• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue DNSSEC timed out or failed

Lexz

Lexz

Basic Pleskian
Good afternoon,

Last week we tested the implementation of DNSSEC on our Plesk servers.
Almost everything seems to work fine, including our slave DNS (this is not a Plesk Server).

But when we run a DNS test on Zonemaster, DNSViz | A DNS visualization tool or DNSSEC Analyzer
We keep getting an error on our Plesk DNS. (see the screenshot). It seems that the DNS is not responding on the DNSKEY.
Someone can help us with this problem? I can send the testdomain in a private message if needed

dnssec test.png
 
Are there any other firewall/router that can block such traffic?
Looks like that something blocks UDP packets by size outside the server.
As a workaround, you may use the max-udp-size option set to 512 in the Bind's configuration file /var/named/chroot/etc/named.conf. It will limit the max UDP packets size sent by the server and force them over TCP. It is possible that some Global DNS themself do not even try to use TCP when UDP packets are blocked.
However, I recommend you search for a permanent fix of the issue by finding what blocks such packets outside the server (datacenter, internet provider, etc.) because such changes in the configuration file are just a workaround.
 
Hello IgorG.

Thank you very much for your answer!
I was thinking about the same options.

I'm going to ask my datacenter about the router configuration.
If I found the solution/problem, I will post it.


If there are other tips, let me know. ;)
 
You must log in or register to reply here.

Similar threads

Azurel
Issue DNSSEC do not add entries in DNS Settings?
Replies
3
Views
817
scsa20
scsa20
psxeu
Question DNSSEC - The TTL of the RRset exceeds the value of the Original TTL field of the RRSIG RR covering it
Replies
2
Views
495
psxeu
psxeu
K
Issue Bind9 issue - All Queries to ns2.xxx.com for xxx.in/DNSKEY timed out or failed
Replies
0
Views
1K
kartik
K
J
Resolved Can not add DS-records, domain is required field since update
Replies
3
Views
1K
Johndenkis
J
Ehud
Issue DNSSEC creation leaves website Zones/DNS unsigned, and it's not clear what is needed to be done
Replies
6
Views
3K
Pacifer
P
Back
Top