• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Forwarded to devs DNS might generate an invalid zone file

H

H9k

Regular Pleskian
TITLE:
DNS might generate an invalid zone file
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk 17.5.3, Ubuntu 16.04, x64
PROBLEM DESCRIPTION:
It is possible to create TXT records that contain data that fails bind syntax check. On the next Bind restart, the zone gets unloaded and in Plesk there are no warnings about this, which means potentially that customers can make their domain unreachable after the zones hit expiry on the slave DNS servers.​
STEPS TO REPRODUCE:
Create TXT record with bogus data. In my case it was a 2048 bit DKIM record:
v=DKIM1; g=*; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGYevV+7cC/VszRnPWD8FbnKGCLpKyKK0OhFX2YIfoQyzlG/8MQErz/XuoyAeErrNSYaPMqtq9mTJFxrmUOp11ZBVRieB3RHIlcPeOe1qyMja0IJQAWhCdy4qgMLPRVSY6pJ5DeQ4XJRu/N2hqCQ8HGnWn3ni4kk2wLVssGX27UiXZKUN/+pyNXL1/ab5QUlPUYvN2aEGQ8bBfPm0I/WuCTVzr9fFDzsD+pk5Es2d4/CjUtnn/i2sv+gW8vle+Rsl8Xb6ztq0k0oFqHqVFSI1s2oBvslHddsOHojRbALSzuZR73kfLllVPeDRALNQ6qxq1bRV6DHwjOnzJI7uai8LQIDABAQ;

named-checkzone domain.tld /var/named/run-root/var/domain.tld
dns_rdata_fromtext: /var/named/run-root/var/domain.tld:26: syntax error
zone domain.tld/IN: loading from master file /var/named/run-root/var/domain.tld failed: syntax error
zone domain.tld/IN: not loaded due to errors.​
ACTUAL RESULT:
Plesk saves successfully, but Bind fails to reload the zone.
Apparently, my Bind does not support 2048 bit keys. Adding a 1024 bit key to the zone was fine.​
EXPECTED RESULT:
Maybe Plesk should run named-checkzone against the updated zone to check if it works fine.
named-checkzone <domain> /var/named/run-root/var/<domain>​
ANY ADDITIONAL INFORMATION:
Bind version 9.10.3.dfsg.P4-8ubuntu1.6
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
@H9k

That's actually an issue with BIND itself where the max number of characters allow for TXT entries is 255 characters. There is a work around that involves manually ending the zone record which is a moot point since Plesk will just overwrite the file when you go to update your DNS anyways.

I've already provided a suggested to the team and @IgorG is going to talk it over with the developers to get it implicated. Basically my suggestion is to have Plesk check the record to see if it's over 255 characters and if so to convert it into a multi-string since applications requesting records from the DNS records needs to see mutli-strings as 1 string (RFC1035, sections 3.3.14 and RFC4408, section 3.1.3).

In other words, something like:

Code: 
IN TXT "v=spf1 ..... first" "second string..."

will be treated as:

Code: 
IN TXT "v=spf1 .... firstsecond string..."

When the applications (such as an email server) will see the completed string.

For now, as a work around and if you have the ability to (which looks like you did already) is to use a 1024 bit key instead of a 2048 bit key. Another work around is to use a third party DNS server that does have support for mutistrings such as using the DNS server provided by your registrar (most registrar supports long strings as as I know, at least Google Domains did).
 
You must log in or register to reply here.

Similar threads

O
Resolved Plesk does not accept quotes for zone records
Replies
2
Views
851
AYamshanov
AYamshanov
N
Question Unknown DNS zone
Replies
11
Views
1K
tungvn
T
ilogus
Resolved Incoming email DKIM issue
Replies
4
Views
564
ilogus
ilogus
P
Forwarded to devs DKIM signing records/instructions are outdated
Replies
6
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
H.W.B
Issue DNSSEC with Ubuntu Problems
Replies
6
Views
3K
Kaspar@Plesk
Kaspar@Plesk
Back
Top