• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Slave DNS Manager - Slave DNS not syncing

X

xdelios

Basic Pleskian
Hello,

I have the latest Plesk installed.
I installed the Slave DNS plugin in order to use an external vps for slave dns.

I have Centos 7 on my main server and installed Centos 7 on the slave dns vps.

Ok so I installed bind9 and followed all the instructions as the plugin suggested (added all required text to corresponded files). The connection shows as succesfull from the plugin.

Now I have 2 problems.
Firstly if I run a test at intodns.com for example it says that the slave DNS isnt responding.
Secondly if I change an example domain.com to slave dns it wont resolve. Shouldn't all records transfer automatically according the plugin ?

Any ideas on what is going on?

Regards,
George
 
AYamshanov said:
Hi xdelios,

Did you see Troubleshooting section: GitHub - plesk/ext-slave-dns-manager: The extension for managing a remote slave DNS server via rndc protocol (bind). ? It looks like the SELinux policy does not allow named to write any master zone database files.
Click to expand...

Hello,
Thank you for your reply.
I run rndc reload and got a success message on Slave DNS vps. Where can I check if the zones are indeed transferred?

Also any ideas on how can I fix the DNS is not responding error that intodns.com returns when I check?

Regards
 
I also get a strange error in named.run file

error (unexpected RCODE REFUSED) resolving 'domain/A/IN': IP1#53
client IP1#54936 (domain): query (cache) 'domain/AAAA/IN' denied

I have whitelisted the ips
 
For forcing sync: try to disable/enable DNS for domain inside Plesk Panel.

After force, on slave server:
- Check for new file(s) inside dirs '/var/named' or '/var/named/chroot/var/named/': ls -la /var/named /var/named/chroot/var/named/
- Check content of the new file(s)
- Check logs /var/log/messages

Be sure firewall not block traffic to between DNS servers and not block external traffic to DNS server.
 
I did try the enable/disable DNS for domains

Nothing changed and the messages in var/log show nothing, the file is empty
I have whitelisted the ips on both ends, both tcp and udp
 

Attachments

  • erpnext.gif
    erpnext.gif
    15.3 KB · Views: 21
hmm... ok, right now I creating a new virtual server with CentOS 7.3.1611 with absolutely default settings for DNS Slave and logs all my steps :)

CentOS7 only

1. update OS;
Code: 
yum update -y
[...] Complete!
2. check SELinux status:
Code: 
sestatus
SELinux status:                 disabled
3. start new kernel after update OS:
Code: 
reboot
4. install bind:
Code: 
yum install -y bind bind-utils
[...] Complete!
5. add option 'allow-new-zones' inside named.conf:
Code: 
sed -i 's/options {/options {\n        allow-new-zones yes;/;' /etc/named.conf
6. add section with master-key inside named.conf (change `secret`-key and `pleskIp` below):
Code: 
cat <<EOF >> /etc/named.conf

key "rndc-key-master" {
        algorithm hmac-md5;
        secret "secretKEYsecretKEYsecretKEY==";
};

controls {
        inet * port 953 allow { 188.x.y.z; 127.0.0.1; } keys { "rndc-key-master"; };
};

