but it's not in use..

----------------------
Here allow-update is commented and updates are working fine. Plesk and slaves are giving out the latest data.
options {
allow-recursion {
localnets;
};
listen-on-v6 { any; };
version "none";
directory "/var";
auth-nxdomain no;
pid-file "/var/run/named/named.pid";
notify yes;
also-notify { 10.75.6.135 port 8054; };
// allow-update { key plesk; };

};

Jul 7 10:24:37 localhost named[1928]: reloading zones succeeded
Jul 7 10:24:37 localhost named[1928]: all zones loaded
Jul 7 10:24:37 localhost named[1928]: running
Jul 7 10:24:37 localhost named[1928]: zone aaplesk130.tes/IN: loaded serial 2016070715
Jul 7 10:24:37 localhost named[1928]: zone aaplesk130.tes/IN: sending notifies (serial 2016070715)
Jul 7 10:24:37 localhost named[1928]: client 10.75.6.135#42162 (aaplesk130.tes): transfer of 'aaplesk130.tes/IN': AXFR-style IXFR started
Jul 7 10:24:37 localhost named[1928]: client 10.75.6.135#42162 (aaplesk130.tes): transfer of 'aaplesk130.tes/IN': AXFR-style IXFR ended
------------------------------------

Here allow update is in use and then UI changes are not propagated really in use. Plesk is giving out old data. and no helps with '/usr/local/psa/admin/bin/dnsmng --update' commands either..
key plesk {
algorithm hmac-md5;
secret "mFiBKK0KcNTd3d7xgC0hPA==";
};

options {
allow-recursion {
localnets;
};
listen-on-v6 { any; };
version "none";
directory "/var";
auth-nxdomain no;
pid-file "/var/run/named/named.pid";
notify yes;
also-notify { 10.75.6.135 port 8054; };
allow-update { key plesk; };

};

Jul 7 10:41:26 localhost named[1928]: automatic empty zone: 9.E.F.IP6.ARPA
Jul 7 10:41:26 localhost named[1928]: automatic empty zone: A.E.F.IP6.ARPA
Jul 7 10:41:26 localhost named[1928]: automatic empty zone: B.E.F.IP6.ARPA
Jul 7 10:41:26 localhost named[1928]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jul 7 10:41:26 localhost named[1928]: reloading configuration succeeded
Jul 7 10:41:26 localhost named[1928]: reloading zones succeeded
Jul 7 10:41:26 localhost named[1928]: all zones loaded
Jul 7 10:41:26 localhost named[1928]: running
-----------------------------------------------------------

Then again, if I will comment this allow-update and do the changes on UI, Plesk is working fine, it's giving out the latest data..
any ideas?
thx a lot,
-Toni

 

[UFHH01]

Hi Toni Ruotsalainen,

the correct usage would be:

key "plesk-key" {
   algorithm hmac-md5;
   secret "PLEASE_ADD_YOUR_OWN_AND_UNIQUE_KEY_HERE_AND_PLEASE_DONT_POST_IT_SOMEWHERE";
};
controls {
    inet * port 953 allow { <plesk_ip>; <another_plesk_ip>; 127.0.0.1; } keys {"rndc-key", "plesk-key"; };
};

And pls. don't forget to use

allow-new-zones yes;

in your "named.conf.local" - file.


Edit: Oh... and btw... the Plesk - devblog - Team wrote a nice article, which is very well written:

https://devblog.plesk.com/2013/10/slave-dns-and-plesk/​

 

[Toni Ruotsalainen]

Thx for help, RNDC is a bit approach what I'm thinking. I tought to add secondary(slave) by hand and allow updates from slave to plesk. Updates from Plesk to Slave are working fine without allow-update option.
http://www.zytrax.com/books/dns/ch7/xfer.html#allow-update
allow-update { key plesk; };
This is needed to add to master named.conf but now this option is somehow incompatible. Below zones this can't be added because Plesk is overwritten them and under option Plesk UI is getting broken.