Issue Issues with Plesk/bind configuring as master and slave nameserver

wasiwarez

wasiwarez

New Pleskian
Server operating system version
Ubuntu 24.04.3 LTS
Plesk version and microupdate number
18.0.72 Update Nr. 3
Hi everybody,

I'm trying to set up to servers as nameservers. The first one should be the master and the second should be the slave.
For privacy purposes I will use the ip x.x.x.x for the master and y.y.y.y for the slave.
I installed the slave dns manager on the master. I entered the ip of the master and the ip of the slave into the right fields.
When I finished this, I copied the generated code to the slave into the /etc/bind/named.conf.options. It looks like this:
Code: 
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        listen-on-v6 { any; };

        //Changes for secondary DNS server
        listen-on port 953 { 127.0.0.1; y.y.y.y; };
        allow-new-zones yes;
        //================================
};

//Chanages for secondary DNS server
key "rndc-key-x.x.x.x" {
  algorithm hmac-sha256;
  secret "SECRET";
};

controls {
    inet * port 953 allow { x.x.x.x; 127.0.0.1; } keys { "rndc-key-x.x.x.x"; };
};
//==================================
On the primary server I got an error.
rndc: connect failed: y.y.y.y#953: connection refused Error code: 1
I think it maybe that the slave is not listening on port 953.
netstat -anp4 | grep named will print this:
Code: 
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      7403/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      7403/named
tcp        0      0 85.215.52.97:53         0.0.0.0:*               LISTEN      7403/named
tcp        0      0 85.215.52.97:53         0.0.0.0:*               LISTEN      7403/named
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      7403/named
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      7403/named
udp        0      0 85.215.52.97:53         0.0.0.0:*                           7403/named
udp        0      0 85.215.52.97:53         0.0.0.0:*                           7403/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           7403/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           7403/named
Can anyone tell me how to fix this? I disabled the plesk firewall and also the server firewall from the hoster.
Thanks in advance.

Edit: If it matters, the OS of the slave is Ubuntu 22.04. Plesk is 8.0.72 Update Nr. 3.
 
Hi Kaspar,
this is the output:
Code: 
● named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2025-10-19 10:05:24 UTC; 3h 15min ago
       Docs: man:named(8)
    Process: 11156 ExecReload=/usr/sbin/rndc reload (code=exited, status=0/SUCCESS)
   Main PID: 7473 (named)
      Tasks: 8 (limit: 978)
     Memory: 19.2M
        CPU: 911ms
     CGroup: /system.slice/named.service
             └─7473 /usr/sbin/named -t /var/named/run-root -c /etc/named.conf -u bind -n 2

Oct 19 10:44:49 dev1000.wasiserver.de named[7473]: managed-keys-zone: Key 38696 for zone . is now trusted (acceptance timer complete)
Oct 19 10:44:51 dev1000.wasiserver.de named[7473]: zone wasiwarez.net/IN: sending notifies (serial 2025101909)
Oct 19 11:07:22 dev1000.wasiserver.de named[7473]: client @0x7f5a200104b8 109.236.61.23#57843 (vtb.com): query (cache) 'vtb.com/ANY/IN' denied (allow-query-cache did not match)
Oct 19 11:32:36 dev1000.wasiserver.de named[7473]: client @0x7f5a200104b8 71.6.146.186#60093 (direct.shodan.io): query (cache) 'direct.shodan.io/A/IN' denied (allow-query-cache did not match)
Oct 19 11:47:53 dev1000.wasiserver.de named[7473]: client @0x7f5a20019d28 185.247.137.125#39253 (2ygdt6gtnjx5q.optimal.dnscheck.internet-measurement.com): query (cache) '2ygdt6gtnjx5q.optimal.dnscheck.internet-measurement.com/A/IN' deni>
Oct 19 11:59:29 dev1000.wasiserver.de named[7473]: client @0x7f5a253323e8 193.163.125.81#21723 (example.com): query (cache) 'example.com/A/IN' denied (allow-query-cache did not match)
Oct 19 12:01:12 dev1000.wasiserver.de named[7473]: client @0x7f5a253323e8 87.121.84.23#34570 (wzb.eu): query (cache) 'wzb.eu/ANY/IN' denied (allow-query-cache did not match)
Oct 19 12:09:17 dev1000.wasiserver.de named[7473]: client @0x7f5a200104b8 192.210.187.83#46413 (hbtbank.com): query (cache) 'hbtbank.com/TXT/IN' denied (allow-query-cache did not match)
Oct 19 12:33:52 dev1000.wasiserver.de named[7473]: client @0x7f5a265b23b8 76.105.87.80#80 (sl): query (cache) 'sl/ANY/IN' denied (allow-query-cache did not match)
Oct 19 12:35:25 dev1000.wasiserver.de named[7473]: client @0x7f5a265b23b8 76.105.87.80#80 (sl): query (cache) 'sl/ANY/IN' denied (allow-query-cache did not match)
Thanks
 
Good, at least Bind is running :)

I suspect that you'll need to remove the listen-on port 953 { 127.0.0.1; y.y.y.y; }; option from the /etc/bind/named.conf.options file. There's no need define the listen port, as by default already listens on port 953.
 
OK, I removed this line. But by default it wasn't there. I added it while I was troubleshooting. And now, as I tested after removing the line, it hasn't changed a thing. The error message is the same. What's odd is, if I change the port from 953 to 53 in the configuration on the master, the error message changes to "rndc: recv failed: connection reset Error code: 1". So I'm assuming with port 953 somehow the connection is blocked and with the port 53 the connection succeeds and something else doesn't work.
 
You must log in or register to reply here.

Similar threads

F
Issue no External DNS
Replies
4
Views
2K
freebs
F
J
Issue apache2 proxy target - wrong ip-address
Replies
5
Views
6K
cmaxwell
C
Boas Simon
Resolved Dovecot IMAP issues with Plesk Premium Email (Kolab)
Replies
7
Views
14K
Kaspar@Plesk
Kaspar@Plesk
sundowatch
Resolved All docker ports are blocked
Replies
3
Views
4K
giovanni.lorenzini
G
webdig
Question Multiple servers in same nameserver
Replies
4
Views
2K
Tobias Sorensson
T
Back
Top