EOF
7. add write perminission for named for /var/named
Code: 
chmod g+w /var/named/
8. enable named service:
Code: 
systemctl enable named.service
9. start named service:
Code: 
systemctl start named.service
10. check current /var/log/messages
Apr 26 08:45:54 digitalocean yum[8668]: Installed: 32:bind-9.9.4-38.el7_3.3.x86_64
Apr 26 08:45:54 digitalocean yum[8668]: Installed: 32:bind-utils-9.9.4-38.el7_3.3.x86_64
Apr 26 08:49:54 digitalocean systemd: Starting Cleanup of Temporary Directories...
Apr 26 08:49:54 digitalocean systemd: Started Cleanup of Temporary Directories.
Apr 26 09:01:01 digitalocean systemd: Started Session 2 of user root.
Apr 26 09:01:01 digitalocean systemd: Starting Session 2 of user root.
Apr 26 09:15:39 digitalocean systemd: Reloading.
Apr 26 09:15:43 digitalocean systemd: Starting Generate rndc key for BIND (DNS)...
Apr 26 09:15:43 digitalocean generate-rndc-key.sh: Generating /etc/rndc.key:[ OK ]
Apr 26 09:15:43 digitalocean systemd: Started Generate rndc key for BIND (DNS).
Apr 26 09:15:43 digitalocean systemd: Starting Berkeley Internet Name Domain (DNS)...
Apr 26 09:15:43 digitalocean bash: zone localhost.localdomain/IN: loaded serial 0
Apr 26 09:15:43 digitalocean bash: zone localhost/IN: loaded serial 0
Apr 26 09:15:43 digitalocean bash: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Apr 26 09:15:43 digitalocean bash: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Apr 26 09:15:43 digitalocean bash: zone 0.in-addr.arpa/IN: loaded serial 0
Apr 26 09:15:43 digitalocean named[8769]: starting BIND 9.9.4-RedHat-9.9.4-38.el7_3.3 -u named
Apr 26 09:15:43 digitalocean named[8769]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--with-geoip' '--enable-ipv6' '--enable-filter-aaaa' '--enable-rrl' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-exportlib' '--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include' '--includedir=/usr/include/bind9' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--enable-fixed-rrset' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE'
Apr 26 09:15:43 digitalocean named[8769]: ----------------------------------------------------
Apr 26 09:15:43 digitalocean named[8769]: BIND 9 is maintained by Internet Systems Consortium,
Apr 26 09:15:43 digitalocean named[8769]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Apr 26 09:15:43 digitalocean named[8769]: corporation. Support and training for BIND 9 are
Apr 26 09:15:43 digitalocean named[8769]: available at Technical support for open source BIND DNS, Kea dhc and ISC DHCP software | Internet Systems Consortium
Apr 26 09:15:43 digitalocean named[8769]: ----------------------------------------------------
Apr 26 09:15:43 digitalocean named[8769]: adjusted limit on open files from 4096 to 1048576
Apr 26 09:15:43 digitalocean named[8769]: found 1 CPU, using 1 worker thread
Apr 26 09:15:43 digitalocean named[8769]: using 1 UDP listener per interface
Apr 26 09:15:43 digitalocean named[8769]: using up to 4096 sockets
Apr 26 09:15:43 digitalocean named[8769]: loading configuration from '/etc/named.conf'
Apr 26 09:15:43 digitalocean named[8769]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
Apr 26 09:15:43 digitalocean named[8769]: initializing GeoIP Country (IPv4) (type 1) DB
Apr 26 09:15:43 digitalocean named[8769]: GEO-106FREE 20160607 Build 1 Copyright (c) 2016 MaxMind
Apr 26 09:15:43 digitalocean named[8769]: initializing GeoIP Country (IPv6) (type 12) DB
Apr 26 09:15:43 digitalocean named[8769]: GEO-106FREE 20160607 Build 1 Copy
Apr 26 09:15:43 digitalocean named[8769]: GeoIP ...
[...]
Apr 26 09:15:43 digitalocean named[8769]: GeoIP ...
Apr 26 09:15:43 digitalocean named[8769]: using default UDP/IPv4 port range: [1024, 65535]
Apr 26 09:15:43 digitalocean named[8769]: using default UDP/IPv6 port range: [1024, 65535]
Apr 26 09:15:43 digitalocean named[8769]: listening on IPv4 interface lo, 127.0.0.1#53
Apr 26 09:15:43 digitalocean named[8769]: listening on IPv6 interface lo, ::1#53
Apr 26 09:15:43 digitalocean named[8769]: generating session key for dynamic DNS
Apr 26 09:15:43 digitalocean named[8769]: open: 3bf305731dd26307.nzf: file not found
Apr 26 09:15:43 digitalocean named[8769]: sizing zone task pool based on 6 zones
Apr 26 09:15:43 digitalocean named[8769]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Apr 26 09:15:43 digitalocean named[8769]: automatic empty zone: ...
[...]
Apr 26 09:15:43 digitalocean named[8769]: automatic empty zone: ...
Apr 26 09:15:43 digitalocean named[8769]: command channel listening on 0.0.0.0#953
Apr 26 09:15:43 digitalocean named[8769]: managed-keys-zone: loaded serial 0
Apr 26 09:15:43 digitalocean systemd: Started Berkeley Internet Name Domain (DNS).
Apr 26 09:15:43 digitalocean named[8769]: zone 0.in-addr.arpa/IN: loaded serial 0
Apr 26 09:15:43 digitalocean systemd: Reached target Host and Network Name Lookups.
Apr 26 09:15:43 digitalocean named[8769]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Apr 26 09:15:43 digitalocean systemd: Starting Host and Network Name Lookups.
Apr 26 09:15:43 digitalocean named[8769]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Apr 26 09:15:43 digitalocean named[8769]: zone localhost.localdomain/IN: loaded serial 0
Apr 26 09:15:43 digitalocean named[8769]: zone localhost/IN: loaded serial 0
Apr 26 09:15:43 digitalocean named[8769]: all zones loaded
Apr 26 09:15:43 digitalocean named[8769]: running
11. disable/enable DNS for domain; check logs again
Apr 26 09:22:33 digitalocean named[8769]: received control channel command 'refresh test-for-forum.com'
Apr 26 09:22:33 digitalocean named[8769]: received control channel command 'addzone test-for-forum.com { type slave; file "test-for-forum.com"; masters { 188.x.y.z; }; };'
Apr 26 09:22:33 digitalocean named[8769]: zone test-for-forum.com added to view _default via addzone
Apr 26 09:22:33 digitalocean named[8769]: zone test-for-forum.com/IN: Transfer started.
Apr 26 09:22:33 digitalocean named[8769]: transfer of 'test-for-forum.com/IN' from 188.x.y.z#53: connected using 138.a.b.c#36857
Apr 26 09:22:33 digitalocean named[8769]: zone test-for-forum.com/IN: transferred serial 2017042605
Apr 26 09:22:33 digitalocean named[8769]: transfer of 'test-for-forum.com/IN' from 188.x.y.z#53: Transfer completed: 1 messages, 15 records, 416 bytes, 0.005 secs (83200 bytes/sec)
Apr 26 09:22:33 digitalocean named[8769]: zone test-for-forum.com/IN: sending notifies (serial 2017042605)
12. check files in named directory ("3bf305731dd26307.nzf", "test-for-forum.com")
Code: 
ls -la /var/named
total 44
drwxrwx---   5 root  named 4096 Apr 26 09:22 .
drwxr-xr-x. 20 root  root  4096 Apr 26 08:45 ..
-rw-r--r--   1 named named  100 Apr 26 09:22 3bf305731dd26307.nzf
drwxrwx---   2 named named 4096 Apr 26 09:15 data
drwxrwx---   2 named named 4096 Apr 26 09:16 dynamic
-rw-r-----   1 root  named 2076 Jan 28  2013 named.ca
-rw-r-----   1 root  named  152 Dec 15  2009 named.empty
-rw-r-----   1 root  named  152 Jun 21  2007 named.localhost
-rw-r-----   1 root  named  168 Dec 15  2009 named.loopback
drwxrwx---   2 named named 4096 Apr 19 15:53 slaves
-rw-r--r--   1 named named  876 Apr 26 09:22 test-for-forum.com

