Question Plesk Email Security

[Ankebut]

Hello,
i have ordered now plesk email security under config check i show this message below, my question, what can I do that this notice does not come or can I just ignore it

DNS caching is disabled! Please use a local DNS server to improve SPAM recognition via blocklists (for instance with Plesk's DNS BIND server component or systemd-resolved).

 

[IgorG]

Try to do following if you really use local DNS server:

1. Create a backup of the /etc/named.conf file

# cp /etc/named.conf /etc/named.conf.back

2. Open the /etc/named.conf file via any text editor and make the following changes:

[BEFORE]

  options {
          allow-recursion {
                  localnets;
          };
  listen-on-v6 { any; };
          version "none";
          "/var";
          auth-nxdomain no;
          pid-file "/var/run/named/named.pid";
  };

  <...>

[AFTER]

  options {
          allow-recursion {
                  localnets;
          };
  allow-query-cache { localhost; any; }; <= this row was added
  listen-on-v6 { any; };
          version "none";
          "/var";
          auth-nxdomain no;
          pid-file "/var/run/named/named.pid";
  };

  <...>

3. Restart the DNS service:

• CentOS:
  # service named-chroot restart
• Debian/Ubuntu:
  # service bind9 restart

 

[mikamk]

Hello, Encountered the same problem, and added the line as instructed above to the /etc/named.conf and restarted,
however, "DNS caching is disabled! ..." warning still appears.

Noticed that in my /etc/named.conf file is "localhost" instead of above "localnets". Does that make difference related to this?

allow-recursion {
localhost;

 

[H.K]

sudo nano /etc/systemd/resolved.conf

uncomment cache and change to cache=yes

in my case i added dns server 1.1.1.1 and 1.0.01

and backup 8.8.8.8 and 8.8.4.4

 

[Ankebut]

sudo nano /etc/systemd/resolved.conf

uncomment cache and change to cache=yes

in my case i added dns server 1.1.1.1 and 1.0.01

and backup 8.8.8.8 and 8.8.4.4

can you please make screenshot from yours and must be start a service after change it?

 

[H.K]

# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details

[Resolve]
DNS=1.1.1.1 1.0.0.1
FallbackDNS=8.8.8.8 8.8.4.4
#Domains=
#LLMNR=yes
#MulticastDNS=yes
#DNSSEC=allow-downgrade
#DNSOverTLS=no
Cache=yes
#DNSStubListener=udp
~
~

 

[H.K]

systemd-resolve --statistics to see satistics

 

[H.K]

Sorry change
sudo nano /etc/resolv.conf

to

nameserver 127.0.0.53

my host ovh for example writes its own dns server here, this is host-related when installing OS than plesk. Then you will see the after

systemd-resolve --statistics

it working

DNSSEC supported by current servers: yes

Transactions
Current Transactions: 0
Total Transactions: 29

Cache
Current Cache Size: 16
Cache Hits: 4
Cache Misses: 25

DNSSEC Verdicts
Secure: 24
Insecure: 18
Bogus: 4
Indeterminate: 0

 

[H.K]

Guide here works

How to Setup a local DNS Caching Server on Linux?

DNS lookups are not normally something that you need to worry about. Sometimes you should! If your home or office's ISP has slow nameservers or your

geekflare.com

 

[obendev]

@H.K can you show the output of systemd-resolve --status please?
dig +short TXT 2.0.0.127.zen.spamhaus.org and host -tTXT 2.0.0.127.multi.uribl.com would be interesting, too.