13. Look inside "3bf305731dd26307.nzf":
Code: 
cat /var/named/3bf305731dd26307.nzf
zone "test-for-forum.com" { type slave; file "test-for-forum.com"; masters { 188.x.y.z; }; };
 
Last edited:
Hello,

In step 6 I change the fields needed exactly as given by the Plesk Slave DNS Manager extension.
I proceed through step 8 just to get error.

Code: 
[root@ns2 ~]# systemctl status named.service -l
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2017-04-26 05:57:22 EDT; 10s ago
  Process: 9315 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of  zone files is disabled"; fi (code=exited, status=1/FAILURE)

Apr 26 05:57:22 ns2.towerhost.gr systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
Apr 26 05:57:22 ns2.towerhost.gr bash[9315]: /etc/named.conf:64: unknown key 'rndc-key'
Apr 26 05:57:22 ns2.towerhost.gr systemd[1]: named.service: control process exited, code=exited status=1
Apr 26 05:57:22 ns2.towerhost.gr systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
Apr 26 05:57:22 ns2.towerhost.gr systemd[1]: Unit named.service entered failed state.
Apr 26 05:57:22 ns2.towerhost.gr systemd[1]: named.service failed.

Just to clarify I am following exactly what you wrote. Of course as I mentioned I changed the secret key and IP as supposed to.
 
Hello,

Ok I fixed the above error.
I started the service succesfully but my message log shows the bellow message at the very bottom.

Code: 
Apr 26 06:02:16 ns2 systemd: Started Berkeley Internet Name Domain (DNS).
Apr 26 06:02:16 ns2 named[9395]: zone 0.in-addr.arpa/IN: loaded serial 0
Apr 26 06:02:16 ns2 named[9395]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Apr 26 06:02:16 ns2 named[9395]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Apr 26 06:02:16 ns2 named[9395]: zone localhost.localdomain/IN: loaded serial 0
Apr 26 06:02:16 ns2 named[9395]: zone localhost/IN: loaded serial 0
Apr 26 06:02:16 ns2 named[9395]: all zones loaded
Apr 26 06:02:16 ns2 named[9395]: running
Apr 26 06:02:16 ns2 named[9395]: error (network unreachable) resolving './DNSKEY/IN': 2001:503:c27::2:30#53
Apr 26 06:02:16 ns2 named[9395]: error (network unreachable) resolving './NS/IN': 2001:503:c27::2:30#53
Apr 26 06:02:46 ns2 systemd: Started Session 7 of user root.
Apr 26 06:02:46 ns2 systemd-logind: New session 7 of user root.
Apr 26 06:02:46 ns2 systemd: Starting Session 7 of user root.
 
Ok so I did that.

Zone isnt created as you show in var directory.
What i get in logs now is the bellow message if I restart bind on Master server

Code: 
ns2 named[16834]: client MAINSERVERIP#38932: received notify for zone 'domainhere': not authoritative
 
Your MAINSERVERIP think that SlaveDNS is already configured. SlaveDNS do not know who is MAINSERVERIP and ignore it.

If you don't see new files inside /var/named, then try to force syncing transfer via disable/enable DNS for this domain. You should get new files inside /var/named and then go next.

---

Also, you can sync/exec rndc via ssh on Plesk server and check the output from rndc.

1. Delete zone from Slave DNS
Code: 
plesk# rndc -c /usr/local/psa/var/modules/slave-dns-manager/slave_138.a.b.c.conf delzone test-for-forum.com
plesk#
Apr 26 11:44:25 digitalocean named[8769]: received control channel command 'delzone test-for-forum.com'
Apr 26 11:44:25 digitalocean named[8769]: zone test-for-forum.com removed via delzone

2. Add zone to Slave DNS
Code: 
plesk# rndc -c /usr/local/psa/var/modules/slave-dns-manager/slave_138.a.b.c.conf addzone test-for-forum.com '{ type slave; file "test-for-forum.com"; masters { 188.x.y.z; }; };'
plesk#
Apr 26 11:44:30 digitalocean named[8769]: received control channel command 'addzone test-for-forum.com { type slave; file "test-for-forum.com"; masters { 188.x.y.z; }; };'
Apr 26 11:44:30 digitalocean named[8769]: zone test-for-forum.com/IN: loaded serial 2017042605
Apr 26 11:44:30 digitalocean named[8769]: zone test-for-forum.com added to view _default via addzone
Apr 26 11:44:30 digitalocean named[8769]: zone test-for-forum.com/IN: sending notifies (serial 2017042605)
 
I still cannot get it to work.

Ports are open and connection is allowed between the two ips. I still get the query cache denied error
 
I also tried as DO VPS as you did and still get the same problem. So I guess this points to a problem at my main (plesk) server.
 
In my case, i just stopped the bind service, clean all files at /var/lib/cache , start the bind again and click on Resync at Slave DNS extension at Plesk.
 
You must log in or register to reply here.

Similar threads

N
Question Two Plesk Obsidian Linux Servers Master and Slave DNS
Replies
2
Views
576
Geisti
G
C
Issue Slave DNS Manager
Replies
1
Views
242
AYamshanov
AYamshanov
enerspace
Forwarded to devs Slave DNS manager does not transfer subdomains
Replies
10
Views
2K
Dave W
Dave W
L
Resolved Can't Install Slave DNS Manager
Replies
6
Views
2K
Ladylinux
L
S
Issue After changing IP of a server, slave DNS manager stop to work
Replies
11
Views
2K
jsextl
J
Back
Top